“Every time there’s a traumatic event requiring investigation into digital devices, the Justice Department loudly claims that it needs back doors to encryption, and then quietly announces it actually found a way to access information without threatening the security and privacy of the entire world,” says Brett Max Kaufman, senior staff attorney at the American Civil Liberties Union. “The boy who cried wolf has nothing on the agency that cried encryption.”In both instances, the FBI wanted Apple's help to establish a “back door” that would allow law enforcement to circumvent any iOS device’s encryption and access its data as needed. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security," Apple said in a statement Monday. "It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor—one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations."
In a press conference today, FBI director Christopher Wray said that the agency had to develop its own tool to access the iPhones. “We canvassed every partner out there and every company that might have had a solution to access these phones. None did,” said Wray. “So we did it ourselves. Unfortunately the technique that we developed is not a fix for our broader Apple problem. It’s a pretty limited application.”It’s unclear what that difficulty stems from. While still plenty secure for the average user, recent vulnerabilities in iOS have given hackers and forensic investigators ample avenues to break into iPhones. “If the FBI was able to repair the hardware sufficiently to boot them up, then existing forensics tools are more than capable of recovering data from those devices,” says Dan Guido, founder of cybersecurity firm Trail of Bits. He points specifically to the so-called checkm8 exploit , publicized last September—an unfixable flaw that makes it possible to “jailbreak” any iPhone from 2011 to 2017—which includes both of Alshamrani’s devices.
“The FBI could try as many PIN codes as they wanted until one worked,” says Guido, whose iVerify security app can tell if your phone is exposed to checkm8. “It was only a matter of time before they succeeded.”