An iPhone-hacking tool likely wouldn't stay secret for long

March 18, 2016 by Bree Fowler
An iPhone-hacking tool likely wouldn't stay secret for long
In this Friday, Sept. 25, 2015 file photo, people wait in front of an Apple store in Munich, Germany before the worldwide launch of the iPhone 6s. Tech and legal experts say if Apple were to create the iPhone-hacking software demanded by the FBI, it would have a tough time staying secret, given the "potentially unlimited" number of people that would likely get a look at its inner workings. (AP Photo/Matthias Schrader, File)

Suppose Apple loses its court fight with the FBI and has to produce a software tool that would help agents hack into an iPhone—specifically, a device used by one of the San Bernardino mass shooters. Could that tool really remain secret and locked away from potential misuse?

Not very likely, according to security and legal experts, who say a "potentially unlimited" number of people could end up getting a close at the 's inner workings. Apple's tool would have to run a gauntlet of tests and challenges before any information it helps produce can be used in court, exposing the company's work to additional scrutiny by forensics experts and defense lawyers—and increasing the likelihood of leaks with every step.

True, the Justice Department says it only wants a tool that would only work on the San Bernardino phone and that would be useless to anyone who steals it without Apple's closely guarded digital signature.

But widespread disclosure of the software's underlying code could allow government agents, private companies and hackers across the world to dissect Apple's methods and incorporate them into their own device-cracking software. That work might also point to previously unknown vulnerabilities in iPhone software that hackers and spies could exploit.

Cases in which prosecutors have signaled interest in the Apple tool, or one like it, continue to pile up. In Manhattan, for instance, the district attorney's office says it holds 205 encrypted iPhones that neither it nor Apple can currently unlock, up from 111 in November. Such pent-up demand for the tool spells danger, says Andrea Matwyshyn, a professor of law and computer science at Northeastern University, since its widespread dissemination presents a clear threat to the security of innocent iPhone users.

"That's when people get uncomfortable with a potentially unlimited number of people being able to use this in a potentially unlimited number of cases," Matwyshyn says.



The concerns raised by experts mirror those in Apple's own court filings, where the company argues that the tool would be "used repeatedly and poses grave security risks." Outside experts note that nothing would prevent other prosecutors from asking Apple to rewrite the tool for the phones they want to unlock, or hackers from reverse engineering it for their own purposes.

Apple's long history of corporate secrecy suggests it could keep the tool secure during development and testing, says John Dickson, principal at Denim Group, a San Antonio, Texas-based software security firm. But after that, "the genie is out of the bottle," he says.

Even if the software is destroyed after use in the San Bernardino case, government authorities—in the U.S. or elsewhere—could always compel them to recreate it.



Apple argues that the tool, which is essentially a new version of its iOS phone operating software, would need rigorous testing. That would include installing it on multiple test devices to ensure it won't alter data on the San Bernardino iPhone.

Similarly, the company would need to log and record the entire software creation and testing process in case its methods were ever questioned, such as by a defense attorney. That detailed record itself could be a tempting target for hackers.

Before information extracted by the Apple tool could be introduced in court, the tool would most likely require validation by an outside laboratory, say forensics experts such as Jonathan Zdziarski, who described the process in a post on his personal blog . For instance, Apple might submit it to the National Institute of Standards and Technology, an arm of the Commerce Department, exposing its underlying code and functions to another outside group of experts.

The likelihood of someone stealing the tool grows with every copy made, says Will Ackerly, a former National Security Agency employee who's now chief technology officer at Virtru, a computer security startup. And while Apple may be known for its security, the federal government isn't.

Lance Cottrell, chief scientist at Ntrepid, a Herndon, Virginia-based provider of secured Internet browsers, pointed to last year's hacking of the Office of Personnel Management, which compromised the personal information of 21 million Americans, including his own.

Once such a tool exists, "it will become a huge target for hackers, particularly nation-state hackers," Cottrell predicted. "If I was a hacker and I knew this software had been created, I'd be really trying really hard to get it."



Then there's court, where defense experts would want a close look at the tool to ensure it wasn't tainting evidence, says Jeffrey Vagle, a lecturer in law at the University of Pennsylvania Law School. "It could get quite tangled from a technical standpoint," he says.

One very likely consequence: More eyes on the tool and its underlying code. And as more jurisdictions face the issue of iPhones they can't unlock, it's impossible to calculate where that would end.

The Manhattan DA's office, for instance, says it expects the number of locked phones to rise over time. The vast majority of iPhones now run iOS 8 or more recent versions, all of which supports the high level of encryption in question.

Elsewhere in the country, the Harris County DA's office in Texas encountered more than 100 encrypted iPhones last year. And the Cook County State Attorney's Cyber Lab received 30 encrypted devices in the first two months of this year, according to the Manhattan DA's office.

Explore further: Experts: The FBI's iPhone-unlocking plan for Apple is risky

Related Stories

Experts: The FBI's iPhone-unlocking plan for Apple is risky

February 22, 2016

In its battle with Apple over an extremist's iPhone, the FBI says neither the company nor anyone else has anything to fear. Although they want to compel assistance from Apple to unlock a phone used by San Bernardino mass ...

Does an extremist's iPhone contain a "cyber pathogen"?

March 5, 2016

A local prosecutor has offered an unusual justification for forcing Apple to help hack an iPhone used by a San Bernardino mass killer: The phone might have been "used as a weapon" to introduce malicious software to county ...

Q&A: A look at the Apple vs US Justice Dept. court fight

February 17, 2016

A U.S. magistrate judge has ordered Apple to help the FBI break into a work-issued iPhone used by a gunman in the mass shooting in San Bernardino, California. Apple chief executive Tim Cook immediately objected, setting the ...

Recommended for you


Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (2) Mar 18, 2016
It seems to me, if Apple were really so interested in what's best for the people. Then the above QUOTE
"But widespread disclosure of the software's underlying code could allow government agents, private companies and hackers across the world to dissect Apple's methods and incorporate them into their own device-cracking software"
would be a reason to release the Apples's encryption algorithms and code. Making all government agents, private companies and devices more secure for the good of all.

I personally think Apple's only interested in their bottom line. Which is as it should be for a business.
5 / 5 (2) Mar 18, 2016
The media, and Apple, should report the fact, that the FBI can already access all of Farook's cell phone calls and texts from his wireless provider, all of his emails from his email provider, all of his bank and credit card records from those companies, and likely all of his internet searches from Google. What accomplice would they hope to find on his phone, and how, given they already have most of his data available from a search warrant?

rderkis - Disclosure of the source code would allow hackers, government, and criminals to create their own back doors into iPhones, by creating an OS patch that removes the encryption. And iPhones would no longer safely protect your data from anyone who gets physical access to your phone. And the police can simply take it from you by claiming it's evidence.
5 / 5 (1) Mar 18, 2016
It's a precedent grab, the couple destroyed their personal phones, this iphone was company issued, a password reset was done by request of the FBI, which meant Apple couldn't pull the data, since the iphone hadn't been synced to the icloud recently, which meant it could only be unlocked with the PIN code, which died with the owner.
Not to mention using https://en.wikipe...rits_Act

Meh, gotta give them credit for trying...
not rated yet Mar 19, 2016
Clearly the FBI can physically dissociate the current iOS from the memory of the iPhone involved. Thus the memory can be copied w/o harming the contents by removing the mainboard's SD card:
At this point, all the encrypted data is available, but the key is not.
http://arstechnic...-iphone/ can do the rest. Takes some guts to try it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.