The FBI has not decided whether to share with Apple details about how the bureau hacked into an iPhone linked to a California terrorism investigation, the bureau’s director says.
James Comey discussed the situation during a speech Wednesday evening at Kenyon College in Ohio. He called their ability to get into the iPhone a “technological corner case” and said the flaw the FBI exploited in Apple’s software works only on a “narrow slice of phones” – the iPhone 5c, running version 9 of Apple’s mobile operating system, not on newer or older models.
“If we tell Apple, they’re going to fix it and we’re back where we started,” Comey said. “As silly as it may sound, we may end up there. We just haven’t decided yet.”.
(Also see: Unlocking Method Works on ‘Narrow Slice’ of iPhones).
The Justice Department dropped its legal fight to compel Apple to provide it with specialized software that would allow the FBI to hack into the iPhone, which was issued to San Bernardino county health inspector Syed Farook. Farook and his wife Tashfeen Malik killed 14 people in December; the couple died in a shootout with authorities.
The iPhone was found in a vehicle the day after the shooting. Two personal phones were found destroyed so completely the FBI could not recover information from them.
US Magistrate Sheri Pym had ordered Apple to provide the FBI with software to help it hack into Farook’s work-issued iPhone after the government said only Apple could help authorities access the encrypted and locked iPhone. The order touched off a debate pitting digital privacy rights against national security concerns.
Comey told the university audience that the case also inspired a lot of efforts to try to break into the phone – “everybody and his uncle Fred called us with ideas.”.
“Someone outside the government, in response to that attention, came up with a solution,” Comey said. “One that I am confident will be closely protected and used lawfully and appropriately.”.
The government then “purchased a tool that allows court authorized access to the phone,” Comey said. The government has declined to release the identity of the third party that made it possible to access the iPhone in the case.
(Also see: The Little-Known Firm Said to Be Helping the FBI Crack iPhones).
“The FBI is very good at keeping secrets and the people we bought this from – I know a fair amount about them, and I have a high degree of confidence that they’re very good at protecting it and their motivations align with ours,” Comey said.
Comey’s comments were the closest hints about whether or what the FBI may do with its knowledge of a vulnerability in Apple’s software that could let someone bypass built-in digital locks to access private information. When the FBI may share details about the technique with state or local police agencies or law enforcement offices, it remains unclear whether or.
The FBI’s solution apparently would not help Manhattan District Attorney Cyrus Vance, who told a congressional panel that he has 205 iPhones his investigators can’t access data from in criminal investigations. Not one of those phones is an iPhone 5c, according to his office.
The FBI frequently receives requests from local departments to help with cellphone forensics, including getting into locked phones and dealing with deleted and encrypted content or damaged hardware.
The bureau said it’s received requests for technical assistance from state and local law enforcement on more than 500 cellphones during a four-month period beginning October 1 and responds on a case by case basis.
Comey said the new method to get into the iPhone is “quite perishable” whether or not it’s disclosed and would disappear if Apple changes its software. It would also disappear if used in a criminal case where it must be disclosed during the discovery process and would become public, he said.
The encrypted phone in the California case was protected by a passcode that included security protocols: a time delay and self-destruct feature that erased the phone’s data after 10 tries. The two features made it impossible for the government to repeatedly and continuously test passcodes.