If a federal agency discovers flaws in a company’s security, government policy is to disclose that information so the company can provide a fix. That’s thanks to a White House review group formed not too long ago during the Obama administration.
With the FBI recently discovering a new method — thanks to a third-party — on how to crack into the iPhone in the San Bernardino mass shooting case, you would think, under this policy, that the agency would disclose the technique to Apple. The Cupertino company has also said that it would like to know how the FBI cracked the device.
But the director of national security said in 2014 that the review group would only disclose the information “unless there is a clear national security or law enforcement need,” according to Reuters. What’s more is that security experts say the FBI could avoid the need for a review, as it reportedly used a contractor’s technology to crack into the iPhone.
There aren’t set rules for the review group as well, according to the Michael Daniel, a cybersecurity coordinator and special assistant to the president.
“There are no hard and fast rules,” Daniel said in a blog post discussing the NSA’s disclosure of the Heartbleed security bug in 2014, and he referred to the review group. It’s still likely the group could also move in Apple’s favor, though many security experts seem to be skeptical, according to Reuters.
It’s not hopeless for Apple, as the company is seeking to learn the technique through legal discovery in an unrelated, but similar, New York iPhone case. The Department of Justice requested a court order to force Apple to provide a backdoor into an iPhone related to a Brooklyn drug case, and Apple is trying to have the FBI show and use the same method it used to unlock the San Bernardino shooter’s iPhone.
Meanwhile, cybersecurity expert John McAfee claims the FBI has known about the method all along, thanks to a contract it made with Israeli security firm Cellebrite in 2013. Cellebrite is the leading contender for the FBI’s “third-party,” ever since an Israeli newspaper linked the two together earlier in March.
Cellebrite was reportedly confirmed as the third-party by sources close to the matter, according to several media outlets like CNN Money and Bloomberg. But McAfee wouldn’t say how he knew this information, according to Forbes.
The cybersecurity “legend” also previously claimed that he could unlock the iPhone for the FBI, taking the burden off of Apple’s hands. Now he says the FBI knew of Cellebrite’s UFED Touch technology all along, and only wanted to set a legal precedent in court.
It’s not a new claim, as Fight for the Future and many others have previously stated:
“Consensus among credible technical experts has always been that there were multiple ways the FBI could attempt to bypass the phone’s security, and that the government’s goal in its legal fight with Apple was not to access the data on the phone but rather to set a precedent to compel private companies to build backdoors into their products,” the advocacy group said in a blog post.
“The government’s goal in its legal fight with Apple was not to access the data on the phone but rather to set a precedent.”
UFED Touch is a product, created by Cellebrite, that can extract data from a mobile device.
“With its intuitive GUI and easy-to-use touch screen, the UFED Touch enables physical, file system, and logical extractions of all data and passwords, included [sic] deleted data, from the widest range of mobile devices,” according to Cellebrite’s website.
We reached out to Cellebrite before, and the company said it is unable to provide comment.