FBI backs down against Apple: Feds may be able to crack killer's iPhone without iGiant's help
NSA stopped giggling at the back, handed over an exploit?
The FBI has come to a sudden and surprising all-stop in its legal war with Apple.
Rather than compel the Cupertino giant to help it unlock an iPhone belonging to one of the San Bernardino killers, the Feds say they may be able to break into the handset without the company's assistance after all.
In a filing [PDF] submitted late Monday in a central California federal court, the Feds asked for a crunch hearing due to take place on Tuesday be vacated and proceedings be suspended at least until next month. The court has granted the request.
The FBI will use that time to test an alternate method for unlocking the iPhone that will not involve, as it had originally sought, Apple building a specially crafted version of the iOS firmware.
That custom operating system, when installed on the phone during boot up, would allow agents to guess the passcode by brute force without the device wiping itself after too many wrong attempts.
Now, despite insisting repeatedly that Apple were the only ones on the planet who could help its investigation, the Feds may use someone else's unlock method instead, apparently.
"On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [San Bernardino gunman Syed] Farook’s iPhone," the FBI said in its filing.
"Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc."
Apple did not immediately respond to a request for comment.
The FBI said in its filing that it would be able to provide a progress report on the unlocking efforts on April 5, at which point the case could proceed or it could be dropped.
The move will be seen as a win for Apple, which has for weeks been fighting, both in court and in the press, against claims by the US government that it should comply with the FBI and craft deliberately weakened software.
"The FBI always had the option of hacking the phone the expensive way, using forensic tools; they never needed Apple for this," Holmes Wilson, cofounder of digital rights campaign group Fight for the Future, told The Register.
"What they wanted was a legal precedent that let them force any company to issue malicious updates. So if they're saying 'maybe there's another way' that means they're walking away with their tail between their legs, hopefully for good."
Apple boss Tim Cook and his attorneys have been the public face of Apple's opposition in this legal showdown. However, thousands of supporters within Apple's own ranks and at fellow tech giants including Google, Amazon and Microsoft, have been resisting what they see as a power grab that would have a chilling effect on privacy and security, should engineers be forced to compromise their own products at the behest of governments.
Meanwhile, the FBI may have heard from a handy hacker or two with plenty of experience with breaking into iOS; its friends at the NSA may have a quiet word; the Feds may have realized they would end up with a precedent they didn't want ... or an agent simply tried 1234 and found it worked.
"The likelihood here is that a third-party contractor for FBI, such as a forensics or data recovery firm, has devised a method and notified FBI of their findings," blogged iOS security expert Jonathan Zdziarski.
"An external forensics company, with hardware capabilities, is likely copying the NAND storage off the [iPhone's chipset] and frequently recopying it back to the device in order to brute force the PIN ... This shouldn’t be a surprise to anyone, as it’s a fairly straightforward technique." ®
Sponsored: Becoming a Pragmatic Security Leader