Apple’s executives said that the methods the FBI are ordering it to use in bypassing the iPhone’s security could be used as a template or master key that could unlock more devices in the future. The FBI’s original order and the subsequent government filings have consistently stated that the kinds of access it is looking for would be limited to this single device.
The executives said that they were speaking about these details openly now because the filing from earlier today included numerous additional pieces of information, and characterized Apple’s refusal to comply with the order as a “marketing strategy”. A previous confidentiality agreement that Apple had been under prevented them from speaking of these details, but the public brief that the DOJ filed today openly talked about these items.
The executives also reiterated that they abhor terrorism, but that have opposed the order because they care deeply about protecting the safety of the majority of people who are not terrorists.
On the call today, a senior Apple executive said that they had been communicating with the government since January and had posed several different ways to get the information that the FBI says it needs. Those methods were rendered moot, said the executive, when the Apple ID password to the attacker’s account was changed less than 24 hours after the government took possession of the phone.
One such method involved utilizing a feature of iOS that connects to known WiFi networks to access the data on the device. During the attempts to leverage this method, the discovery was made that the Apple ID password had been changed while in government custody. The reset may have been performed by Farook’s employer, the San Bernardino County public health department, according to the DOJ filing.
Because the Apple ID password had been changed, the iPhone could not auto backup to iCloud, providing a new backup that Apple could access to extract the information that the FBI was after.
Apple has already complied with requests for access to iCloud backups of the device, which can be accessed even though the iPhone itself is locked and encrypted with a passcode. The last backup was performed on October 19th, 2015, several weeks before the attack was carried out. It is important to note, however, that since the Apple ID password had been changed, there is no way to tell whether Farook manually disabled the iCloud backups or not. The backups were apparently sporadic, which Apple believes left the door open for the possibility that they were not explicitly disabled.
The government’s request hinges on the information between the October 19th date and the date of the incident. In other words, if Apple could have triggered an iCloud backup, then it would have included the information that the FBI was after.
These methods, said executives, would have made it possible to deliver the information that was requested without Apple having to modify a special version of its iPhone software to create a “back door” into the device’s contents, bypassing the passcode. Once the password was changed, those methods became impossible.
Apple has a long history of providing data extraction services to government agencies, but these methods do not rely on it breaking passcodes, and only apply to iPhones running iOS 7 or previous. Since iOS 8 was released, the vast majority of information on any given iPhone is encrypted using the passcode, and unable to be accessed via extraction. This is the case with Farook’s iPhone 5c.
Apple did mention that the county agency Farook worked for installed some kind of management software on the phone, but specifics were not given. We are reaching out to the government to get characterization on what kind of device management software was installed on the iPhone and why it was not possible to use that software — common in enterprise environments like the agency that Farook worked in — to reset the password.
The executives characterized the government’s efforts as anything but being about a single device, pointing to the fact that Manhattan District Attorney Cyrus Vance has stated that he has 175 iPhones that he would like to unlock. “This has become, ladies and gentlemen, the wild west of technology,” Vance said at a conference, as reported by ABC. “Apple and Google are the sheriffs and there are no rules.”
The Apple executive also noted that no other government in the world — including China — has ever asked it to perform the kind of iPhone cracking that the FBI is asking it to do. But, if it were to comply, those requests would surely not be far behind.
The executive also indicated that it was fair to anticipate that Apple would continue to harden iPhone security to protect users against this kind of cracking, whether by Apple or otherwise.