Without Apple’s (AAPL) assistance, the FBI says it will remain shut out of an iPhone used by one of the two shooters in last December’s mass murder of 14 people in San Bernardino, Calif. But there are still plenty of smartphones the government can crack without court orders, public hearings or any involvement by phone makers.
A device called the IP-Box, made in China, can crack the passcode on older iPhones and has become a popular forensics tool for police agencies nationwide. Lke other similar gizmos, it doesn’t work on iOS 9, Apple’s latest operating system. But there are roughly 100 million iPhones in use in the United States and about 25% of them still run on older software. “The IP-Box has been a substantial help to solving many cases around the country,” says Bill Teel, whose company, Teel Technologies of Norwalk, Conn., sells the device and other forensic tools to law enforcement agencies.
The IP-Box, which costs around $350 new and less used, came on the market late in 2014. Teel won’t say how many units he’s sold, but sales spiked in 2015 as law enforcement agencies began using the device to work through a large inventory of iPhones seized in criminal cases that they couldn’t crack any other way. Apple released its newest operating system, iOS 9, last September, and it has aggressively pushed updates of the newer system to any iPhone capable of handling it. So interest in the IP-Box has waned as more iPhones carry the newer software.
The FBI says it does not have the ability to break into iOS 9, which is why it’s concerned about mobile devices “going dark”—concealing more and more information law enforcement can’t access. With regard to the San Bernardino phone, FBI Director James Comey said at a recent Congressional hearing, “We have not found a way to break the 5C running iOS 9…. They have set out to design a phone that can't be opened and they're darn near succeeding.”
Android vs. iPhone
Android vs. iPhone
Yet the public scrutiny surrounding that case and others like it shows that the government has better tools for cracking phones on their own than many users probably realize. Meanwhile, smartphones running on Google’s (GOOGL) Android operating system—which have gotten little attention in the current controversy—are considered far easier to crack than Apple’s iPhones, since Google doesn't emphasize security as heavily as Apple. And 52% of Americans use Android phones, according to comScore, which equates to slightly more than 100 million devices.
Unlike iOS 9, Android is open-source software used by dozens of device manufacturers. “Apple devices are much more secure,” says Patrick Siewert of Professional Digital Forensic Consulting in Henrico, Va. “Many of the Android manufacturers are just now coming up with hardware-based encryption, and many Android users don’t update the software as religiously as iOS users do.”
The IP-Box tool for cracking into iPhones is a “brute force” device that works by guessing passcodes on an iPhone and quickly cutting the phone’s power after each failed attempt, which prevents the phone from counting each try and erasing its data after 10 mistaken entries. On versions of the iPhone that call for a simple four-digit numeric passcode, there are 10,000 possible options; it would take 6 seconds to crack the code if IP-Box guessed it on the first try, and as long as 111 hours if it guessed on the last try, according to British consulting firm MDSec, which tested the device last year. “It effectively exploits a vulnerability in iOS 8,” says Dominic Chell of MDSec. Apple plugged that hole with iOS 9—but users have to upgrade to the new software to get the protection.
In federal testimony last fall involving a now-convicted heroin trafficker named Adamou Djibo, Special Agent David Bauer of the Department of Homeland Security described working with the IP-Box and other similar tools. The phone in that case, heard in the Eastern District of New York, was an iPhone 5C running iOS 8.1.2. “I have spoken with other examiners who have actually broken passcodes on phones that have operating systems that are more recent than this particular version,” Bauer said. “Those versions would arguably be more secure and more difficult to break into.” He also said the IP-Box can be “very finicky” and there’s a “non-trivial risk of data destruction” if it’s not used correctly, meaning an agent who makes a mistake using IP-Box can inadvertently delete evidence.
There’s a cottage industry of other devices used for cracking both iPhones and Android devices, including svStrike, HDB Box and MFC Dongle. Many are hacker tools police departments and other law-enforcement agencies find handy because they typically have little or no budget for developing cryptographic tools of their own, and either can’t get the manufacturers to help or don’t want to. Some law-enforcement agencies send devices they need cracked to an Israeli company called CelleBrite, which is able to retrieve information from many locked smartphones, but that can cost $5,000 per phone, an amount not in the budget for many local police departments.
Limits of the government's power
An unanswered question is whether any corner of the U.S. government—especially supersecret ones such as the National Security Agency—has better capabilities for cracking into the newest smartphone technology than the FBI is letting on. Documents released by Edward Snowden in 2013 showed that stealthily accessing smartphones was a high priority for the NSA, as it presumably still is. Those documents also showed the NSA was able to access virtually any iPhone in operation at the time. Whether the NSA maintained that capability for newer iPhones is not publicly known.
An unanswered question is whether any corner of the U.S. government—especially supersecret ones such as the National Security Agency—has better capabilities for cracking into the newest smartphone technology than the FBI is letting on. Documents released by Edward Snowden in 2013 showed that stealthily accessing smartphones was a high priority for the NSA, as it presumably still is. Those documents also showed the NSA was able to access virtually any iPhone in operation at the time. Whether the NSA maintained that capability for newer iPhones is not publicly known.
At the recent Congressional hearing, some members of the House Judiciary Committee were skeptical that the FBI doesn’t have technology to get into the latest iPhones, without Apple’s help. Comey insisted the agency isn’t as slick as outsiders might imagine. “We have engaged all parts of the U.S. government,” he said, “to see, does anybody have a way … to do it with a 5C running iOS 9, and we do not." Cynical observers of government might note that there have been many instances of one agency withholding information or technology from another; it’s plausible the NSA has iPhone-cracking capability it doesn’t share with the FBI. Comey may also have left some wiggle room by essentially saying he asked other agencies if they have the technology, rather than saying he knows for sure.
If the feds truly can’t crack into the latest iPhones, they certainly have the budget and brainpower to give it a go. Plus, other successful hacks, such as the Stuxnet virus that damaged Iran’s nuclear weapons system and was supposedly the work of the U.S. and Israeli governments, demonstrate the capability. “Whenever Apple issues a new operating system, everybody starts developing new exploits,” says Siewert. “It’s within the realm of possibility that the government already has something in place, and if not, they’re working on it.” Which is why Apple, no doubt, is working on new countermeasures to the government countermeasures.
No comments