JRB - Fotolia

FBI briefs senators drafting anti-encryption bill on iPhone hack

US senators drafting a bill aimed at limiting encryption on consumer devices are being briefed on how the FBI hacked into the San Bernardino gunman’s iPhone

The FBI is briefing US senators drafting an anti-encryption bill on how it bypassed security on the San Bernardino gunman’s iPhone to access data on the device.

The FBI has briefed Democrat senator Diane Feinstein, with Republican senator Richard Burr expected to be briefed soon, according to the National Journal.  

However, there is still no indication on whether the FBI will share the same information with Apple, which is keen to ensure the best protection for iPhone users.

Feinstein and Burr are reportedly drafting a bill aimed at limiting the use of encryption on consumer technology and will require tech firms such as Apple to help law enforcement access encrypted data.

The FBI recently avoided a courtroom showdown with Apple by calling in the help of a third party when Apple refused to help access the iPhone data of San Bernardino gunman Syed Farook.

The case has fuelled debate over encryption and privacy, and prompted big US technology companies such as Google, Microsoft and Facebook to come out in support of Apple.

The iPhone had been issued to Farook by his employer, the country health department, and was found a day after Farook and his wife died in a gun battle with police after killing 14 people.

Tool used to access iPhone’s data

FBI director James Comey shed some more light on how Farook’s iPhone security was bypassed in a speech at Kenyon College in Ohio.

He said the FBI had purchased a tool to access the data and that he had a “high degree of confidence” that the suppliers of the tool are very good at protecting it, reports Fox News.

Comey also said the tool works only on an iPhone 5C, as used by Farook, and no other versions of the Apple smartphone.

The tool is believed to have enabled the FBI to bypass the iPhone security feature that prevents more than 10 attempts to enter the correct passcode and increases time delays between attempts.

Comey is on record as saying that, without those features, the FBI could break into the phone in 26 minutes.

Sharing information

A senior FBI official told The Wall Street Journal on 5 April 2016 that investigators are still analysing the phone and a decision on sharing their findings will be made after the analysis is complete

Apple, backed by other tech firms and privacy groups, has called on the FBI to share details on how it unlocked Farook’s iPhone without knowing its passcode.

It had hoped that the FBI could be compelled to reveal how it accessed the iPhone data by a new government policy. The policy says that a federal agency will disclose information if it discovers flaws in a company’s security so the company can provide a fix.

But that hope is reportedly fading now in the light of the fact that the FBI claims to have purchased a tool for the job, rather than exploiting any vulnerability.

Read more about encryption

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Well, the "tool" employed by the FBI to gain access to the iPhone in question likely came from the Israeli government.

Senators Feinstein and Burr are hoping this escapade by the FBI will bolster their chances of trampling on the rights of U.S. citizens to use strong encryption to protect their information.

We've been through this political fight before in the 1990s to establish the use of encryption over government objections. You should remember that encryption was once regarded as secret military technology. Both the U.S. and England used their ability to decode German and Japanese military codes in WWII.
Cancel
This will continue to be a battle. At what point will people say enough. How much personal info are they willing to provide to insure their safety? I think a lot of the flack on security may come from people doing suspicious or illegal activity as well as corporations looking to protect trade/business secrets. Some are warranted. Yes, if Coke is e-mailing their recipe , they want encryption and know it's secure. If a company was selling tainted or harmful products to the population, I think consumers have the right to know. How would they if it's encrypted and protected??  We can't have it both ways.
Cancel
Covering your eyes and saying "please don't" is not going to keep people from doing something they are not supposed to. Not being allowed to encrypt these devices so that they can spy on citizens more is not only unconstitutional, but irresponsible. Do you know how much personal and PII data people put on their phones that would be at risk? Not to mention, companies with BYOD policies are also putting corporate secrets at risk.
Cancel
Listen up..... the legislation congress is working on in no way allows Law Enforcement to bypass legal steps in the process of accessing just any or even all iDevice user's personal data.

It is heavily targeting only those iPhones used in the commision of criminal acts or have been used/owned/etc by criminals while committing crimes!!!

It's therefore Apple's fault for making this all out to more than it really is. By claiming to not know the device encryption keys for local access, they are creating the illusion that they do not have any access whatsoever and that's the biggest FATTEST LIE...... EVER!!!

Apple has always used their own Encryption Servers for online Remote Accesss to all devices running inside their own encrypted Garden Walled Network.

It's like a VPN.... or Encrypted Hyper Tunneled Network! People will still always have on ramp and off ramps for on and off the Web too!!!
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close