iPhone 'can be unlocked with £120 high street device'
Newspaper investigation reveals worrying flaw in Apple's security system
After the dispute between Apple and the FBI over unlocking iPhones, a £120 device has emerged on the market which can break the handset's security system in less than a day.
According to an investigation carried out by the Mail on Sunday, the IP Box can crack open an iPhone in six hours – leaving the FBI red-faced over its four-month attempts to try and open up a backdoor within iOS security.
The device, which can be ordered online and is also on sale in Sheffield, uses "brute force" tactics by going through all 10,000 possible combinations for the handset's passcodes while bypassing the feature that locks down the device if the incorrect code is entered too many times.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A video, separate to the Mail's investigation, shows how the IP Box works. [[{"type":"media","view_mode":"content_original","fid":"93099","attributes":{"class":"media-image"}}]]
The Mail tried out the device on an iPhone 5C, the same model used by the San Bernardino gunman, which the FBI had been trying to open since December, and "watched as it tried codes starting from 0000 upwards".
After six hours, the device lit up to signal it had successfully found the passcode, allowing the journalists access to all of the data on the device. Each attempt takes six seconds, meaning the iPhone could be unlocked in a time ranging from seconds to a maximum of 17 hours
The Mail's phone was running iOS 7, an Apple mobile operating system nearly two years old, while the gunman's phone had been updated to iOS 9. But experts claim similar devices can now hack iOS 9 phones in exactly the same manner - it's understood that the FBI used one of these.
The stockist of the IP Box told the newspaper: "There are certain scenarios where this kind of technology is needed to help people for the right reasons. It's not all bad". Many of the devices had been sold to families struck by sudden losses so sentimental photographs could be retrieved, he added.
Nevertheless, the emergence of the device – and upcoming versions geared to break phones using newer operating systems – should be worrying news for Apple. Softpedia says "it remains to be seen how fast Apple can patch this and make its phones secure again. Because without a doubt, that's what Apple should be doing already".
FBI drops court case against Apple after unlocking iPhone
29 March
The FBI has dropped legal action against Apple after its agents bypassed security systems on a locked iPhone belonging to San Bernardino gunman Syed Rizwan Farook.
"In its two-page filing in a California magistrate's court, the government noted that due to outside assistance it 'no longer requires the assistance from Apple'," says USA Today.
The tech giant had resisted the FBI's demands for help in unlocking the phone, saying: "Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk."
Claiming it did not know how to gain access to the phone, the company said it hoped the US government would share with it "any vulnerabilities of the iPhone that might come to light", says the BBC.
The FBI has declined to comment on whether it will disclose the methods it used, nor has it revealed who helped it, although numerous reports suggest Israeli company Cellebrite may be responsible.
According to Cellebrite's website, its "UFED Series enables forensically sound data extraction, decoding and analysis techniques" to obtain existing and deleted data on devices such as the iPhone 5C model used by Farook.
"Cellebrite, a subsidiary of Japan's Sun Corp, has its revenue split between two businesses," says Reuters. One of them is "a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices".
Analysts believe that by accessing the data on the locked iPhone, the FBI has undermined Apple's security systems.
"Now this debate moves into more uncertain times," says Dave Lee, a BBC technology reporter. "The US government has knowledge of a security vulnerability that in theory weakens Apple devices around the world."
FBI 'may unlock San Bernardino iPhone without Apple'
22 March
Apple's row with the FBI over data encryption could be at an end after the agency said it may have found a way to unlock the iPhone used by San Bernardino gunman Syed Farook.
Tuesday's court hearing to determine if the tech giant should be forced to help break into the device has now been postponed at the request of the US Department of Justice.
Prosecutors said "an outside party" had shown the security services a method to unlock the phone, although further testing was required. "If the method is viable, it should eliminate the need for the assistance from Apple," said a court filing.
Farook and his wife, Tashfeen Malik, killed 14 people in San Bernardino, California, last December before being fatally shot by police. The FBI believes the phone may hold vital evidence but have not been able to circumvent its four-key passcode.
At their request, the Department of Justice obtained a court order directing Apple to create a backdoor feature the agency could use.
However, the tech giant has refused the FBI's demands, stressing that the company has a commitment to protect the data of its customers. Chief executive Tim Cook reaffirmed this at a keynote event near Apple's headquarters in California on Monday, saying Apple "will not shrink" from its responsibilities.
Lawyers for the company told reporters Apple did not know what method the FBI was planning to use to open the phone, but hoped the US government would share any vulnerabilities in the device.
According to the BBC's technology correspondent Dave Lee, the outside method could open a can of worms for many years to come. If the FBI reveals any security flaws, then Apple will fix them in the next update of its operating system, meaning it "could find itself back in court" with every new iteration.
Nor can the postponement be considered a victory for the company, he adds. If the method works, "the court case is irrelevant. The FBI gets what they need. But if it doesn't work, we'll find ourselves back here to resume the trial", says Lee.
The US government will update the court on 5 April.
Google and Amazon give their backing to Apple in FBI row
04 March
Google and Amazon have joined the list of online giants giving their support to Apple in its court battle with the FBI.
The US agency has demanded Apple helps unlock an iPhone used by San Bernardino killer Syed Rizwan Farook, who, with his wife, shot dead 14 people in December before being killed himself by police.
Now, 15 tech companies, including Facebook and Microsoft as well as Google and Amazon, have filed a joint amicus brief, a legal filing throwing their support behind the company as it prepares for a federal court battle with the US government later this month.
Twitter, Airbnb, LinkedIn and 13 other companies have also filed a separate joint amicus brief giving their backing to Apple, while Intel and AT&T submitted their own filings.
Data on Apple devices is encrypted by default, preventing anyone without the owner's four-digit passcode from accessing the handset's data. If ten incorrect attempts at the code are made, the device will automatically erase all of its data.
The FBI wants the tech giant to help it overcome this obstacle by changing the settings so unlimited attempts can be made and by introducing a way to speedily attempt different combinations and avoid tapping in each one manually.
Apple argues such a move would jeopardise customer trust it and create a backdoor for government agencies to access customer data.
"The government is not just asking companies to do what they do in the normal course of business; the government is asking companies to change how they do business," the companies said in their joint filing.
Apple rejects order to unlock San Bernardino gunman's phone
18 February
Apple has said it will challenge a court order instructing it to help FBI investigators access a phone that belonged to San Bernardino gunman Syed Rizwan Farook, who, with his wife, Tashfeen Malik, killed 14 people in San Bernardino, California, last December.
What is the FBI asking?
The FBI wants to unlock Farook's phone to look for evidence about the mass shootings on 2 December. They are trying to determine "to what extent married couple Syed Farook and Tashfeen Malik were influenced by radical Islamic terrorist groups, as well as who they had been communicating with before the shootings", says The Guardian.
Can it be done?
Since 2014, all data on Apple devices has been encrypted by default. Once locked, a user's passcode is required to access it and entering the incorrect code ten times will automatically erase the data. Changes to encryption coding, made in response to the Edward Snowden revelations, mean even Apple staff cannot access a user's private data. "Apple decided to enable encryption by default to avoid precisely this kind of ethical dilemma," says the BBC's Dave Lee. The FBI has asked Apple to alter the phone's settings so investigators can make unlimited attempts at the passcode without damaging the information stored on it. It will then use a "brute force" attack to try different code combinations in quick succession.
What are the implications?
Apple chief executive Tim Cook stressed that while the company has "no sympathy for terrorists", the FBI request "threatened the security of users" and had implications far beyond the legal case at hand. "We feel we must speak up in the face of what we see as an overreach by the US government," he said. Citing the FBI request to create a new version of the iPhone's operating system to get round security features, Cook claimed that, "in the wrong hands," this could be used to unlock "any iPhone in someone's physical possession". This amounts to the US government asking Apple to hack its own users, the tech firm says, a precedent it is unwilling to set.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Teenage girl kills 2 in Wisconsin school shooting
Speed Read 15-year-old Natalie Rupnow fatally shot a teacher and student at Abundant Life Christian School
By Peter Weber, The Week US Published
-
Pig butchering: one of the world's fastest growing scams
In the Spotlight Beijing is cracking down on the crypto con but this has only pushed it worldwide
By Chas Newkey-Burden, The Week UK Published
-
FBI: US violent crime falls again, hits pre-Covid levels
Speed Read A wide-ranging report found that violent crime dropped 3% in the last year, while murder dropped 11.6%
By Peter Weber, The Week US Published
-
Unlicensed dealers and black market guns
Speed Read 68,000 illegally trafficked guns were sold in a five year period, said ATF
By Peter Weber, The Week US Published
-
Uvalde parents want indictments after DOJ's scathing school shooting report
Speed Read The Justice Department's damning review of the May 2022 school shooting in Texas details 'cascading failures,' but families of the victims want justice
By Peter Weber, The Week US Published
-
Why police are downing firearms after the Chris Kaba murder charge
The Explainer Army drafted in after scores of armed Met officers 'revolt' over charging of colleague
By The Week Staff Published
-
Why have the JFK assassination files been kept secret for so long?
In Depth Joe Biden is set to finally release thousands of documents this week despite pressure from CIA and FBI
By The Week Staff Published
-
Was attempted FBI break-in linked to the Donald Trump Mar-a-Lago raid?
Speed Read A 42-year-old man was killed after reportedly trying to enter an FBI office in Ohio
By Amrita Gill Published