Should Apple Unlock Terrorist's Phone? Listeners' Questions Answered
RENEE MONTAGNE, HOST:
There's been a surprising development in the standoff between Apple and the FBI over the company's refusal to help unlock an iPhone used by one of the San Bernardino attackers. Just a day before the parties were expected to face off in front of a judge here in California, the FBI said there may be another way to get inside the phone that does not require Apple's help. Before this twist, we had asked you, listeners, what questions you have about this story. NPR's tech blogger Alina Selyukh read them and joins us now to talk about what she found.
ALINA SELYUKH, BYLINE: Good morning.
MONTAGNE: First of all, give us a quick update. What is this new tool that the FBI is testing?
SELYUKH: Well, we still don't have any details, and it is quite possible that the government could try to keep the details classified. We got more than a hundred messages from our listeners, and this was one of the most common questions we heard - does getting inside the iPhone have to require Apple to write some kind of special software?
MONTAGNE: Well, given this latest development, can we safely say that in fact it does not require Apple to write some special software?
SELYUKH: So to quote one iPhone forensics researcher interviewed, "we don't know that it's 100 percent doable, but we know it's promising enough to get the FBI to start testing this third-party method."
MONTAGNE: Do we have any idea, Alina, what this alternative method is?
SELYUKH: One bit of speculation that I've heard - and to be clear, this is pure speculation - there is something called memory chip cloning or mirroring. It involves de-soldering the memory chip and copying all of its information onto a similar chip, and that sort of lets you reset the phone when you get close to too many failed passcode attempts so you don't wipe out the data. And another theory is that the FBI is exploiting some kind of obscure flaw in the security of the iPhone's software.
MONTAGNE: OK, when using obscure flaw, would that mean that Apple itself may not even know about it?
SELYUKH: Yes, and that would be a major reason why the FBI may try to keep this tool secret so that they could keep using it again in other investigations.
MONTAGNE: What is Apple saying about this newest development?
SELYUKH: As you can imagine, Apple lawyers, of course, are saying that the government should reveal this third-party tool. A lot of folks asked sort of why can't Apple have just written the software for this one phone, got the data out of it, shared it with the government but then kept the software itself safe and secret? One person said, like Coca-Cola has guarded its recipe.
MONTAGNE: I mean, really, is Coca-Cola any kind of reasonable comparison?
SELYUKH: You know, a lot of people assume that Coca-Cola has the recipe that's safe in a vault, but that actually hasn't stopped a lot of people from trying to reverse-engineer it. And similarly, this was Apple's major concern about producing some kind of software to bypass iPhone security features. And the security experts I polled agreed that once that software exists, especially as part of a legal process where lots of details do get shared, the risks of it being exposed really go up.
MONTAGNE: So now that the FBI is apparently finding its own way in, does it mean the security on all of the iPhones we own so far is weaker than we thought?
SELYUKH: Researchers already do regularly find vulnerabilities in Apple products and then Apple fixes them. So it's a constant arms race as it is. One advantage that the FBI has here is they've got the actual phones so if they're doing something involving the hardware inside this phone, that would be hard for some bad guy to do on a mass scale. If the FBI's new tool is exploiting a software weakness, that could be a higher level of vulnerability, though, if the flaw does get out, presumably Apple would patch it quickly.
MONTAGNE: Well, thank you very much.
SELYUKH: Thank you.
MONTAGNE: Alina Selyukh is NPR's tech blogger.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.