The FBI may be backing off in its battle with Apple.
The Bureau has been trying to force Apple to write software to help it unlock an encrypted iPhone linked to a deceased terrorist. But it has now moved to vacate a court hearing that was due to take place on Tuesday.
In a court filing (below), the FBI says that it might now have a way to unlock the device that doesn't require Apple's help. On Sunday, "an outside party demonstrated to the FBI a possible method for unlocking [Syed] Farook's iPhone," the filing reads. The FBI will now carry out "testing" to see whether the method is "viable."
So who is this "outside party"? Right now, there's no indication — and the US Justice Department did not respond to a request for comment.
Forensic expert Jonathan Zdziarski has a theory — one that's akin to "cheating at Super Mario Bros."
Writing on his blog, Zdziarski points out that the FBI sometimes works with "contracted external forensics and data recovery labs": It's likely that one is involved here.
The method involved, he speculates, may involve copying the contents of the NAND memory, then overwriting it whenever defensive security mechanisms kick in — allowing the FBI to get past a limit on the number of incorrect passcodes that can be entered before the device wipes itself. Here's Zdziarski's possible explanation — emphasis ours:
Most of the tech experts I’ve heard from believe the same as I do – that NAND mirroring is likely being used to some degree to brute force the pin on the device. This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip. This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, they’re trying different pin combinations. It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.
This potential method has been discussed as an option of gaining access to the iPhone before — the ACLU published a blog post in early March in which it alleged the FBI's claim it needs Apple's help is "fraudulent."
Security vulnerabilities that haven't been disclosed or discussed publicly can be highly valuable. They're often called "zero days" (as the developer has "zero days" to deal with the issue once it has been discovered), and there's a thriving market for these exploits — security companies and government agencies are willing to pay researchers big bucks for new ways to break into devices and software. In 2015, security company Zerodium paid a whopping $1 million (£700,000) for a hack into iOS, Apple's mobile operating system. (It's not clear how much, if anything, the FBI paid its unnamed "outside party.")
The FBI will provide a report to the court on April 5, so we may get more information then. Zdziarski says he reckons "the two weeks the FBI has asked for are ... [for the external forensics company] to demonstrate, and possibly sell, the technique to FBI by means of a field test on some demo units."
