In Brief

iPhone 'can be unlocked with £120 high street device'

Newspaper investigation reveals worrying flaw in Apple's security system

140716-apple.jpg

After the dispute between Apple and the FBI over unlocking iPhones, a £120 device has emerged on the market which can break the handset's security system in less than a day.

According to an investigation carried out by the Mail on Sunday, the IP Box can crack open an iPhone in six hours – leaving the FBI red-faced over its four-month attempts to try and open up a backdoor within iOS security.

The device, which can be ordered online and is also on sale in Sheffield, uses "brute force" tactics by going through all 10,000 possible combinations for the handset's passcodes while bypassing the feature that locks down the device if the incorrect code is entered too many times.

A video, separate to the Mail's investigation, shows how the IP Box works. [[{"type":"media","view_mode":"content_original","fid":"93099","attributes":{"class":"media-image"}}]]

The Mail tried out the device on an iPhone 5C, the same model used by the San Bernardino gunman, which the FBI had been trying to open since December, and "watched as it tried codes starting from 0000 upwards".

After six hours, the device lit up to signal it had successfully found the passcode, allowing the journalists access to all of the data on the device. Each attempt takes six seconds, meaning the iPhone could be unlocked in a time ranging from seconds to a maximum of 17 hours

The Mail's phone was running iOS 7, an Apple mobile operating system nearly two years old, while the gunman's phone had been updated to iOS 9. But experts claim similar devices can now hack iOS 9 phones in exactly the same manner - it's understood that the FBI used one of these.

The stockist of the IP Box told the newspaper: "There are certain scenarios where this kind of technology is needed to help people for the right reasons. It's not all bad". Many of the devices had been sold to families struck by sudden losses so sentimental photographs could be retrieved, he added.

Nevertheless, the emergence of the device – and upcoming versions geared to break phones using newer operating systems – should be worrying news for Apple. Softpedia says "it remains to be seen how fast Apple can patch this and make its phones secure again. Because without a doubt, that's what Apple should be doing already".

FBI drops court case against Apple after unlocking iPhone 

29 March

The FBI has dropped legal action against Apple after its agents bypassed security systems on a locked iPhone belonging to San Bernardino gunman Syed Rizwan Farook.

"In its two-page filing in a California magistrate's court, the government noted that due to outside assistance it 'no longer requires the assistance from Apple'," says USA Today.

The tech giant had resisted the FBI's demands for help in unlocking the phone, saying: "Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk."

Claiming it did not know how to gain access to the phone, the company said it hoped the US government would share with it "any vulnerabilities of the iPhone that might come to light", says the BBC.

The FBI has declined to comment on whether it will disclose the methods it used, nor has it revealed who helped it, although numerous reports suggest Israeli company Cellebrite may be responsible.

According to Cellebrite's website, its "UFED Series enables forensically sound data extraction, decoding and analysis techniques" to obtain existing and deleted data on devices such as the iPhone 5C model used by Farook.

"Cellebrite, a subsidiary of Japan's Sun Corp, has its revenue split between two businesses," says Reuters. One of them is "a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices".

Analysts believe that by accessing the data on the locked iPhone, the FBI has undermined Apple's security systems.

"Now this debate moves into more uncertain times," says Dave Lee, a BBC technology reporter. "The US government has knowledge of a security vulnerability that in theory weakens Apple devices around the world."

FBI 'may unlock San Bernardino iPhone without Apple'

22 March

Apple's row with the FBI over data encryption could be at an end after the agency said it may have found a way to unlock the iPhone used by San Bernardino gunman Syed Farook.

Tuesday's court hearing to determine if the tech giant should be forced to help break into the device has now been postponed at the request of the US Department of Justice.

Prosecutors said "an outside party" had shown the security services a method to unlock the phone, although further testing was required. "If the method is viable, it should eliminate the need for the assistance from Apple," said a court filing.

Farook and his wife, Tashfeen Malik, killed 14 people in San Bernardino, California, last December before being fatally shot by police. The FBI believes the phone may hold vital evidence but have not been able to circumvent its four-key passcode.

At their request, the Department of Justice obtained a court order directing Apple to create a backdoor feature the agency could use.

However, the tech giant has refused the FBI's demands, stressing that the company has a commitment to protect the data of its customers. Chief executive Tim Cook reaffirmed this at a keynote event near Apple's headquarters in California on Monday, saying Apple "will not shrink" from its responsibilities.

Lawyers for the company told reporters Apple did not know what method the FBI was planning to use to open the phone, but hoped the US government would share any vulnerabilities in the device.

According to the BBC's technology correspondent Dave Lee, the outside method could open a can of worms for many years to come. If the FBI reveals any security flaws, then Apple will fix them in the next update of its operating system, meaning it "could find itself back in court" with every new iteration.

Nor can the postponement be considered a victory for the company, he adds. If the method works, "the court case is irrelevant. The FBI gets what they need. But if it doesn't work, we'll find ourselves back here to resume the trial", says Lee.

The US government will update the court on 5 April.

Google and Amazon give their backing to Apple in FBI row

 

04 March

Google and Amazon have joined the list of online giants giving their support to Apple in its court battle with the FBI.

The US agency has demanded Apple helps unlock an iPhone used by San Bernardino killer Syed Rizwan Farook, who, with his wife, shot dead 14 people in December before being killed himself by police.

Now, 15 tech companies, including Facebook and Microsoft as well as Google and Amazon, have filed a joint amicus brief, a legal filing throwing their support behind the company as it prepares for a federal court battle with the US government later this month.

Twitter, Airbnb, LinkedIn and 13 other companies have also filed a separate joint amicus brief giving their backing to Apple, while Intel and AT&T submitted their own filings.

Data on Apple devices is encrypted by default, preventing anyone without the owner's four-digit passcode from accessing the handset's data. If ten incorrect attempts at the code are made, the device will automatically erase all of its data.

The FBI wants the tech giant to help it overcome this obstacle by changing the settings so unlimited attempts can be made and by introducing a way to speedily attempt different combinations and avoid tapping in each one manually.

Apple argues such a move would jeopardise customer trust it and create a backdoor for government agencies to access customer data.

"The government is not just asking companies to do what they do in the normal course of business; the government is asking companies to change how they do business," the companies said in their joint filing.

Apple rejects order to unlock San Bernardino gunman's phone

18 February

Apple has said it will challenge a court order instructing it to help FBI investigators access a phone that belonged to San Bernardino gunman Syed Rizwan Farook, who, with his wife, Tashfeen Malik, killed 14 people in San Bernardino, California, last December.

What is the FBI asking?

The FBI wants to unlock Farook's phone to look for evidence about the mass shootings on 2 December. They are trying to determine "to what extent married couple Syed Farook and Tashfeen Malik were influenced by radical Islamic terrorist groups, as well as who they had been communicating with before the shootings", says The Guardian.

Can it be done?

Since 2014, all data on Apple devices has been encrypted by default. Once locked, a user's passcode is required to access it and entering the incorrect code ten times will automatically erase the data. Changes to encryption coding, made in response to the Edward Snowden revelations, mean even Apple staff cannot access a user's private data. "Apple decided to enable encryption by default to avoid precisely this kind of ethical dilemma," says the BBC's Dave Lee. The FBI has asked Apple to alter the phone's settings so investigators can make unlimited attempts at the passcode without damaging the information stored on it. It will then use a "brute force" attack to try different code combinations in quick succession.

What are the implications?

Apple chief executive Tim Cook stressed that while the company has "no sympathy for terrorists", the FBI request "threatened the security of users" and had implications far beyond the legal case at hand. "We feel we must speak up in the face of what we see as an overreach by the US government," he said. Citing the FBI request to create a new version of the iPhone's operating system to get round security features, Cook claimed that, "in the wrong hands," this could be used to unlock "any iPhone in someone's physical possession". This amounts to the US government asking Apple to hack its own users, the tech firm says, a precedent it is unwilling to set.

Recommended

Are Republicans too late to derail Trump for 2024?
Donald Trump wraps himself in the American flag during CPAC 2020
The latest on . . .

Are Republicans too late to derail Trump for 2024?

California Covid variant ‘may be more infectious and deadly’
A nurse places a blanket over a Covid patient in San Jose, California
Getting to grips with . . .

California Covid variant ‘may be more infectious and deadly’

American Airlines confirms UFO encounter
American Airline jets
Tall Tales

American Airlines confirms UFO encounter

Apple’s acquisitions: legacy built on healthy business strategy
The Apple Store on Fifth Avenue in New York City
Behind the scenes

Apple’s acquisitions: legacy built on healthy business strategy

Popular articles

Best TV crime dramas to watch in 2021
Line of Duty series six returns to BBC One in 2021
In Depth

Best TV crime dramas to watch in 2021

Quiz of The Week
Boris Johnson chairs a session of the UN Security Council
Quizzes and puzzles

Quiz of The Week

Ten Things You Need to Know Today: 27 Feb 2020
10 Downing Street
Daily Briefing

Ten Things You Need to Know Today: 27 Feb 2020