On Wednesday, FBI Director James Comey told a group at Kenyon College in Ohio that the U.S. government had purchased "a tool" from a private party in order to unlock an iPhone used by a man who shot and killed 14 people in San Bernardino, Calif., in December.
The announcement came about a week after the agency announced they had been able to “unlock” the phone without the help of its manufacturer, Apple.
The FBI and Apple were set to go to court where the Justice Department had hoped a judge would force Apple to show them how to bypass a password security system that would allow them access to information on the phone.
The case was dropped after the FBI announced it had help from a third party in bypassing the phone security system.
Here’s what we know about the hack, if the government is going to share the info and which phones are vulnerable.
What happened?
Law enforcement officials recovered an iPhone believed to have belonged to Syed Farook, the man who shot and killed 14 co-workers in San Bernardino in December.
FBI officials asked Apple to help them get information from the phone they could to aid in the investigation into the shootings.
Why the FBI initially couldn’t retrieve the information
The FBI asked for help from Apple to access the information on Farook’s iPhone because a security feature within the phone allows only 10 tries to retrieve a password before the information on the phone is erased. The FBI uses a method called a "brute-force attack," or trying random codes until the right code is entered and a device is “unlocked.” However, the odds are it would have taken more than 10 attempts to hit the correct password on the iPhone.
What they used to get in
No one outside of the FBI and the person who provided the “tool” to get past the password security knows what was used. Whatever it was, allowed unlimited tries to guess the password without the threat of the information on the phone being erased. The FBI also had to deal with a related Apple security feature that introduces increasing time delays between guesses. Comey has said after the FBI was able to remove the password security features, the agency was able to break into the phone in 26 minutes.
Many in the tech world believe it will only be a matter of time before the hack is revealed. Apple engineers are said to be working on a “patch,” or a software upgrade, that will fix the issue that allowed the phone’s security to be circumvented.
Why Apple didn’t help
Apple said this in a statement after the FBI announced it was able to gain access to the phones information:
"From the beginning, we objected to the FBI's demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government's dismissal, neither of these occurred. This case should never have been brought.
We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.
Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.
This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion."
What the FBI did and maybe shouldn’t have done
For nearly 20 years, the U.S. government has recommended that its intelligence agencies work confidentially with a software manufacturer before revealing a security problem with a product. This measure is generally used so that a company – or the country’s economy – is not damaged. The FBI seems to have disregarded that recommendation with its announcement.
The Associated press quoted an April 2014 statement from the Office of the Director of National Intelligence that said, "When federal agencies discover a new vulnerability in commercial and open source software — a so-called 'zero day' vulnerability because the developers of the vulnerable software have had zero days to fix it — it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose,"
What the FBI isn’t going to do
The FBI says it is still considering whether to let Apple know what they used to bypass the security systems. "We tell Apple, then they're going to fix it, then we're back where we started from," Comey said. "We may end up there, we just haven't decided yet."
In the meantime, the FBI sent a letter to law enforcement agencies, that, according to Reuters, offers help in hacking devices.
“As has been our longstanding policy, the FBI will, of course, consider any tool that might be helpful to our partners,” the letter read. “Please know that we will continue to do everything we can to help you consistent with our legal and policy constraints. We are in this together.
Is your phone safe?
Comey said the tool the agency purchased worked only on a "narrow slice of phones" -- specifically the iPhone 5C running the iOS9 operating system. It does not work on the 5S or the newest Apple models, the director said.
Sources: The Associated Press; Reuters; Fox News; National Public Radio
About the Author