We know now that the FBI was able to
gain access to an iPhone 5C belonging to the San Bernardino shooter thanks
to an outside security firm. What we don’t know is how it was done or even who
did it. We may never know, thanks to the nature of the agreement between
the FBI and the unnamed firm.
The government has what is known as the
Vulnerabilities Equities Process, which is used to evaluate whether security
flaws known by the government should be disclosed so they can be fixed. In this
case, the exploit used to bypass the PIN lock on the shooter’s iPhone 5C is considered
proprietary information by the company. Meaning, it’s not a publicly available
exploit. It was either discovered by the firm, or more likely purchased from
whoever uncovered it in the first place.
Having exclusive knowledge of an exploit
allows a company to build a tool for bypassing security features, a hot
commodity in law enforcement. These undisclosed exploits can sell for
thousands, or even millions of dollars. For its part, the FBI probably couldn’t
disclose the specifics of the hack even if it was permitted — it doesn’t know
anything about the process.
Apple has said it would be interested in
fixing the exploit, but it’s unlikely it affects newer iOS devices with
hardware security features. The FBI isn’t likely to do Apple any
favors even if it did have specifics. After getting a court order compelling
Apple to assist with unlocking the phone, the company decided to fight it out
in the courts. Virtually all tech firms rallied behind Apple, and the FBI
eventually dropped the case and sought outside help. And the end result?Nothing
significant has been found on the iPhone.
Digital and cellular forensics is much more than you may think. It requires a thorough understanding of investigative process, the law of evidence and of naturally the appropriate background to criminal and civil investigations. The forensic experts at DLA will follow the electronic trail to find the evidence that you need.
No comments:
Post a Comment