Leaf&Core

FBI Cracks Pensacola Shooter’s iPhone Without Apple, Finds Al-Qaeda Link

Reading Time: 5 minutes.

FBI FlagIf Apple cracks the security on one of their devices for law enforcement, they’ll build an easy-to-access backdoor that thieves and oppressive regimes all over the world will be able to use. We’ve already seen what hacking tools can do right here in the United States. Police officers using access to arrested people’s phones to go through and save their photos. It’s still happening. Since the results of creating a backdoor through iPhone encryption, or disabling it altogether, would be catastrophic, only catastrophic consequences should call for it.

Time and time again, despite a myriad of other options, the FBI and other world governments have pressed for control. They’re willing to risk people’s lives, their privacy, their security, for that little bit of authority. Turns out that, once again, they didn’t need it.

The Pensacola shooter used an iPhone 5 and an iPhone 7. Both are older devices from Apple. They’re relatively easy to break into now. The FBI could have purchased some hacking tools on ebay to do it. Instead, they tried to take the nuclear option. After Apple refused to cause a global security meltdown, they threw the temper tantrum aside and… got into the phones anyway! No shocker there.

They found the shooter may have had connections to Al-Qaeda. The FBI claims they got in with “no thanks to Apple.” But that’s not true either. It seems the FBI’s throwing a temper tantrum after not getting their way. Anyone else tired of these so-called adults behaving like lying, penchant children?

“No Thanks to Apple”

“Thanks to the great work of the FBI – and no thanks to Apple – we were able to unlock Alshamrani’s phones,” said Attorney General Barr. “The trove of information found on these phones has proven to be invaluable to this ongoing investigation and critical to the security of the American people. However, if not for our FBI’s ingenuity, some luck, and hours upon hours of time and resources, this information would have remained undiscovered. The bottom line: our national security cannot remain in the hands of big corporations who put dollars over lawful access and public safety. The time has come for a legislative solution.”

– from the Department of Justice’s press release from Barr and Wray.

Emphasis added.

That’s quite a damning statement. But did Apple offer no help? Is Apple putting profit or security forward? Let’s start with Attorney General William Barr’s first complaint, that Apple didn’t help the FBI. In fact, the evidence provided by the Department of Justice in their press briefing came from the Apple Notes app, which would have been available through the iCloud backup.

Perhaps this is why Apple was quick to point out that the FBI was making false claims about their involvement.

“As a proud American company, we consider supporting law enforcement’s important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.”

– from Apple’s press release

Apple provided iCloud backups, account information for multiple accounts, transnational history, and more to the FBI. They also provide ongoing support for law enforcement.

Like previous cases, the FBI is trying to make this seem like Apple is uncooperative, when that couldn’t be further from the truth. Apple provides everything they can without compromising the security of every iPhone on the planet.

The “Help” the FBI Wants

What Barr actually means is, Apple didn’t help the way he wanted. Apple gave them a Nintendo system for Christmas when they really wanted a Playstation. Getting iCloud data, or the best tips on breaking into the phone isn’t enough. The FBI wants a backdoor. Not just into an iPhone, but all smartphones, all computers, all devices. They want to be able to break into any security.

If law enforcement was good, just, truthful, and never corrupt, that would probably be fine. But around the world, it is not. In fact, it’s not incorruptible anywhere. Officers leak hacking tools. They sell them. Secrets get out, even accidentally. A Microsoft developer accidentally leaked their signing key for Microsoft some time ago, enabling people to create cracked versions of Windows. Any hack will get out.

 

“There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.”

– from Apple’s press release

If Apple builds a backdoor, Google, Microsoft, and others will have to as well. If that happens, none of your devices will be secure. Tools will leak, thieves will have them, as well as other people you really don’t want combing through your private documents or your bank account passwords. Do you use a password manager? Unlock your device with Face ID? Lock your bank account with that same Face ID? If the FBI has their way, a thief could get into every nook and cranny of your iPhone.

Why does the FBI still want this then? Control and power. To grant the FBI this right, they’d need to override a part of the first amendment of the constitution. They’d have to allow a government entity to force someone to write something, software, that they don’t want to write. This isn’t just about access, it’s about control.

The FBI is trying to pressure Apple through public announcements like this one, claiming Apple is a menace. That’s easier than chipping away at the constitution. The announcements tend to have the opposite effect. At this point, many people understand that what the FBI is asking for would put their daily safety and security at risk, while other options are abound.

The FBI doesn’t need the power they seek, but if they get it, everyone will have it.

What Was Found

The FBI found the shooter had ties to al Qaeda. In fact, he had been planning the attack for years, since before coming to the United States. One of his contacts was involved with the AQAP, Al Qaeda in the Arabian Peninsula, a branch of al Qaeda responsible for some of their most deadly attacks. This attack killed three U.S. soldiers and wounded others. The shooter was in contact with someone within al Qaeda up to the day before the attack. The FBI has not released more information than that.

How It Was Found

Once again, the FBI did not disclose how they came to their conclusions, or how they got into the phone. They may have used the GreyKey or Cellebrite hacking tools. It’s also likely they got information directly from Apple, as the iCloud backups that Apple provides can be substantial.

These are targeted tools, and likely worked because the shooter’s iPhones were older models. Still, always be sure to use a long passcode, 8 characters or more, on your iOS device. Thieves may have access to some of these hacking tools, as they’re not very expensive on ebay. However, many of these tools can be foiled with a long passcode.

What do We Actually Need?

The FBI calls it “going dark.” It’s when communication slips behind encryption, and they no longer can gain access to it. It happens across the board. If Apple’s security can’t be trusted at all, criminals will just use home-built encryption apps. It’s not hard to make an encrypted app. I’ve done it. Many software engineers have. These solutions wouldn’t have a backup that Apple can hand over. They wouldn’t have tools you can buy on ebay. They’d be salted and hashed home-built encryption that can’t be cracked so easily. That would be truly going dark.

Sure, your average thief won’t have that. But terrorist cells? Arms dealers? Drug smugglers? Human traffickers? Bet your life on it.

If the FBI gets what they want, we’ll be less secure, but the criminals will be more secure. That’s why the NSA has spoken out against the FBI’s actions. They know to look big picture. They know to listen to the software engineers.

What do we really need here? The same targeting that can bypass encryption. False SSID and networking points. Man in the middle attacks. Dare I say it, good old fashioned police work. Because before all communication was digital and logged, we still solved crimes. People will mess up. They’ll send SMS, connect to a bad wifi network, or create a backup on iCloud that Apple can decrypt. That’s how you nail these people. Not buy putting people’s lives at risk.

Sometimes the solution isn’t brute force. The best way to solve a problem isn’t always through it, but around it. When it comes to encryption, the best way to beat it is to not even try. Most encryption is outside our ability to easily crack it without some social engineering and password guessing. The best way to beat encryption is to get the data before it’s encrypted or after it’s decrypted. The FBI’s looking at this all wrong, or, rather, they hope you look at it all wrong. They want you to think there are no other solutions so you pressure Apple to hand over the power.

Fortunately, looking at the tech blogs covering the story, no one in the industry is fooled. Hopefully you aren’t either.


Sources:
Exit mobile version