FBI says it might be able to unlock San Bernardino terrorist’s iPhone without Apple’s help
The U.S. government made a dramatic about-face Monday, announcing it may not need Apple’s help unlocking an iPhone belonging to an assailant in last year’s San Bernardino terror attack, bringing an abrupt halt — and possibly an end — to its high-stakes legal showdown with the technology giant.
Justice Department officials said an outside party came forward Sunday and showed investigators a way to circumvent the iPhone security features that had previously flummoxed the FBI’s computer experts.
With the 11th-hour announcement Monday afternoon, federal prosecutors sought, and quickly received, an indefinite postponement to a court hearing that had been scheduled for Tuesday. Prosecutors had planned to use the hearing to make their case for why a judge should force Apple to cooperate in hacking into the phone.
In a court filing, and on a conference call with reporters, justice officials did not provide details about who had approached them or the technique that was suggested for breaking into the phone. They said, however, they were “cautiously optimistic” the idea would succeed.
“If the method is viable,” prosecutors wrote, “it should eliminate the need for the assistance from Apple.”
The sudden possibility that the government would no longer need Apple’s cooperation marked a jarring turn of events after weeks of rising acrimony between the two sides. Apple had steadfastly refused demands by Justice officials that it create a new computer program that, when uploaded onto the killer’s iPhone, would have provided FBI agents a way around the security barriers and allowed them to hack into the device. Federal officials insisted they had exhausted all other possible ways into the phone.
The case quickly took on significance far beyond the San Bernardino attack, becoming a major test in a broader legal dispute over the lengths technology companies must go in assisting law enforcement officials in criminal investigations.
Though Monday’s announcement offered Apple at least a temporary reprieve in what had become a risky and possibly damaging legal face-off with the U.S. government, it presented the world’s most valuable company with another troubling scenario: That some unknown group has devised a way to break into iPhones despite the company’s efforts to protect customers’ privacy with new encryption and security buffers.
In a call with reporters, Apple attorneys underscored the bind the company finds itself in. If the government does drop its demand for help, the firm will probably remain in the dark on what prosecutors learned and who taught it to them.
The attorneys, who spoke on the condition that they not be identified, said Apple would ask the government to share what vulnerability it had recently discovered as a result of Sunday’s new information. They stressed that they remained uncertain whether there is in fact a way to bypass the security measures.
The government’s announcement, the lawyers said, highlights the fears that the tech giant has repeatedly expressed during its legal fight with the government: that the company must contend with constant attempts by outside parties to crack Apple’s security measures.
At a product launch Monday, Chief Executive Tim Cook insisted the company had a responsibility to protect information on people’s iPhones and other Apple products from intrusion because the devices have become an “extension of ourselves.”
“We need to decide as a nation how much power the government should have over our data and our privacy,” Cook said. “We didn’t expect … to be at odds with our government. But we believe we have a responsibility to protect your data, your privacy. We owe it to our customers.”
If the government does drop its demands for Apple’s assistance in this case, the issue is almost certain to be raised in other cases as encryption and security measures continue to make it difficult for investigators to access information on smartphones and other devices.
In agreeing to pause the court proceedings, U.S. Magistrate Judge Sheri Pym instructed prosecutors to provide an update by April 5 on whether the newly discovered procedure does, in fact, provide a way into the phone.
The fight over the iPhone arose after the Dec. 2 attack at the Inland Regional Center in San Bernardino that left 14 dead and many wounded. Justice officials have concluded the assault by Syed Rizwan Farook and his wife was an act of terrorism.
When the couple were killed in a shootout with police, investigators found an iPhone 5C that Farook was issued for his job as a county health inspector. Although FBI agents managed to learn much about Farook and his wife, they wanted to access the phone in hopes it would help answer outstanding questions, such as whether the killers had accomplices.
Concerned that Farook probably had enabled a security feature on the phone that makes it inoperable after 10 failed attempts to enter a secret four-digit security code, agents approached Apple for assistance in getting into the device. Until the correct security code is entered, Apple’s encryption software keeps the contents of the phone scrambled.
FBI agents wanted Apple engineers to devise a new operating system that would bypass the 10-attempt limit on the security code and other security measures built into the phone. With this done, agents then planned to use a computer program to churn through the 10,000 possible pass codes until they hit upon the right one.
After Apple refused, prosecutors for U.S. Atty. Eileen Decker asked Pym to force Apple’s hand. The judge granted their request but said a final decision would come after the two sides made their case in legal filings and at the hearing.
The legal battle focused largely on an obscure centuries-old law that prosecutors said gave them the legal foundation to demand Apple’s cooperation. The high-powered legal team assembled by Apple disagreed, saying the government’s attempt to use the law was a dangerous overreach of its authority.
But amid all the legal wrangling, the two sides saw eye-to-eye on a basic idea: The government insisted repeatedly that only Apple’s engineers could fashion a way past the security barriers they themselves had built. Apple did not disagree, but it said that being forced to create the work-around amounted to building a master key that, if stolen by hackers, would jeopardize the privacy of all its customers.
Monday’s claim by prosecutors upended that understanding, suddenly injecting into the debate the idea that the master key has already been devised by someone other than Apple.
Jonathan Zdziarski, a leading expert on iPhone security, said the information given to federal authorities is likely to have focused on ways to copy a portion of the phone’s memory that keeps track of how many attempts have been made to enter an iPhone’s pass code. By repeatedly restoring the original copy of those data after nine guesses, the agency potentially could avoid triggering the feature that makes the phone’s contents inaccessible after 10 failed tries.
Zdziarski did not think the announcement of a possible way to hack into the device would hurt Apple and its reputation for strong security. Farook’s phone, he noted, was an older device that didn’t include the most up-to-date security.
“We do know that whatever the solution is, [the] FBI believes they can effectively test it within a two-week period, so it’s likely nothing that is incredibly experimental,” Zdziarski said of the FBI’s potential solution.
Times staff writer David Pierson contributed to this report.
Get breaking news, investigations, analysis and more signature journalism from the Los Angeles Times in your inbox.
You may occasionally receive promotional content from the Los Angeles Times.