Apple v. FBI Simplified

There has been a lot of debate about Apple and the San Bernardino Terrorists iPhone, and if Apple should be forced to unlock the shooter’s iPhone. The SANS OrganizationĀ put out a deeply technical study of this issue and what capabilities there are. Here is a short summary in much simpler terms.

Apple v. FBI

A judge has ordered that Apple provide a way to unlock the shooter’s iPhone for the FBI. They are not necessarily being told they have to unlock the phone, just make it vulnerable so that the FBI has a chance to try to break the password. Apple’s CEO responded by stating that it will resist as much as possible.

What is it that Apple is being ordered to do?

iPhone’s have an option available to do a factory reset if the password or PIN code is entered incorrectly too many times. The FBI doesn’t know if this option is enabled or not on the shooter’s iPhone, and don’t want to take the chance. Apple has been ordered to send an “update” to the phone that will disable this security feature and allow the FBI to try every possible combination until they get in.

Will it really affect all iPhones?

That is what is really up for debate. Technically, yes, this code could be applied to any iPhone, but not necessarily will be applied to every iPhone.

What about iCloud?

There was an iCloud backup made about two months before the attack, but the FBI wants the most recent data. iCloud will automatically do a backup whenever the iOS device is connected to power and a known WiFi. So why didn’t the FBI just attach the iPhone to these two things? The FBI was afraid that other terrorists would have access to the iCloud account, so they had the AppleID Password changed. Now that the password has changed, the iPhone requires that the new password be entered into the phone in order to do an automatic update, and without knowing the PIN code to get into the phone, the new password can’t be entered, and an iCloud backup can’t be started.

Apple iPhones

What can typical forensics do?

If we have the password or PIN code, or if we have the AppleID and Password for the iCloud backup, we can recover deleted text messages, app data like KIK and Facebook Messager, as well as all kinds of other things. See our iPhone Forensics page for more details. Fill out the contact form or call usĀ if you want anything recovered from your iPhone, iPad, or iCloud Account.