- The Department of Justice is pressuring Apple to help unlock two iPhones belonging to the Saudi aviation student charged with killing three people at a Florida Navy base last month.
- Attorney General William Barr has criticized Apple as unhelpful in cracking the locked iPhones.
- While Apple has provided the FBI with available records from the suspect’s iCloud account, it has long resisted federal pressure to engineer a “backdoor” that would let investigators easily unlock iPhones.
- But according to experts, recent technological advancements have made it straightforward for law enforcement to crack iPhones without Apple’s help, at least for now.
- Visit Business Insider’s homepage for more stories.
The Department of Justice is in a stand-off with Apple over the effort to unlock iPhones owned by a suspected terrorist — but according to cybersecurity experts, it should be straightforward for federal agents to crack the iPhones, even without Apple’s cooperation.
Attorney General William Barr has repeatedly demanded that Apple help crack two iPhones belonging to Mohammed Alshamrani, but they are locked with unknown passwords. Alshamrani is charged with shooting and killing three people in a December attack on Naval Air Station Pensacola.
Apple has maintained that it has cooperated with federal agents. An Apple spokesperson told Business Insider that it had already provided iCloud backups, account information, and “transactional data” from Alshamrani’s accounts. The spokesperson said the FBI first notified Apple that it needed additional assistance on Jan. 6, and that Apple received a subpoena for information related to Alshamrani’s iPhones on Jan. 8, which it filled.
However, Apple has long resisted federal pressure to engineer a “backdoor” that would let law enforcement crack locked iPhones. The Obama administration first requested such a backdoor in 2016 after an attack in San Bernardino, California.
“We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers,” the Apple spokesperson told Business Insider.
In the 2016 instance, Apple refused to add a backdoor, setting up a legal standoff. The FBI then said it was able to open the iPhone without Apple’s help, instead paying a contractor nearly $1 million to do it.
And according to cybersecurity experts, new technologies have made it even easier for investigators to crack locked iPhones, even without help from Apple.
The cybersecurity company Grayshift sells an iPhone hacking device for $15,000, and Israel’s Cellebrite sells a similar device, according to The Wall Street Journal. Neither Grayshift nor Cellebrite immediately responded to requests for comment.
Tech companies are constantly trying to develop more secure devices and platforms to win costumers’ trust, and are therefore reticent to build backdoors that would easily crack encrypted services. Similarly, companies like Grayshift and Cellebrite are constantly honing methods of cracking devices, which are kept secret.
“There’s an arms race going on,” said Chris Howell, CTO of Wickr, a software company specializing in encrypted services. “In order to access the data on a device or in a particular app, actual security mechanisms need to be defeated, so more powerful tools need to be created to do it, which leads to stronger security controls.”
The iPhone was long seen as uncrackable, but recent advances have changed that — one county in Georgia that purchased a Grayshift device was able to crack 300 phones in one year, The Wall Street Journal reported.
In an interview with Business Insider, Howell said he understood why Apple wouldn’t intentionally build a backdoor into the iPhone as the FBI has requested.
“As a technologist I can tell you that there is no security mechanism that can discriminate between a hacker trying to crack it and a law enforcement officer trying to do the same thing. Either we secure it or we don’t, it’s that simple.”
A Justice Department spokesperson did not immediately respond to a request for comment.