Strategic Communications and Marketing News Bureau

Can the FBI hack the iPhone?

A federal court on Feb. 16 ordered technology company Apple to help the Federal Bureau of Investigation gain access to an iPhone used by Syed Farook, one of the shooters in the attack in San Bernardino, California, in December 2015. Apple has resisted the order, saying the phone’s operating system does not have a “back door” to allow access without the user’s password. In an interview with News Bureau physical sciences editor Liz Ahlberg, University of Illinois computer science professor Roy H. Campbell, an expert in data encryption and security, discussed the technical issues involved in the case and why the phone has proved so challenging for investigators.

Why has the FBI not been able to access the data on the iPhone in question? What kinds of security or encryption protocols are they trying to circumvent? 

The iPhone data content is stored using encryption. The encryption key is used in combination with a password lock to make it difficult for hackers to steal the encryption key and access the contents of an iPhone. This is a best-practices approach for privacy and security, and is a response to the millions of dollars and information that have been stolen by hackers in recent years. To make the security even more hackerproof, only a few attempts at inputting a password are allowed before the cell phone permanently locks. This permanent lock is what the FBI is trying to work around.

What kind of software would Apple need to create to override these security measures?

Apple says it would need to create a new operating system. Basically, if the iPhone is set up for automatic downloads of updates, it could be given an OS update that allows the FBI to use a common password-cracking program to rapidly enter a large number of passwords. With a password of limited length, the password could be guessed in a short time period, from hours to months.  

The documents from Apple seem to suggest that the FBI also wants to be able to enter a password electronically to make the password cracker more efficient. This would allow hackers trying to break into an iPhone easy automation that would also help reduce the time needed.

Would such a tool be able to unlock any iPhone? Is it possible to make a tool to unlock only one specific iPhone, as the FBI claims? 

All iPhones of a particular generation are essentially built from identical components, so if it is possible to circumvent the limit on password attempts on one phone, the software could be modified easily to work with any other phone of that generation – perhaps all generations. Password cracking works well on any passwords of limited length and is a classical hacking tool. Entering the password electronically might allow the password to be entered by network, Bluetooth or Apple iPhone connector.

Keeping a hack like this secret is a very difficult problem and Apple feels it is clearly impractical. Hackers can use extremely sophisticated measures – including bribery and corruption – to acquire software code. Foreign governments and crime syndicates can have powerful security IT expertise. In general, this is not a solvable problem. If there is a leak, Apple might be liable for having created the codes in the first place. In addition, whatever Apple provides the U.S. government would need to be made available to foreign governments to prevent possible boycotting of iPhone products.  

Why does the FBI need to get into the phone itself? Could they access the data in other ways – phone records, social media and email accounts, iCloud or others?

Yes, they could have. According to Apple, after the FBI acquired the phone, the iCloud backup mechanism for the phone was defeated by changing the iCloud password. Had the FBI not done so, Apple would have access to the backup files for the phone stored on the iCloud, which would have allowed it – and the FBI via warrant – to eventually access most of the data on the phone. 

Phones store pictures, documents, encryption keys, calendars, videos, music, books, bank account URLs and account information, and also permit access to banking, social networks and valuable personal information. The phone keeps a log of activities and would possibly have a log of location coordinates. Stolen phone data can be used for theft of money or information, for intimidation, blackmail or many other illegal activities.

Could the agency providing the phone to the user provide contingency access to the phone, should the user not be available? Yes, there is software to do this, but it wasn’t installed on the phone in question.

 

To contact Roy H. Campbell, call 217-333-0215; email rhc@illinois.edu.

Read Next

Arts Diptych image of the book cover of "Natural Attachments" and a portrait of Pollyanna Rhee standing in front of greenery.

Book explores how ‘domestication’ of environmentalism limits who it protects

CHAMPAIGN, Ill. — The response to a 1969 oil spill off the coast of Santa Barbara, California, reveals how the modern environmental movement has been used to protect the interests of private homeowners, said a University of Illinois Urbana-Champaign researcher. Landscape architecture professor Pollyanna Rhee chronicled how affluent homeowners use what she calls “ownership environmentalism” […]

Agriculture Graduate student Andrea Jimena Valdés-Alvarado, left, and food science professor Elvira Gonzalez de Mejia standing in the Edward R. Madigan Laboratory holding samples of the legume pulses they used in the study.

Fermenting legume pulses boosts their antidiabetic, antioxidant properties

CHAMPAIGN, Ill. — Food scientists at the University of Illinois Urbana-Champaign identified the optimal fermentation conditions for pulses ― the dried edible seeds of legumes ― that increased their antioxidant and antidiabetic properties and their soluble protein content. Using the bacteria Lactiplantibacillus plantarum 299v as the microorganism, the team fermented pulses obtained from varying concentrations […]

Expert viewpoints Ukraine’s daring drone attack deep within Russia is significant but not war-redefining, and may hinder U.S. efforts to end the war, says University of Illinois Urbana-Champaign political science professor and international relations expert Nicholas Grossman.

Does Ukraine drone attack inside Russia augur new era of asymmetric warfare?

Champaign, Ill. — University of Illinois Urbana-Champaign political science professor Nicholas Grossman is the author of “Drones and Terrorism: Asymmetric Warfare and the Threat to Global Security” and specializes in international relations. Grossman spoke with News Bureau business and law editor Phil Ciciora about “Operation Spiderweb,” Ukraine’s expertly plotted drone attack inside the Russian mainland. […]

Strategic Communications and Marketing News Bureau

507 E. Green St
MC-426
Champaign, IL 61820

Email: stratcom@illinois.edu

Phone (217) 333-5010