President Donald Trump’s bizarre friendship with his buddy Tim Cook is in trouble. With Apple once again refusing to allow the FBI to unlock a terrorist’s iPhone (two of them, actually, this time around), the president sent out a tweet the other day that said, “We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers, and other violent criminal elements. They will have to step up to the plate and help our great Country.”
Back in 2015, when a court ordered Apple to unlock the iPhone 5c belonging to San Bernardino shooter Syed Farook, Apple refused. The company said that unlocking the device would require it to develop a new version of iOS to unlock the phone. The company feared that if such software got into the wrong hands, no iPhone anywhere would be able to keep its user’s data private. At the time, then-candidate Trump said that he was boycotting Apple and would start using Samsung handsets. The FBI ended up paying Cellebrite a handsome fee to open the phone using its “cracking machine.”
Cellebrite appears to be able to open at least one of Alshamrani’s iPhones
In the current situation, the two handsets that the FBI wants Apple to open belong to Mohammed Saeed Alshamrani. The latter allegedly killed three people last month at a Navy base in Pensacola, Florida during an act that is being called terrorism. Because the FBI asked Apple to unlock the phones, it appeared that companies like Cellebrite and Grayshift could not unlock any iPhones running on iOS 13. But Bloomberg reports that Cellebrite recently pushed out an update to its machines that will allow law enforcement agencies to extract and analyze information from several locked iPhone models.
Cellebrite says that it can access the chipset used on an iPhone 7 and extract information from the phone
Talking about this update, Cellebrite’s security research vice president Shahar Tal emailed clients this week and said, “For the first time ever, a wealth of previously untapped data sets from iOS devices can be leveraged to change the course of investigations. This update allows you to quickly perform a forensically sound temporary jailbreak and full file system extraction within one streamlined workflow.” The update to its UFED Physical Analyzer software uses a vulnerability called Checkm8 to access chipsets that power iPhones released from 2011 to 2017. That covers models ranging from the iPhone 5s to the iPhone X and could help the FBI unlock Alshamrani’s iPhone 7 although it won’t work on his iPhone 5. The alleged terrorist was killed by the police while committing his attack thus leaving his iPhones locked.
Previously, Cellebrite relied on a brute force system. With its machine plugged into an iPhone’s Lightning port, Cellebrite would override limits on passcode attempts and would then try every possible passcode combination until it hit on the right one. But Apple added a Restricted USB Mode with iOS 12 that prevents the Lighting port from connecting to another device if an iPhone has not been unlocked within the last hour. Cellebrite’s updated software allows it to communicate with the chipset used on certain iPhone models, apparently regardless of the iOS version that the phone in question is running. This new technology could be very useful. Neil Broom, who works with law enforcement to unlock phones, said, “This Cellebrite tool would let the government get a whole lot of information out of the phone, more than we’ve previously been able to extract.
Cellebrite rival Grayshift has reportedly been able to crack open an Apple iPhone 11 Pro Max using its GrayKey machine according to Forbes. The report states that in 2019, FBI investigators in Ohio employed a GrayKey to obtain data from the latest high-end iPhone model. The phone belonged to Baris Ali Koch, who was accused of helping his brother, a convicted felon, obtain fake ID allowing him to leave the country. The FBI’s search warrant noted that Koch’s phone was locked when it obtained the device.
And that brings us to this question, if the FBI can both of Mohammed Saeed Alshamrani’s iPhones without Apple, why is President Trump, Attorney General Barr, and the FBI putting pressure on Apple to unlock these phones? Perhaps it has to do with setting a precedent for the future when Apple comes up with a way to block the latest technology used by Cellebrite and Grayshift. However, the president should tread lightly here; he certainly doesn’t want to lose the “friendship” he has with the man he once called Tim Apple.