By Eric Beasley
As the resident tech expert here at A Miner Detail, I’ve been covering the ongoing Apple v. FBI saga, which has come to an abrupt and not surprising end. Let me tell you why, in easy to understand terms.
The FBI has dropped their suit against Apple for assistance in decrypting the Government iPhone possessed by one of the San Bernadino shooters. Why? According to CNET:
The US Department of Justice, with the help of a third party, has successfully accessed data on a phone used by a terrorist in December’s attack in San Bernardino, California, the agency revealed in a court filing Monday.
The rumor mill in tech circles has been spinning about who this third party is, how they did it, and what this means for your personal security. So let me break this down for you.
First, who is the mystery third party? Right now the buzz indicates that Cellebrite, an Israeli company that specializes in cell phones made this possible. They make numerous products used by law enforcement and the military to unlock and copy data off of mobile devices.
Tech Talk: This does not surprise me, nor should it surprise you. There is absolutely nothing in the technology world that is immune from some sort of hack or security bypass. There are two possible scenarios for how Cellebrite was able to crack the iPhone: 1. After this saga started, the company realized that they had a huge opportunity for increased business. They took their hackers, put them in a dark basement, and supplied them with an infinite amount of Cheetos and Mountain Dew, with the explicit instructions to find a work-around. After some time, they discovered a Zero-Day vulnerability unknown to Apple that allows them to bypass the security features. 2. Another, and more likely scenario, is that Cellebrite developed a technique for mapping the machine code on the device and identify the memory sector used to verify the password. This is the technique that John McAfee proposed to do for free. For the end user, this means very little. Your average identity theft syndicate is not going to have access to this technology. Even a well-funded and organized criminal syndicate will not be able to do this.
TECH TALK UPDATE: It was pointed out to me by my tech savy friends that I missed a third possibility. The FBI could have desoldered the memory chips from the phone and copied the contents onto a new phone, then performed the desired brute force password guess attack. While this is plausible and technically sound, I have strong doubts this is what happened for a few reasons: 1. To guess every password combination, you would be bricking a lot of phones in the process. If it was a 4 digit combination, that's 10,000 possibilities and you would need 1,000 phones (10 guesses per dummy phone). The number of required phones increases exponentially in relation to the length of the combination. 2. I doubt the FBI would hand over the phone to a foreign company, even an allied country. 3.I doubt that the FBI has the technical ability to perform the desoldering and data copying. To be fair, the tasks could have been performed by another agency or a contractor.
Translation: Nothing on a computer is safe. It is possible that Cellebrite has discovered a way to bypass Apple’s security measures. Look for a update to be pushed out the second that Apple figures out how this was accomplished.
While your iPhone might be safe from criminals, what about the Government? Well, that’s the million dollar question. I honestly do not know. To answer that question fully, I would need to see the full details of the exploit and how the data was accessed.
If they used method #1, then every iPhone could be decrypted by the FBI with ease, as long as they had physical possession of the device. If they used method #2, the FBI would be unable to reproduce the exploit. The ability to read machine code (1’s and 0’s) is a unique skill possessed by very few IT professionals, and the FBI cannot afford any of them. Considering the strong pro-privacy beliefs of most IT folks, I could also see most of them refusing to perform that service.
The best news to come out of this entire story is that the FBI will no longer be actively attempting to coerce a private business to circumvent our Constitutional Rights. The bad news? The FBI may possess the technology to bypass iPhone security.
Oh yeah, almost forgot, #TaxationIsTheft.
Eric is a former officer in the Republican Club of Frederick County and Frederick County Republican Central Committee between 2015 and 2018. Former guest host on WFMD and showrunner on WTHU. Avid gardener and food preserver. Graduated from Libertarianism to Anarchism as the corruption level in the state requires us to start over from scratch.