Confirmed: FBI’s iPhone Unlocking Tool Does Not Work On iPhones With Touch ID
There’s been a huge amount of conjecture and discussion around the FBI’s method of accessing data on an iPhone in recent weeks. In fact, ever since the FBI officially moved to dismiss its legal pursuit of Apple, the speculation has been pretty much non-stop about the methods used to gain access to the iPhone 5c used in the San Bernardino shooting last year. Some of the speculation focused on whether or not the method of intrusion could be used on Apple’s modern iPhones that feature an internal Secure Enclave, and now, FBI Director James Comey has confirmed in an interview that his agency’s method doesn’t work on Touch ID-compatible iPhones. What this essentially means is that iPhone 5s, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone SE and any other iOS device with Touch ID built right into it is safe from this method.
As well as confirming that the method used doesn’t physically work on Apple’s modern devices with a Secure Enclave built in by stating that it only works on a “narrow slice of phones”, FBI Director Comey also confirmed as part of the same interview that the Bureau had indeed purchased the method of access from a separate company.
Litigation between the government and Apple over the San Bernardino phone has ended, because the government has purchased, from a private party, a way to get into that phone, 5C, running iOS 9.
In addition to confirming that the tool was purchased by the government privately, as well as highlighting the limitations of said tool, Comey also went on record to state that the FBI knows “a fair amount” about the “private party” that sold the tool, and that he has “a high degree of confidence that they are very good at protecting it, and their motivations align with ours”.
The FBI clearly believes it has a more in-depth understanding of the party behind the sale of this tool than the public currently has, but the government law enforcement agency still remains in two minds about whether or not to share the exploit with Apple:
We tell Apple, then they’re going to fix it, then we’re back where we started from. We may end up there, we just haven’t decided yet.
The real crux of the reveal is that by confirming that the method of access only works on older devices that don’t contain Apple’s Secure Enclave engineering, the FBI has essentially unknowingly told Apple that there isn’t really an issue to fix. All future devices will ship with Touch ID, will therefore have the Secure Enclave built-in by default and will not be vulnerable to this purchased tool.