By Will Grice
In December last year, 14 people were gunned down at a party in San Bernardino, California. The pair responsible for the shooting, Syed Farook and his wife Tashfeen Malik, stormed the Inland Regional Center, armed with semi-automatic pistols and rifles, before opening fire on those in the room. Many of the people killed in the massacre were Farook's colleagues at the San Bernardino County office, with news outlets speculating that the couple had been radicalised by Islamic extremists. After the shooting, the couple were chased by police to a road not far from their home. Five minutes and 456 bullets later, Farook and Malik were shot dead in a gunfight involving 23 officers from seven different police agencies. Four months on and the aftermath of the massacre still rages on to this day.
After the shooting, police searched Farook’s home, hoping to find anything that would reveal who the couple had been communicating with in the days leading up to the shootings. While the police discovered the pair had removed the hard drive of their computer and destroyed their personal phones, they did uncover one important item - Farook’s work phone, an iPhone 5C. The police believed that hidden somewhere on the device was information on who had convinced the pair to carry out the spree - if indeed it was anyone at all. Standing between the government and this intelligence was a simple passcode that only Farook knew. To break through the phone's security, the FBI reached out to Apple.
Despite numerous demands from the FBI, Apple refused to help the government hack into Farook's phone, with the company's CEO Tim Cook stating that helping the government bypass the security features on the phone would be a breach of privacy. Not only would Apple have to hack their own product, but it was suggested that the only way to do so would be to create a backdoor to its software - something that could later be exploited by other hackers.
The following months were filled with court cases and arguments over privacy, with everyone from Bill Gates to Barack Obama being pulled into the debate. The actions of both Apple and the FBI polarised international opinion, with many claiming that such a breach could become a gateway to further infringements of privacy dictated by the government, while others countered that doing so was a matter of homeland security. The matter remained unresolved with neither the tech industry or the FBI backing down upon what both would argue was a simple matter of cause.
This week it was revealed that the government had found a way into Farook's iPhone without the help of Apple, a move which brought the court case to a close, but raised several questions in doing so: How did the government bypass the phone's security features without the help of the manufacturer? What does the government hacking into a phone mean to the general public? And who could have helped them break into the supposedly unhackable phone?
Here's what we know so far.
Who hacked the phone?
While this is all speculative, several news outlets have claimed it was an Israeli tech firm called Cellebrite who helped the FBI hack Farook’s phone.
The group, a subsidiary of Sun Corporation (a publicly trading Japanese company), confirmed to the BBC they are working with the FBI but would not elaborate on their relationship when asked further questions.
On its website Cellebrite states it specialises in "file system extractions, decoding and analysis," which can be performed on "locked iOS devices with a simple or complex passcode".
If indeed Cellebrite were working in conjunction with police forces it wouldn't be the first time, having previously helped the North Wales Police catch a paedophile by recovering deleted texts from an iPhone 3GS.
How did they do it?
It was previously believed the only way to bypass the phone’s security would be to have Apple write an iOS with a security loophole that would then be exploited by the FBI, making the iPhone supposedly un-hackable without intel.
However, companies such as Cellebrite offer ways around this through a system extraction, which allows them to withdraw simple passcodes, enabling access to emails and the device’s keychain. This then allows Cellebrite to access the phone at relative ease.
Can the FBI now hack into any phone?
Due to Apple’s refusal to write a security loophole in their latest iOS, the simple answer although not the most honest one is: no.
But as we've seen with the FBI being able to access private information held on Farook’s phone, we now know it’s not as simple as that.
While the FBI is unable to hack into your phone remotely, it would be able to gain access to your private information if it were ever able to get hold of your device.
What does this mean for me?
Depending on how much you have to hide - unless you're a terrorist for example or a cheating spouse whose phone has been confiscated by the FBI you don’t really need to worry. But with all developments in hacking, it is worth being aware of your phone’s security features and how you can maximise your security. Some easy ways to beef up your iPhone’s privacy include:
- Change your passcode to an alphanumeric code by going to “Settings” -> “Passcode” -> “Change Passcode” -> “Passcode Options”. This will allow you to change your passcode from a six digit code to one made up of a combination of numbers and letters.
- Disable Siri, on-screen notifications and wallet on the lock screen by unticking the boxes on the “Passcode” menu. Doing so will make sure nobody is able to see your phone’s notifications or access your Apple Wallet without unlocking your iPhone first.
- Enable the option which will erase the data on the iPhone after 10 failed passcode attempts as doing so will completely wipe your phone of it’s data, making it secure if someone tries to access it without the passcode. While this may seem extreme, it will make sure your phone is highly secure, just don’t forget your password after you’ve had a few too many down the pub.
While this case is the first of its kind, it is safe to say it won't be the last.
Unless strict legislature is introduced to specify what power the government has when it comes to digital privacy, situations like this will continue to arise. A game of cat of mouse has begun, with Apple now demanding the FBI reveal how they actually broke into the phone (a request which will almost certainly be rejected). The battle for consumer privacy looks like it will rage long into the future.
With regards to finding out the exact sophistications of the governments hacking abilities and indeed whether they now have the key to any device, unless we have another Edward Snowden waiting in the wings it's unlikely that this will become public knowledge. Even if the document are released, the people who hacked into the phone will most likely be redacted to keep their anonymity.
The major worry for the general public is finding a way to effectively safeguard our private information. While companies such as Apple are constantly improving the standard of digital security, you can be sure the efforts of the hackers will increase proportionally.
Apple and other major phone manufacturers will try their hardest to ensure their devices are un-hackable, but ultimately, whilst we continue to exist in such an increasingly fragile digital world your privacy will never really be your own.