Apple's ongoing feud with the US government revolves around one fundamental problem: how to unlock an iPhone 5C used by one of the San Bernardino terrorists.
The FBI is demanding Apple build custom software to break into the phone, one that bypasses its security protocols so the agency can access its data without triggering the automatic erase function, due to repeated failed passcode attempts.
This software doesn't exist, Apple says, and if it did, it would be a decryption tool with potentially devastating consequences. The company is settling in for what will likely be a protracted legal battle, while the FBI wants to move expeditiously. It's not sure what information is on the phone, but it can't know for sure until it gets into the device.
But is Apple really the FBI's only option to crack the iPhone? Does it have other avenues and tools it could use to unlock the device without engaging in a legal slugfest with Apple, one it could end up losing anyway?
In other words, does it even need Apple now?
The 'easiest' option
I spoke with Jon Case, a mobile device security researcher who works for a security firm he couldn't name, about what the FBI's options are if Apple doesn't build the custom software.
Case is not an iOS expert, though he recognizes the iPhone as "probably one of the more secure devices out there."
As he sees it, the FBI has three options. The first is signed firmware from Apple to access the phone by brute force (trying many passcodes until one works), which is precisely what the FBI is asking for now. There's a reason why.
"Getting Apple to create a custom image is absolutely going to be the easiest and most foolproof route," Case says. "Third-party forensic software may or may not work, and it may or may not cause loss of data."
Of course, an arduous legal battle that could go to the US Supreme Court is arguably not the easiest option for the FBI in the long run, but Case says assuming that no one else has built the software, it's the easiest at the moment.
Build a bug
The second option is "a custom-made utility that can brute force without wiping" the phone, possible with a bootrom or iboot exploit.
As Case describes it, this would take advantage of a vulnerability "super early" in the boot process, but it would likely have to be done with a bug created by the FBI, or someone else.
"Say they find a bug in how the code boots, a bug that lets you enter your own code," he says. "If you have code in one of the early boot runners, it's very possible for them to make their own software without having Apple find it."
Sounds easy, but again, the bug would have to be created, and it would be extremely expensive to do so, Case says - somewhere in the high six- to seven-figure range.
What's more likely is that someone else would create it and come to the FBI with the bug, but it's "not something that would come up every day."
