So it seems the government was able to get into San Bernardino terrorist Syed Farook’s iPhone without Apple’s assistance, and has now moved to vacate the order compelling Apple’s assistance.
So now what happens to all the District Attorneys around the country who have iPhones they can’t crack? Will DOJ share the method with them? Or will they seek similar order compelling assistance under All Writs?
And what will Apple do now that it knows that their security was cracked – possibly by an an Israeli intel firm?
Update: Andrew Crocker of EFF addressed the question of whether the government will inform Apple of the vulnerability/method:
In addition, this new method of accessing the phone raises questions about the government’s apparent use of security vulnerabilities in iOS and whether it will inform Apple about these vulnerabilities. As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability. Thanks to a lawsuit by EFF, the government has released its official policy for determining when to disclose security vulnerabilities, the Vulnerabilities Equities Process (VEP).
If the FBI used a vulnerability to get into the iPhone in the San Bernardino case, the VEP must apply, meaning that there should be a very strong bias in favor of informing Apple of the vulnerability.
This blogger is not holding her breath that that will happen, but I’d love to be wrong on this one.