FBI Director James Comey says the tool his agents bought and used to unlock the San Bernardino killer's iPhone will only work on a "narrow slice" of phones.
On Wednesday, Comey gave a lecture at Ohio's Kenyon College's Center for the Study of American Democracy in which he said the exploit only works on iOS 9 iPhone 5Cs. Apple only sold 24 million of them. That narrow. The FBI boss wouldn't say where the tool came from.
Orilly? Glad to see you on the case with OPM, Scooter."The FBI is very good at keeping secrets," he said. "The people we bought this from – I know a fair amount about them and I have a high degree of confidence that they are very good at protecting it and that their motivations align with ours."
The 5C is the last of Apple's 32-bit smartphones (64-bit address spaces have stronger ASLR) and it doesn't have the Secure Enclave cryptographic coprocessor [PDF], which adds extra layers of protection mechanisms in hardware. Without 64-bit and the Secure Enclave, the 5C is theoretically easier to crack than other recent Apple models.
Computer forensics expert Jonathan Ździarski told The Register that is was highly unlikely that only the 5C was affected by the crack – older models are almost certainly vulnerable too, using the same technique, and newer iPhones could also be at risk.
And so what do we know about Director Comey's understanding of computer security? He thinks that you can keep something a secret once everyone knows that it can be done.While Ździarski said it was unlikely that the FBI had a working exploit for iPhone 5S and 6s, that still left around 24 million 5Cs and millions more older models crackable. Porting exploits to a 64-bit operating system isn't necessarily all that hard, Ździarski said, and simply admitting there was an exploit would galvanize security researchers to look for bugs.
And this is precisely why Apple refused to break their software for him.