President Trump joined Attorney General William Barr on Tuesday, slamming Apple Inc. for refusing to extract data from two iPhones that belonged to the Saudi Air Force Lieutenant who went on a rampage at Naval station Pensacola last month, killing three.
"We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements," Trump tweeted, adding "They will have to step up to the plate and help our great Country, NOW! MAKE AMERICA GREAT AGAIN."
We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements. They will have to step up to the plate and help our great Country, NOW! MAKE AMERICA GREAT AGAIN.— Donald J. Trump (@realDonaldTrump) January 14, 2020
Barr said during a Monday press conference that Apple had provided no "substantive assistance" to support investigators trying to crack into the smartphones. His comments are part of an ongoing push by the US government to make such assistance standard practice in the future.
"We have asked Apple for their help in unlocking the shooter's phones. So far, Apple has not given any substantive assistance," said Barr. "This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence once it has obtained a court order based on probable cause. We call on Apple on other technology companies to help us find a solution so that we can better protect the lives of American people and prevent future attacks."
Yet, according to Bloomberg, the FBI should have no trouble breaking into the phones - as they can go either exploit a range of security vulnerabilities - or they can hire a company such as Grayshift or Cellebrite - the latter of which is an Israel-based, Japanese-owned firm which helped the FBI access data from the phone of the shooter behind a 2016 attack in San Bernardino, California.
Mohammed Saeed Alshamrani, the perpetrator of a Dec. 6 terrorist attack at a Navy base in Florida, had an iPhone 5 and iPhone 7, models that were first released in 2012 and 2016, respectively. Alshamrani died and the handsets were locked, leaving the FBI looking for ways to hack into the devices.
“A 5 and a 7? You can absolutely get into that,” said Will Strafach, a legendary iPhone hacker who now runs security company Guardian Firewall. “I wouldn’t call it child’s play, but it’s not super difficult.” -Bloomberg
Security expert Neil Brook, who works with law enforcement agencies to unlock devices, did note that it's possible the specific iOS versions running on the Pensacola shooter's phones may have patched exploits, making it more difficult to access them - though it would still be possible.
"If the particular phones were at a particular iOS version, it might be as easy as an hour and boom, they are in. But they could be at an iOS version that doesn’t have a vulnerability," said Broom.
According to the report, "Apple and security firms such as Cellebrite play a cat-and-mouse game nowadays. The iPhone maker releases a new device or a new version of its iOS operating system that locks everything down. Then security firms and researchers start probing, and often find ways to hack into the handsets after several months. Those exploits sometimes turn into tools that the FBI and police can use to access data on iPhones."
Broom notes that Cellebrite and other security firms would "bend over backwards" to win a government contract.
"Our technology is used by thousands of organizations globally to lawfully access and analyze very specific digital data as part of ongoing investigations," Cellebrite said in a statement. "As a matter of company policy we do not comment on any ongoing investigations."
Another firm which could help the FBI is Atlanta-based Grayshift, which employs former Apple software security engineer Braden Thomas and has a product called GrayKey.
A new security flaw known as “Checkm8” affects chips in iPhones released between 2011 and 2017, according to Strafach and other researchers. That includes the iPhone 5 and iPhone 7.
“With the Checkm8 vulnerability, you should be able to get a forensically sound image of the file system, unless they had a crazy long passphrase,“ Strafach said.
The iPhone 7 includes the Secure Enclave, a dedicated chip for storing fingerprint data and other sensitive information on the device, but even that could be breakable, he said.
“It’s simply a question of whether the government will pay a contractor to get into these phones,” Strafach added. “If it can’t be done with the Checkm8 vulnerability, they can pay a contractor to do it.” -Bloomberg
To crack into phones, Cellebrite offers a "UFED Physical Analyzer" and a "Touch2" tablet which comes with PC software ("4PC") - all costing around $15,000 per Broom, who added that there's often an annual maintenance fee of more than $4,000.
For more advanced services, GrayKey and Cellebrite Premium offer an on-premise service for law enforcement agencies which can cost between $100,000 and $150,000.
"They already have these tools around the country. So they wouldn’t be paying anything more to break into these phones, they could just be waiting for a certain exploit like Checkm8 to become available," said Broom.
That said, according to Yotam Gutman - marketing director at cybersecurity company SentinelOne, newer iPhones such as the iPhone 11 are much harder 'if not impossible' to crack... for now.