Security expert implores FBI to share iPhone 5c hacking tool with Apple

Foremost iOS digital forensics expert, Jonathan Zdziarski, has written and posted an open letter to FBI Director James Comey, explaining why he thinks it is a mistake to keep secret the tool used to hack the San Bernardino terrorist's iPhone.

On March 21, the day Apple unveiled the iPhone SE and Tim Cook stood on stage talking about how he "didn't expect to be in this position," the FBI acknowledged that it had found a way into Syed Farook's iPhone 5c. Zdziarski notes that keeping the tool a secret from Apple — even though Comey said it wasn't capable of cracking into newer versions of the iPhone — is a mistake. He writes:

I am glad that you were able to find a private company to provide material assistance, rather than the alternative – Apple being compelled to redesign their operating system. I do understand, however, that this issue is likely to be raised again with Apple.[Keeping] an exploit secret is not possible, no matter how good an agency or corporation may be at keeping secrets – because an exploit is merely a dotted line on a blueprint. The same is true of the software the FBI was trying to compel Apple to create. The FBI argued that Apple could contain such a technology, using a digital leash, however it is the mere existence of a vulnerable design (and subsequent software mechanisms to disable security), and not the leash, that pose the greatest technological risk.

He says that Apple knew its phones were vulnerable to tools such as the one used to get into the iPhone 5c, which is why, with the iPhone 5s, it introduced a Secure Enclave:

To use a less technical analogy, consider a home alarm system. There is no question that many savvy thieves know how to disable one of these, and all of them know to attack the alarm box: the central security mechanism. A key protects this box; much like Apple's code signing protects code execution. As you can imagine, picking Apple's code signing has historically been as easy as picking the lock on this alarm box, and the FBI's new exploit is likely just one more proof of that. What the tool doesn't have, however, and why the tool doesn't work on newer devices, is a conduit into the alarm box on newer devices (the Secure Enclave) to disable the security inside of it. Apple's alarm box is buried under six feet of concrete, to prevent the common thief from being able to simply shut the alarm off.

He concludes that it is important to share this information with Apple itself:

Given that it's only a matter of time before a criminal finds the blueprint to this vulnerability, I urge you to consider briefing Apple of the tool and techniques used to access Syed Farook's device.

Daniel Bader

Daniel Bader is a Senior Editor at iMore, offering his Canadian analysis on Apple and its awesome products. In addition to writing and producing, Daniel regularly appears on Canadian networks CBC and CTV as a technology analyst.

Latest in iPhone 5C
iPhone 5c lineup
The iPhone 5c is now officially a vintage Apple product
iPhone 5c lineup
Leaked internal memo reveals iPhone 5c will become vintage on October 31
Security expert implores FBI to share iPhone 5c hacking tool with Apple
iPhone 5c
How to fix a broken headphone jack in your iPhone 5c
5C repair
How to fix the Lightning connector on your iPhone 5c
How to fix a blown loudspeaker in an iPhone 5c
Latest in News
iMore Logo
One more thing… Goodbye from iMore
Jony Ive
Jony Ive’s OpenAI hardware device could be his next world-changing design
NEBULA Cosmos 4K SE with Apple TV
This new 4K projector is tempting me to replace my LG C2 TV, just so I can watch Slow Horses on a 200-inch display
VisionOS 2 app reorganization
visionOS 2 is the first major software update for Apple Vision Pro, and now it's available
macOS Sequoia
macOS Sequoia (version 15) is now available for your Mac with some big upgrades
watchOS 11
watchOS 11 is now rolling out to all Apple Watch users with the Series 6 or newer