A new zero-day exploit against Apple’s iOS mobile operating system enables an attacker to bypass a security lockout feature that will erase the device’s contents after 10 unsuccessful passcode tries. The group taking credit for the new zero-day is none other than the FBI.
As reported on eWEEK this week, the FBI has ended its legal case against Apple in which it was trying to force the tech giant to provide a way to help get access to the contents of an iPhone 5c used by Syed Rizwan Farook, a gunman in the Dec. 2 shooting spree in San Bernardino, Calif.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016,” the Department of Justice’s legal filing on the matter simply states.
The original court order had asked Apple to assist the DOJ by helping the FBI “bypass or disable the auto-erase function” on the iPhone 5c. As part of iOS’ security, iPhones have a passcode that protects access to the device and its contents. An additional security capability can be enabled that will erase the contents of a device after a specified number of incorrect passcode attempts. The FBI obviously didn’t want to trigger the auto-erase function; otherwise, the agency could have attempted to just “brute-force” the password, spooling through all the possible passcode combinations.
As part of the original court order, the DOJ also requested that Apple’s technical assistance include “providing the FBI with a signed iPhone Software file, recovery bundle or other Software Image File (‘SIF’) that can be loaded on the subject device.”
Apple CEO Tim Cook balked at the request, steadfastly claiming that such a bypass would undermine the security of all iPhone users.
Now, despite Cook’s lack of cooperation, the FBI has what it wants.
Whatever the method, the simple fact of the matter is that it is now possible to bypass the passcode security auto-erase function on an iPhone 5c, and there is no known fix. In the security business, that’s typically what security researchers will call a zero-day exploit.
So far as is publicly known at this point, only the FBI has this powerful new zero-day exploit. There is no way of knowing if the exploit has been made available to other governments around the world. There was some speculation last week, when the DOJ first asked to delay a legal court hearing with Apple, that an Israeli firm was now on the FBI payroll helping to bypass the iPhone 5c’s security. That speculation has not been officially confirmed, nor has any public admission yet been made by the DOJ or the FBI that it paid to acquire the bypass from any third party.
No doubt, Apple today is pressuring the DOJ to find out what the bypass is so that it can fix the issue, protecting all iOS users. In a normal responsible disclosure process, a security researcher would report a zero-day issue to a vendor, so that the vendor could fix the issue before it becomes widely exploited. It’s not clear what, if any, formal disclosure will happen in this case.
Of all the possible situations that could have enabled the iPhone 5c bypass, this scenario—where the FBI now has access to such an exploit that neither Apple nor anyone else knows about—is not a great one. Had Apple been forced to comply with the DOJ, perhaps there could have been some controls in place on usage of the mechanism and some form of tracking. Now Apple is on the outside looking in, wondering how this all happened.
What exists now is a dangerous situation, where a working bypass, or a zero-day exploit, exists for one of the most popular technology platforms on the planet. Hopefully, this bypass only exists in the hands of good, law-abiding people who will not abuse this power and only use it in the interest of national security.
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
The Operating System is not the first and only target for an attacker. See http://neoschronos.com/insights/a-primer-to-communications-security/ Also consider the FBI might be simply bluffing to "punish" Apple for protecting our privacy.