Some clarification is in order for the lead story I posted to yesterday’s news: The US Justice Department did indeed withdraw their legal action against Apple. However, they did so not because they suddenly came to understand the dangerous legal precedent they’d set by compromising Apple’s encryption, but because they found another way to defeat said encryption without Apple’s help. The USA Today headline has since been updated to reflect this.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple,” says the DOJ. iPhone users, do you feel safe about your personal data now?
The Intercept reports that Israeli security firm Cellebrite successfully defeated the “10 tries, then wipe” passcode security on the iPhone 5c in question, either through a software-based attack or by copying a chip on the phone to another device. This in itself raises an interesting issue for all parties involved; thanks to previous legal action by the Electronic Frontier Foundation, there is now an official government policy for disclosing security vulnerabilities. So will authorities disclose their iPhone security hack for the safety of iPhone users everywhere? Probably not. A spokesperson for the ACLU describes the policy as “a farce”.