After the FBI announced on March 28 that it did not need Apple’s assistance to unlock an encrypted phone, it seems like the Cupertino based company is the one who needs help now.
The FBI was in a legal dispute with Apple after it refused to unlock an iPhone belonging to one of the San Bernardino shooters, Syed Farook, who, along with his wife, Tashfeen Malik, killed 14 people in December.
The hacking of the phone revealed to consumers that they can’t keep the government out of even an encrypted device that U.S. officials had claimed was impossible to break into.
Although the FBI said they were able to crack into the phone, they did not say how, which has Apple software engineers and other experts wondering how they did it. It has also complicated the company’s job repairing flaws that threaten its software.
CEO Tim Cook had said after the hack in a statement that the company is constantly trying to improve security for its users.
However, a few clues have come to light regarding the hack.
A senior law enforcement official, who spoke under the condition of anonymity, said that authorities were able to defeat an Apple security feature that threatened to delete the contents in the phone if the FBI failed to enter the correct passcode combination after 10 guesses.
That allowed officials to repeatedly and continuously test passcodes, known as a brute-force attack, until the right code was entered.
It is still unknown how authorities dealt with a related Apple security feature that increases time delays between tries.
The iPhone can be hacked in only 26 minutes when those features are removed, said FBI Director James Comey.
The hacking of the device puts Apple in a bad position, since security researchers always work cooperatively and confidentially with software manufacturers before disclosing that a product might be vulnerable to hackers.
The aim is to make sure that customers stay as safe online as possible and prevent premature disclosures that might damage a U.S. company or the economy.
Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, said keeping details secret about a vulnerability affecting millions of iPhone users “is exactly opposite the disclosure practices of the security research community. The FBI and Apple have a common goal here: to keep people safe and secure. This is the FBI prioritizing an investigation over the interests of hundreds of millions of people worldwide.”
Others also agree that officials should reveal the flaw in devices and that Apple needs to be quick in fixing it.
“One way or another, Apple needs to figure out the details,” said product counsel at security software maker AVG Technologies Justin Olsson to the Los Angeles Times.
“The responsible thing for the government to do is privately disclose the vulnerability to Apple so they can continue hardening security on their devices,” he added.
“Apple is a business, and it has to earn the trust of its customers,” said chief executive of the tech security company Synack and a former National Security Agency analyst, Jay Kaplan, to the New York Times.
“It needs to be perceived as having something that can fix this vulnerability as soon as possible,” he continued.
The Associated Press contributed to this report.