The FBI is telling senators how it hacked San Bernardino iPhone
The FBI isn’t keeping its new iPhone attack secret from everyone. According to a new report in National Journal, the FBI has already briefed Senator Diane Feinstein (D-CA) on the methods used to break into the iPhone at the center of Apple’s recent legal fight. Senator Richard Burr (R-NC) is also scheduled to be briefed on the topic in the days to come. Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.
The disclosures come amid widespread calls for the attack to be made public, particularly from privacy and technology groups. However the FBI’s new method works, the ability to unlock an iPhone without knowing its passcode represents a significant break in Apple’s security measures, one Apple would surely like to protect against if it hasn’t already. At the same time, law enforcement has a clear incentive to keep the attack secret, so as to use the same method in future cases.
But while the new attack has been the subject of intense speculation, we still know almost nothing about how it was carried out. In particular, it’s unclear whether the attack could successfully unlock phones with the A7 chip and accompanying secure enclave protections, implemented on all iPhones made after the 5c. If the attack affects enough iPhones, the FBI could potentially be compelled to reveal it through the government’s Vulnerabilities Equities Process, although that process is notoriously slow and easily held up if agencies decide a particular attack is too valuable to give up.
For now, the only known use of the attack is for unlocking the iPhone 5c at the center of the San Bernardino attack. Earlier today, FBI officials told USA Today that the attack has not yet been successfully deployed in a case beyond San Bernardino, despite a request for help in an Arkansas case reported last week.