We discussed very often of the difficulties of the law enforcement in conducting investigations when suspects used devices that make use of encryption, the case that we are going to analyze is emblematic.
Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to Syed Farook, one of the San Bernardino shooters in California.
The smartphone belonged to Syed Farook, who with his wife Tashfeen Malik killed 14 coworkers on December 2, 2015. Police intervened but failed to capture them alive because they died in a shootout with agents.
The agents seized the Syed’s smartphone, an iPhone 5C, but they were not able to access it because it is protected by a password. The authorities requested support to Apple with a court order issued by the US magistrate Sheri Pym.
After 10 wrong guesses, the iOS locks up requiring a sync with iTunes to restore, or automatically wipes the handset’s data, depending on the user settings.
The magistrate Sheri Pym is requesting Apple to find a way to supply software that prevents the phone from automatically wipe data when too many attempts fail. In this way, the police is free to run a brute-force attack to guess the PIN and overwhelm the security feature.
Be aware, the magistrate hasn’t requested apple to crack its encryption, instead, it demands a tool to bypass the security mechanism.
“It’s technically possible for Apple to hack a device’s PIN, wipe, and other functions. Question is can they be legally forced to hack,” stweeted Forensic scientist Jonathan Ździarski.
“Theory: either NSA/CIA dragnet and cryptanalysis capabilities are severely limited, or this is a test case to see how the courts respond.”
Judge Pym is requesting a software update working only on the Farook’s iPhone and running only on government or Apple property.
At this point Apple has two options, demonstrate that it cannot technically comply with the order or provide the requested software.
There is no such time, Apple has five days!
[adrotate banner=”9″]
(Security Affairs – San Bernardino tragedy, iPhone encryption)
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.