Encryption & Key Management , Endpoint Security , Enterprise Mobility Management / BYOD

FBI Asks Apple for Access to Saudi Shooter's iPhones

Request Echoes 2016 Legal Standoff Between Apple and the FBI
FBI Asks Apple for Access to Saudi Shooter's iPhones

The FBI has sent a letter to Apple asking for help in accessing encrypted data stored on two iPhones belonging to a deceased shooter. The bureau's request comes as some U.S. government officials have once again started claiming that strong, unbreakable encryption poses a "going dark" threat to public safety.

See Also: Webinar | Identity Crisis: How to Combat Session Hijacking and Credential Theft with MDR

NBC News reports that the FBI has obtained search warrants to inspect the phones of Second Lt. Mohammed Saeed Alshamrani of the Saudi Royal Air Force.

Alshamrani, who was training at Naval Air Station Pensacola in Florida, killed three people and injured eight with a handgun on Dec. 6, 2019, at the base. He was shot and killed by police during the incident.

The FBI has told Apple that Alshamrani's devices are encrypted and that efforts to guess his passwords have been unsuccessful, NBC News reports. The bureau also says that one the shooter's phones has damage from a bullet, after Alshamrani apparently shot it, NBC reports.

The FBI confirmed to Information Security Media Group that it sent a letter to Apple but declined to comment further.

Apple says it has been working with the FBI. “We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations," Apple says in a statement. "When the FBI requested information from us relating to this case a month ago, we gave them all of the data in our possession and we will continue to support them with the data we have available.”

Encryption Battle Redux?

The FBI’s letter means that Apple may be once against drawn into a fight over encryption.

Software and device manufacturers over the last several years, driven in part by former National Security Agency contractor Edward Snowden's leaks, have sought to make data - both at rest and in transit - more secure by using strong, impossible to breach encryption schemes.

But the FBI’s letter so far marks a softer approach than in 2016, when it went to federal court in an attempt to access encrypted data from an iPhone 5C. The phone belonged to one of the perpetrators of a December 2015 mass shooting in San Bernardino, California (see: Apple, FBI Draw Lines in Crypto Battle).

In that case, a federal judge ordered Apple to disable the phone’s security. That order likely would have meant Apple would have had to create an iOS software update, that, if leaked, could have disabled the security features for any iPhone. Apple CEO Tim Cook said developing such software was equivalent to asking the company to hack its own users (see: Apple Blasts Judge's iPhone Backdoor Order).

"When the FBI requested information from us relating to this case a month ago, we gave them all of the data in our possession and we will continue to support them with the data we have available.”
—Apple

Apple fought the judge's order. But the FBI abruptly dropped its legal action after it successfully used a tool from a vendor that offers the ability to crack phone encryption. Left unanswered, as a result, was whether a court could order a company to undermine its own encryption, which the technology industry continues to fiercely oppose.

In the case of Alshamrani's devices, The New York Times reports that the FBI has checked with U.S. government agencies and allies to see if they could crack the phone, but has so far come up empty. Several companies, however, specialize in developing tools for breaking into mobile devices without a passcode.

One such tool is GrayKey, from the Atlanta-based company GrayShift, which Forbes reports may be able to crack iOS 13, which is the latest version of Apple's mobile operating system. A search warrant filed in Ohio in October 2019 indicated that law enforcement was able to get some forensic data from what appeared - in a photograph - to be either an iPhone 11 Pro or an iPhone 11 Pro Max, Forbes reports.

Tools such as GrayKey demonstrate how Apple remains in a constant cat-and-mouse game with hardware hackers and phone decryption firms. The technology giant typically moves rapidly to fix software and hardware flaws that may be - or have been - used by cracking companies to unlock phones.

But another option for law enforcement would be to look instead to the cloud and obtain iCloud backups for the shooter's devices. Via iCloud, iOS device users can back up device data, and that data is legally accessible to law enforcement. But such an approach only works if an individual has chosen to use iCloud backups.

Apple’s statement indicates it has already turned over data it could access, which could indicate that it has shared any data that Alshamrani stored in iCloud. But the FBI’s letter suggests that what it has received so far is inadequate.

'Going Dark' Debate Continues

The U.S. has not passed any legislation that would compel technology companies to break their own encryption. But the Trump administration has been weighing the pursuit of new laws that would outlaw strong encryption. U.S. Attorney General William Barr and Senate Judiciary Committee Chair Lindsey Graham, among others, have also repeatedly warned that encryption poses a risk to public safety by making it more difficult for law enforcement agencies to do their jobs (see: Attorney General Barr Argues for Access to Encrypted Content).

But numerous information security experts continue to warn that strong encryption protects public safety, and that without it, individuals would be at increased risk of having their personal information and data - including banking details - stolen by cybercrime gangs, unfriendly nation-states or any other malicious actors. In addition, while strong encryption might make law enforcement investigations more difficult, many times there are other ways to get data, they say.

“The importance of strong encryption and VPNs for our mobile workforce is imperative,” Defense Department CIO Dana Deasy wrote to Graham last month, Vice reports.

Even so, some U.S. allies, including the U.K. and Australia, continue to view strong encryption with concern. The U.K. has legal instruments that the government can use to require technology companies to secretly give it access to data or systems, although the law stops short of mandating that organizations include the ability to break encryption in any system they build.

Australia, however, in December 2018 passed a contentious anti-encryption law that can force companies to create a new technical way to get into a device. The government has claimed that such an order would not amount to a “backdoor” (see: Australia Passes Encryption-Busting Law).

The law has drawn substantial criticism from technology companies and civil liberties advocates, who contend that it has created a dangerous precedent that could put all users of a particular system at risk. After the law was passed, the government vowed to revisit and possibly revise it. But one year later, the law remains unmodified.

Australian companies have said the law has affected their international business, with clients spooked by possible secret government data requests.

Executive Editor Mathew Schwartz contributed to this report.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.