Since the FBI broke the encryption of the iPhone 5C belonging to terrorist Syed Rizwan Farook, most likely with the help of the Israeli office of the Japanese mobile phone security firm Cellebrite Mobile Synchronization, it has been testing the method on other iPhone versions. It will not, however, disclose the phone’s flaw or the information found on Farook’s phone. European cases regarding locked phones are heating up, with France and England considering fines for companies that don’t help crack their phones’ encryption.
The Wall Street Journal notes that, because Apple didn’t sell many 5Cs, cracking the encryption is of limited value unless the method opens other Apple models. Apple’s iOS 8 operating software, launched in 2014, was when the company began encrypting data in a way that it can’t crack, adds WSJ.
The ACLU principal technologist Chris Soghoian notes that if the FBI doesn’t reveal the security flaw, “the more they are gambling that no other entity will discover this flaw,’’ and WSJ adds that government deliberations on “whether and how to disclose a security gap” may take months — or even longer since Apple vowed to fight government efforts to force it to help unlock the iPhone.
Former senior FBI official Robert Anderson, now a Navigant Consulting executive, says that “the more iPhones could be opened with the technique, the more likely the government would be to disclose it to Apple,” so people’s safety and privacy won’t be jeopardized. But, he says, the speed at which technology changes far outpaces the government’s ability to stay on top of it, adding that whatever broke the iPhone’s encryption “is going to last for about 30 seconds in the cyberworld… and we’ll be right back to square one.”
Meanwhile, law enforcement in Europe and the U.S. still has plenty of iPhones related to crimes that they’d like to crack. In Europe, police count “more than 40 encrypted phones involving recent investigations,” including an iPhone seized in investigation of the November 13 Paris attacks.
The “vast majority” of these phones are running newer operating software that Apple says it cannot crack. In the U.S., the government has pushed Apple and Google to help unlock phones in “at least 63 instances.”
An Apple spokeswoman says the company “hasn’t received any requests to unlock or extract data from iPhone related to the Paris or Brussels attacks,” but the French senate has “already approved an amendment to an anti-terrorism bill that would — if it remains in the final text — boost penalties” for companies that don’t “provide the means to decipher conversations or other materials as ordered in an investigation.”
A new surveillance bill in the U.K. won’t exempt companies from fines that “don’t have a key to their own encrypted communications systems.”
No company is claiming credit for helping the FBI break Farook’s iPhone, but, says Bloomberg, it is largely believed to be Cellebrite Mobile Synchronization, a pinball machine company that became expert in extracting data, including encrypted or deleted, from mobile devices. The company employs more than 500 people at offices in Israel, the U.S., Brazil, Germany, Singapore and the U.K.