WASHINGTON: The FBI’s announcement earlier this week that it may not need help from Apple to get into a terrorist’s iPhone set off a rush of speculation over what novel, last-ditch solution the agency had stumbled on. Long-shot suggestions offered to the bureau have ranged from burning off the phone’s silicon chip with scalding hot air to modifying it with ion beams.
On Thursday, FBI Director James B. Comey seemed to reject one popular proposal that has taken off online – to remove the phone’s chip and make thousands of copies of the encrypted data on it. “I’ve heard that [method] a lot,” Comey said at a news conference. “It doesn’t work.”
Officials say the latest solution being pursued is still aimed at finding a way to do what the government had asked Apple to do – stop the phone from automatically erasing its content after too many attempts at guessing the passcode.
But how the FBI hopes to accomplish this task remains a closely guarded secret – and the public may never know how the bureau cracked the phone, if its latest solution works.
Officials say the bureau is testing its new approach first on other devices to try to catch any errors that might end up erasing the data that investigators are trying to recover. “Caution is the rule of the land,” said one official who spoke on the condition of anonymity to discuss the ongoing investigation.
The FBI expects to try the solution on the original phone possibly within the next few days, officials said. Until the results come in, the high-profile legal battle between the government and Apple – the one that was supposed to help establish how much technical help the government can force a company to provide in a major criminal investigation – will remain on hold.
The government was set on Tuesday to face off with attorneys for Apple in a Riverside, California, courthouse over whether the Justice Department could force the company to write the software that might help the FBI in its investigation of the Dec. 2 attack in San Bernardino, California, that killed 14 people.
But in a surprise move late Monday, the department said the hearing had been postponed to give the FBI time to test a method from an outside party. “We tried it on Sunday,” Comey said Thursday. “It looked like it might work.”
When asked whether the outside party helping the agency was a company that had worked with the FBI before, Comey said Thursday that “it is someone who came forward with an idea.”
Prior to the FBI’s announcement earlier this week that it may not need help from Apple, the agency was bombarded with suggestions.
The government tried everything it could think of and “asked everyone” it thought would be able to help before turning to the courts, Comey said.
Colleagues and even rivals in the close-knit group of security professionals specializing in “mobile forensics” have been furiously comparing notes on the costs, risks and merits of various techniques, sending tips to the government and debating the limitations of the agency’s technical capabilities.
Mobile forensics has become a booming area now that smartphones of so many different types have proliferated. Within digital forensics, mobile is a more rarified speciality but one that is increasingly in demand as consumers move to smartphones. That market is worth over $2 billion, according to Transparency Market Research.
One idea being passed around the security community was a technique that requires removing the phone’s chip and making thousands of copies of the encrypted data on it. Once the data is copied, the chip is put back on the phone and specialists can attempt to guess the passcode. If they guessed incorrectly – they would have 10 attempts before the chip’s data gets wiped – they would replace the data chip with one of the copies.
The bureau was aware of this method early on and concluded that it wouldn’t work, for technical reasons, said an official familiar with the process. Technicians were concerned, for instance, that removing the memory chip, which is glued to the circuit board, would be difficult to do without damaging the data.
Paul Kocher, president of Cryptography Research, said that “it requires a nimble hand and it’s a skill, but many people know how to do it.” Still, he said, “if the FBI has a simpler method that works, then they should try that.”
Critics have suggested the government misled the public about needing Apple’s help to break into the iPhone used by Syed Rizwan Farook, one of the two San Bernardino shooters, if it had in fact found a potential solution. But Comey said that argument was “silly.”
He said the global attention surrounding the case “has stimulated a marketplace of creative people to try to come up with ideas.”
He also wrote a letter Wednesday responding to a Wall Street Journal editorial criticizing the government’s handling of the case. “You are simply wrong to assert that the FBI and the Justice Department lied about our ability to access the San Bernardino killer’s phone,” Comey said.
During the news conference Wednesday, Comey said: “Lots of folks have come to us with potential ideas – it looks like we now have one that may work out. We’re optimistic and we’ll see.” The government has until April 3 to tell the court whether it wants to proceed with its case against Apple.