The FBI has reportedly bypassed the security on the Pensacola mass shooter’s iPhone [Updated]

After trying to force Apple to unlock a pair of passcode-locked iPhones, a new report suggests that the Federal Bureau of Investigation has managed to bypass at least one of the iPhones used by the Pensacola mass shooter without Apple’s help.

Update: Apple has offered an official statement on the matter, following the FBI’s comments made today. I’ve gone ahead and quoted the company just below:

The terrorist attack on members of the US armed services at the Naval Air Station in Pensacola, Florida was a devastating and heinous act. Apple responded to the FBI’s first requests for information just hours after the attack on December 6, 2019 and continued to support law enforcement during their investigation. We provided every piece of information available to us, including iCloud backups, account information and transactional data for multiple accounts, and we lent continuous and ongoing technical and investigative support to FBI offices in Jacksonville, Pensacola and New York over the months since.

On this and many thousands of other cases, we continue to work around-the-clock with the FBI and other investigators who keep Americans safe and bring criminals to justice. As a proud American company, we consider supporting law enforcement’s important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.

It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor — one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.

Customers count on Apple to keep their information secure and one of the ways which we do so is by using strong encryption across our devices and servers. We sell the same iPhone everywhere, we don’t store customers’ passcodes  and we don’t have the capacity to unlock passcode-protected devices. In data centers, we deploy strong hardware and software security protections to keep information safe and to ensure there are no backdoors into our systems. All of these practices apply equally to our operations in every country in the world.

The original article continues below.

This comes from a report on Monday from CNN, saying that the FBI has managed to gain access to one of the two iPhones used by Mohammed Saeed Alshamrani, the mass shooter that opened fire at a Naval Air Station in Pensacola, Florida, last year. The FBI was unable to access either one of the iPhones for months.

However, months later it sounds like the FBI has bypassed one of the handsets. As a result of that, the agency says it has discovered ties to the terrorist organization known as al Qaeda:

US investigators uncovered the al Qaeda connection after the FBI broke through the encryption protecting the Saudi attacker’s iPhones, the officials said. Attorney General William Barr and the FBI are expected to announce the finding Monday in a news conference.
Mohammed Alshamrani, a member of the Royal Saudi Air Force who had been training at Naval Air Station Pensacola, was killed by law enforcement during the attack.
A breakthrough on the shooter’s phone encryption for now temporarily disarms a standoff between the Justice Department and Apple over national security and the limits of encryption and privacy. The government has complained in recent years that stronger encryption, without the ability of law enforcement to get court-ordered access to data, endangers the public.
For its part, Apple did provide the FBI with iCloud data related to Alshamrani, but, as is par for the course, the company refused to go beyond that, and would not provide any specific means for the policing agency to bypass the security implementation on the handsets. This was one of Apple’s statements on the matter at the time:

We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations. When the FBI requested information from us relating to this case a month ago, we gave them all of the data in our possession and we will continue to support them with the data we have available.

The company would later to go on and decry the implementation of any kind of backdoor, an element to Apple’s software and hardware that the FBI, and other organizations, want the company to implement. The company has stated numerous times that a backdoor isn’t “just for the good guys”, and it would make it possible for nefarious individuals and groups to access devices.

We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data

This entire situation led to a lot of back-and-forth between the Justice Department, specifically the United Stated Attorney General William Barr, and Apple. In January the U.S. AG asked Apple, in plain terms, to assist the government in accessing both of the mass shooter’s iPhones. However, a day later and Apple was already denying the “public request”.

In January there was a report from The New York Times that outlined how some of the requests from the federal government and policing agencies have been mostly about raising a public concern over end-to-end encryption and not so much anything else. The reason being, according to the report, the majority of the requests are targeting older iPhones, all of which are “easier to crack” as described by experts on the matter. In this case, the Pensacola mass shooter was using an iPhone 5 and an iPhone 7.

And that trend certainly continued today, as U.S. AG Barr detailed –as much as he could– the unlocking “process” without the assistance of Apple. FBI Director Christopher Wray, for example, criticized the company for wasting precious resources and time (via The Verge):

Public servants, already swamped with important things to do to protect the American people — and toiling through a pandemic, with all the risk and hardship that entails — had to spend all that time just to access evidence we got court-authorized search warrants for months ago.

And, of course, U.S. AG Barr weighed in on Apple’s lack of assistance, or, what he perceives is Apple’s lack of assistance, saying it has “dangerous consequences”, and echoing the backdoor claim yet again.

Apple’s decision has dangerous consequences for the public safety and the national security and is, in my judgement, unacceptable. Apple’s desire to provide privacy for its customers is understandable, but not at all costs. There is no reason why companies like Apple cannot design their consumer products and apps to allow for court-authorized access by law enforcement, while maintaining very high standards of data security. Striking this balance should not be left to corporate board rooms.

Apple appears to be holding firm in this regard. It relies on personal security and user privacy in a means to differentiate itself in the busy smartphone/personal technology markets. End-to-end encryption is a big deal for Apple, among other security elements, and it does not appear Apple will be giving up on that ideal anytime soon.