A U.S. judge thinks a recovered iPhone holds information necessary to the ongoing investigation of December’s San Bernardino shooting spree.
The magistrate has ordered Apple to load software into the phone that bypasses security measures, namely the feature that deletes the phone’s contents after too many incorrect password attempts, according to the Associated Press. This means that Apple isn’t going to crack the phone itself, just allow the FBI to attempt to enter as many passwords as they want, without the fear of deleting any data. The recovered phone is an iPhone 5c.
Federal prosecutors cannot access the alleged shooter’s county-owned work phone because they don’t know the password. To enter a large number of passwords with the hope of eventually guessing the right one is called a brute-force attack, a common tool in a security expert’s tool belt (or a hacker’s).
For regular users, this a larger fight. If the government is able to make Apple give up this user’s data, regardless of circumstances, it sets a dangerous precedent for other cases in the future. Other federal cases where iPhones are involved could demand the same software to help crack the information.
Also, once the FBI has this operating system with a back door, it may highlight a vulnerability they could exploit themselves in the future. That raises privacy concerns about how much information the government can collect on any individual, regardless of legal situation.
The FBI has been trying to crack the phone’s password for two months, according to FBI director James Comey, who denounced encryption without back doors at a Senate Intelligence Committee hearing last week.
Apple has claimed they themselves aren’t able to crack iPhones running iOS 8 or 9 (the most current operating system). They have not commented on whether they’re able to load the requested software, either.
However, security expert Nick Weaver told Wired that there are still a few ways to crack an iPhone without needing a back door, including spoofing the fingerprint reader, getting a warrant for iCloud backups, or even questioning Siri. These methods were likely not used in this case, as most of Weaver’s techniques are unusable after a short period of time or if the phone is rebooted. However, it does show that iPhones are not without their own security flaws.
Apple will have five days to respond to the court order, and can deny if the task would be “unreasonably burdensome,” according to NBC.