Later today Apple will file its latest response to a government demand it unlock an iPhone 5S of a suspected drug dealer in New York. FORBES understands the Cupertino tech giant will argue that as the FBI has already found a way to obtain access to the iPhone 5C of San Bernardino terrorist Syed Rizwan Farook, reportedly using the skills of an unknown professional hacker, it does not need an All Writs Order demanding Apple help acquire a passcode to unlock a device.
The US government has indeed shown third parties can help it unlock iPhones, whether with the aid of forensics firms like Israeli company Cellebrite or anonymous parties as with Farook's device. But it has claimed the technique used in the San Bernardino case could only be used on that one iPhone.
Yet Apple has good reason to suspect the FBI doesn't require its assistance, especially in light of a warrant obtained by FORBES showing police in Seattle, Washington, were able to crack the passcode of an iPhone 5 just four months ago. In the application for the warrant (published below), police sought access to an iPhone belonging to Roman Seleznev, a suspected fraudster charged with running 2pac.cc, a site for trading stolen credit cards. The police noted they twice ordered Apple to extract information from the phone. Having determined more data was required, in particular information from the accused's WhatsApp account, the police applied for the ability to "brute force" the passcode -- repeatedly guessing the code.
The filing indicated that as Apple provided data, it became apparent a new, unspecified forensic technique allowed investigators to open iPhones like the one owned by Seleznev. The executed warrant is clear: on 1 December 2015, a detective "began passcode recovery procedures" that "yielded the passcode to access the device". Data and screenshots were taken over the following weeks. FORBES believes this is the first warrant to disclose a passcode hack published by a media organization.
What's unclear is what iOS version the iPhone 5 was running. It could have been iOS 6 or 7. The device was seized in July 2014, 10 months after the launch of iOS 7, whilst the iPhone 5 launched with iOS 6. The US Department of Justice said it could not provide additional detail, noting Seleznev is scheduled for trial in the next few months.
But it's believed similar brute force techniques could be used to access the iOS 7 device in New York. "In the New York case, there are forensics companies which can provide the same data Apple does (the stuff not protected by the PIN lock), and probably one that can bypass the PIN lock," said Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley.
"But since this was seized in July 2014 (when iOS 7 was out for over a year), it is highly likely that whatever technique was used in Seattle can be used in the New York case.
"Overall, my thoughts on the New York case is both Apple and the DoJ are being obnoxious for the sake of being obnoxious. Apple has consistently revealed this data on captured devices without complaint because it's not protected, and the DoJ has many alternatives to get this data without involving Apple." Apple had not offered comment on the Seattle filing or its relevance to ongoing cases, such as other All Writs Orders currently facing the company, believed to number at least 12.
Critics have already noted that FBI partners, including Cellebrite, claim to be able to break the passcodes of iPhones running anything below iOS 8. Indeed, Cellebrite's own literature claims it can bypass lockcodes on iOS devices up to iOS 8.4. Any device running iOS 8.1.1 or below is vulnerable to a lockscreen bypass, as shown with a brute force attack on an iPhone 5S using what's known as an IPBox in 2015.
The government has not explained why it's unable to break into the New York device with currently available methods.
The FBI has already backed down in the San Bernardino case, after a third party came forward with an exploit to open the device. Given technical evidence the iPhone 5S could be unlocked with available hacking tools, it may well back down from another fight in the coming weeks.
