How the FBI Cracked the Case of the Locked iPhone
Remember the Apple versus the FBI case? Here's how the FBI cracked the iPhone.
Not long ago I wrote about the ongoing battle between Apple and the FBI. If you’re not familiar with the war that is being waged between the two of them, I recommend checking out this article to get up to speed.
The Legal Battle
Since that last post, there has been a legal deadlock between Apple and the FBI. A judge ruled that Apple had to help the FBI unlock the phone, which Apple followed up by filing an appeal. It was believed that this process would draw out all of the legal proceedings for some time, and then, in a huge twist this last Monday (March 21, 2016), the FBI made a statement that it had found a possible third party that would be able to unlock the iPhone 5c.
What’s interesting about this is that Apple was given less than 24 hours of notice before their court date scheduled for the next day, Tuesday March 22nd. It was at this point that Internet speculation imploded, with everyone trying to come up with explanations as to what was going on. It was soon discovered that the FBI was presented with a method of unlocking the phone by another company (ie, not Apple).
The Israeli Security Firm
The next question is: who was capable of unlocking this iPhone and how? According to Reuters, Cellebrite, a forensic software company based in Israel, was tasked by the FBI to break into the iPhone in question.
Cellebrite specializes in breaking into many different types of mobile devices for police and military applications. It’s not a surprise that a company with their reputation would have some technology to break into an iPhone. What is surprising though is that they can break such a current version of the operating system.
Generally speaking as devices and operating systems get older, more and more people find vulnerabilities in them. Old devices and operating systems like iOS 8 have a handful of known ways that hackers can break into them. However in this case the terrorist’s iPhone was a model 5c with a fairly current operating system iOS 9.0.
How Did They Do It?
The big question in everyone’s mind is how they broke into the iPhone. There are many theories. The one that seems to be most likely is an attack called NAND mirroring. NAND is the type of memory in many phones and portable electronic devices. You can think of it like the hard drive.
The FBI is worried that they only have 10 password attempts before the phone wipes itself clean. In order to get around this, Cellebrite is theorized to copy the encrypted data on the phone to another computer, try a couple of passcodes, then copy the original data back and try again.
It’s easier if you think about it like an etch a sketch. You try a couple of times, then once you’ve messed up, you can shake it and it goes back to how it was originally. You can then repeat this process many times over and over until you get into the phone. If you want to see the hack in action and have more technical details, you can check that out here.