Does the F.B.I. Need Apple to Hack Into iPhones?

There are tools to crack into the phones at the center of a new dispute over encryption. But the F.BI. says it still needs Apple’s aid.

Attorney General William P. Barr asked Apple to provide access to two phones used by a gunman.
Attorney General William P. Barr asked Apple to provide access to two phones used by a gunman.Credit...Calla Kessler/The New York Times
Jack Nicas

That has been an awkward reality for Apple’s marketing team — and a big help for its colleagues in government relations. Software flaws have for years alleviated Apple’s dispute with law enforcement over encryption, giving the police access to criminals’ iPhones and Apple a convenient excuse that it didn’t help.

Now the F.B.I. says tools for cracking into iPhones are failing for two older devices connected to the recent shooting at a naval base in Pensacola, Fla., though the bureau won’t say why.

Some members of the Apple team working on the issue are frustrated that the F.B.I. hasn’t tried to crack the phone for long enough, according to our article. And security researchers are also confused about why the F.B.I. can’t find a way in without Apple.

“All the tools they have work, they have a network of vendors capable of assisting them, and all the phones are old — they’re a solved problem,” Dan Guido, head of Trail of Bits, an iPhone security research firm, said of the F.B.I. “That all makes me really surprised they need Apple to get into the phone.”

Whether this latest clash evolves into a legal test case that sets a new precedent on government access to private devices will largely hinge on whether Apple is truly the only way to gain entry to the phones. So let’s dig in.

The phones at the center of the dispute are an iPhone 5 and an iPhone 7 Plus. Those phones were released in 2012 and 2016, and they lack Apple’s most sophisticated software. Tools from at least two companies, Cellebrite and Grayshift, are able to break into those iPhone models, though they pose different challenges.

The iPhone 5 is the simpler of the two. It no longer supports the latest iPhone software, and it has effectively the same technology as the device in the 2016 clash between Apple and the F.B.I., an iPhone 5C. In that case, the dispute abruptly ended when a private company broke into the phone for the bureau.

The iPhone 7 Plus is tougher to hack. It has a special processor, called the Secure Enclave, designed to improve its security. But it is still part of a group of iPhone models that have a known, unresolvable flaw called Checkm8, said Jonathan Levin, an iPhone security consultant.

“We know exactly how to exploit it,” he said. “It’s so trivial.”

Tools like those from Cellebrite and Grayshift don’t actually break iPhones’ encryption; they guess the password. To do so, they exploit flaws in the software, like Checkm8, to remove the limit of 10 password attempts. (After about 10 failed attempts, an iPhone erases its data.) The tools then use a so-called brute-force attack, which automatically tries thousands of passcodes until one works.

That approach means the wild card in the Pensacola case is the length of the suspect’s passcode. If it’s six numbers — the default on iPhones — authorities almost certainly can break it. If it’s longer, it might be impossible.

A four-number passcode, the previous default length, would take on average about seven minutes to guess. If it’s six digits, it would take on average about 11 hours. Eight digits: 46 days. Ten digits: 12.5 years.

If the passcode uses both numbers and letters, there are far more possible passcodes — and thus cracking it takes much longer. A six-character alphanumeric passcode would take on average 72 years to guess.

It takes 80 milliseconds for an iPhone to compute each guess. While that may seem small, consider that software can theoretically try thousands of passcodes a second. With the delay, it can try only about 12 a second.

The Secure Enclave processor in the iPhone 7 Plus also adds additional delays between passcode attempts, which could make guessing even a four- or six-digit passcode take weeks. But researchers believe Cellebrite and Grayshift have figured out how to disable that delay, because their tools routinely hack into newer phones with the feature.

“He might have just picked a good passcode,” Matthew D. Green, a cryptography professor at Johns Hopkins University, said of the Pensacola gunman. “He did seem to know he was about to commit a serious terrorist attack. It’s entirely possible he did his research and planned ahead.”

If that is the case, “that’s not a problem that Apple can help with,” said Mr. Guido, the iPhone security researcher. “It’s just something that’s going to take time to crack.”

The other possibility is that major physical damage to both iPhones could be stopping the third-party tools. The gunman shot the iPhone 7 Plus once and tried to break the iPhone 5. The F.B.I. said it had repaired the devices in a lab so they were “operational,” but the bureau then couldn’t unlock them.

If the damage affected parts of the phone that enabled the third-party tools to hack into the device — or even the phone’s memory itself — it may be impossible for Apple to get in, even under a court order, some researchers said.

Chris Betz, a former Apple security engineer who is now the chief security officer for the technology company CenturyLink, said Apple had for years tried to design its phones in a way that even it couldn’t hack into them without the passcode.

“I think the best capabilities that exist in the world to get in are those that the third-party vendors provide,” he said. “They’re well understood, there are a slew of them, they've been used in court recently. I can’t think of a way that Apple could get in that’s better.”

  • If you want more on this fight between Apple and the F.B.I., here’s our article on how Apple is cautiously responding to Washington.

  • My colleague Brian X. Chen had a piece explaining how you can take back control of your content in the age of streaming.

  • From Berlin, Katrin Bennhold and Jack Ewing wrote that as Germany decided whether to let Huawei build its 5G wireless infrastructure, China had immense leverage in the debate: It is one of the biggest buyers of German cars.

  • Here’s a helpful rundown of what’s in — and not in — the new trade deal between China and the United States, by Peter Eavis, Alan Rappeport and Ana Swanson.

  • And in The Washington Post, Drew Harwell discovered that doctored images weren’t just popular with propagandists and trolls. They are also increasingly used by political campaigns.

How are we doing?

We’d love your feedback on this newsletter. Please email thoughts and suggestions to

Like this email?

Forward it to your friends, and let them know they can sign up here.