It is difficult for the FBI to crack most smartphone encryption

Featured

It is difficult for the FBI to crack most smartphone encryption

The FBI is struggling to decode private messages on phones and other mobile devices that could contain key criminal evidence, and the agency failed to access data more than half of the times it tried during the last fiscal year, FBI Director Christopher Wray told House lawmakers.

Wray will testify at the House Judiciary Committee Thursday morning on the wide range of issues the FBI faces. One of the issues hurting the FBI, he said, is the ability of criminals to “go dark,” or hide evidence electronically from authorities.

“The rapid pace of advances in mobile and other communication technologies continues to present a significant challenge to conducting lawful court-ordered access to digital information or evidence,” he said in his prepared remarks to the committee. “Unfortunately, there is a real and growing gap between law enforcement’s legal authority to access digital information and its technical ability to do so.”

Wray said criminals and terrorists are increasingly using these technologies. He added that the Islamic State is reaching potential recruits through encrypted messaging, which are difficult for the FBI to crack.

“If we cannot access this evidence, it will have ongoing, significant effects on our ability to identify, stop, and prosecute these offenders,” he said.

He noted that in the last fiscal year, the FBI was unable to access data on about 7,800 mobile devices, even though they had the legal authority to try. He said that was a little more than half of the mobile devices the FBI tried to access in fiscal year 2017.

Wray said the FBI tries to develop workarounds to get at the data, but doesn’t always succeed.

Wray also made it clear that the FBI is not asking for more legal authority to access mobile devices, but said, without being specific, that new ways must be found to let the FBI access this data.

“When changes in technology hinder law enforcement’s ability to exercise investigative tools and follow critical leads, those changes also hinder efforts to identify and stop criminals or terrorists,” he said.

He added that the FBI is “actively engaged” with companies to discuss the problem that “going dark” has on law enforcement, and the agency is working with academics and technologists to find “solutions to this problem.”

Wray is likely to be questioned on a wide range of topics at Thursday’s hearing, including new complaints from Republicans that Wray and other Justice Department officials have ignored requests for information about their actions in the Russia election meddling probe.

Republicans this week started writing a contempt resolution against Wray and others after the Justice Department failed to answer questions from lawmakers about why a top FBI agent was removed from the Russia probe. It was later discovered that the agent sympathized with Hillary Clinton and opposed then-presidential candidate Donald Trump.

FBI couldn’t retrieve data from nearly 7000 mobile phones due to encryption

Featured

FBI couldn't retrieve data from nearly 7000 mobile phones due to encryption

The head of the FBI has reignited the debate about technology companies continuing to protect customer privacy despite law enforcement having a search warrant.

The FBI says it hasn’t been able to retrieve data from nearly 7000 mobile phones in less than one year, as the US agency turns up the heat on the ongoing debate between tech companies and law enforcement officials.

FBI Director Christopher Wray says in the first 11 months of the fiscal year, US federal agents were blocked from accessing the content of 6900 mobile phones.

“To put it mildly, this is a huge, huge problem,” Wray said in a speech on Sunday at the International Association of Chiefs of Police conference in Philadelphia.

“It impacts investigations across the board – narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organised crime, child exploitation.”

The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from mobile phones and other devices seized from suspects even if they have a warrant. Tech firms maintain they must protect their customers’ privacy.

In 2016 the debate was on show when the Justice Department tried to force Apple to unlock an encrypted mobile phone used by a gunman in a terrorist attack in San Bernardino, California. The department eventually relented after the FBI said it paid an unidentified vendor who provided a tool to unlock the phone and no longer needed Apple’s assistance, avoiding a court showdown.

The Justice Department under US President Donald Trump has suggested it will be aggressive in seeking access to encrypted information from technology companies. But in a recent speech, Deputy Attorney General Rod Rosenstein stopped short of saying exactly what action it might take.

FBI Chief Calls for National Talk Over Encryption vs. Safety

Featured

SAN FRANCISCO — The FBI’s director says the agency is collecting data that he will present next year in hopes of sparking a national conversation about law enforcement’s increasing inability to access encrypted electronic devices.

Speaking on Friday at the American Bar Association conference in San Francisco, James Comey says the agency was unable to access 650 of 5,000 electronic devices investigators attempted to search over the last 10 months.

FBI Chief Calls for National Talk Over Encryption vs. Safety

Comey says encryption technology makes it impossible in a growing number of cases to search electronic devices. He says it’s up to U.S. citizens to decide whether to modify the technology.

The FBI earlier this year engaged in a high-profile fight with Apple to access data from a locked iPhone used by a shooter in the San Bernardino, California, terrorist attack.

American ISIS Recruits Down, but Encryption Is Helping Terrorists’Online Efforts, Says FBI Director

Featured

American ISIS Recruits Down, but Encryption Is Helping Terrorists'Online Efforts, Says FBI Director

The number of Americans traveling to the Middle East to fight alongside Islamic State has dropped, but the terrorist group’s efforts to radicalize people online is getting a major boost from encryption technology, FBI Director James Comey said Wednesday.

Since August, just one American a month has traveled or attempted to travel to the Middle East to join the group, compared with around six to 10 a month in the preceding year and a half, Mr. Comey told reporters in a round table meeting at FBI headquarters.

However, federal authorities have their hands full trying to counter Islamic State’s social media appeal. Of around 1,000 open FBI investigations into people who may have been radicalized across the U.S., about 80% are related to Islamic State, Mr. Comey said.

The increasing use of encrypted communications is complicating law enforcement’s efforts to protect national security, said Mr. Comey, calling the technology a “huge feature of terrorist tradecraft.”

The FBI director cited Facebook Inc.’s WhatsApp texting service, which last month launched end-to-end encryption in which only the sender and receiver are able to read the contents of messages.

“WhatsApp has over a billion customers—overwhelmingly good people but in that billion customers are terrorists and criminals,” Mr. Comey said. He predicted an inevitable “collision” between law enforcement and technology companies offering such services.

Silicon Valley leaders argue that stronger encryption is necessary to protect consumers from a variety of threats.

“While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people’s information to abuse from cybercriminals, hackers and rogue states,” WhatsApp CEO Jan Koum wrote last month in a blog post accompanying the rollout of the stronger encryption technology. The company Wednesday declined to comment on Mr. Comey’s remarks.

The FBI also continues to face major challenges in unlocking phones used by criminals including terrorists, Mr. Comey said. Investigators have been unable to unlock around 500 of the 4,000 or so devices the FBI has examined in the first six month of this fiscal year, which began Oct. 1, he said.

“I expect that number just to grow as the prevalence of the technology grows with newer models,” Mr. Comey added.

A terrorist’s locked iPhone recently sparked a high-stakes legal battle between the Justice Department and Apple Inc.
After Syed Rizwan Farook and his wife killed 14 people and wounded 22 in a December shooting rampage in San Bernardino, Calif., FBI agents couldn’t unlock the phone of Mr. Farook—who, along with his wife, was killed later that day in a shootout with police.

The government tried to force Apple to write software to open the device, but the technology company resisted, saying that such an action could compromise the security of millions of other phones.

That court case came to an abrupt end in March, when the FBI said it no longer needed Apple’s help because an unidentified third party had shown it a way to bypass the phone’s security features.

FBI: Encryption increasing problem

Featured

FBI: Encryption increasing problem

The FBI is facing an increasing struggle to access readable information and evidence from digital devices because of default encryption, a senior FBI official told members of Congress at a hearing on digital encryption Tuesday.

Amy Hess said officials encountered passwords in 30 percent of the phones the FBI seized during investigations in the last six months, and investigators have had “no capability” to access information in about 13 percent of the cases.

“We have seen those numbers continue to increase, and clearly that presents us with a challenge,” said Hess, the executive assistant director of the FBI branch that oversees the development of surveillance technologies.

In her testimony to a subcommittee of the House Energy and Commerce Committee, Hess defended the Justice Department’s use of a still-unidentified third party to break into the locked iPhone used by one of the two San Bernardino, California, attackers. But she said the reliance on an outside entity represented just “one potential solution” and that there’s no “one-size-fits-all” approach for recovering evidence.

Representatives from local law enforcement agencies echoed Hess’s concerns. Thomas Galati, chief of the intelligence bureau at the New York Police Department, said officials there have been unable to break open 67 Apple devices for use in 44 different investigations of violent crime — including 10 homicide cases.

Still, despite anxieties over “going dark,” a February report from the Berkman Center for Internet and Society at Harvard University said the situation was not as dire as law enforcement had described and that investigators were not “headed to a future in which our ability to effectively surveil criminals and bad actors is impossible.”

The hearing comes amid an ongoing dispute between law enforcement and Silicon Valley about how to balance consumer privacy against the need for police and federal agents to recover communications and eavesdrop on suspected terrorists and criminals. The Senate is considering a bill that would effectively prohibit unbreakable encryption and require companies to help the government access data on a computer or mobile device when a warrant is issued. Bruce Sewell, Apple’s general counsel, touted the importance of encryption.

“The best way we, and the technology industry, know how to protect your information is through the use of strong encryption. Strong encryption is a good thing, a necessary thing. And the government agrees,” Sewell testified.

Apple, FBI set to resume encryption fight at House hearing

Featured

The encryption battle between Apple and the FBI is moving from the courtroom to Congress next week.

Representatives from the tech titan and the federal law enforcement agency are scheduled to testify Tuesday before the House Energy and Commerce Committee about the debate over how the use of encryption in tech products and services hampers law enforcement activities.

In February, Apple clashed with the FBI over whether the company would help investigators hack into the encrypted iPhone of San Bernardino shooter Syed Farook. That case ended when the FBI said it had found a way to unlock the phone without Apple’s help. The debate, however, is unresolved.

Technology companies and rights groups argue that strong encryption, which scrambles data so it can be read only by the right person, is needed to keep people safe and protect privacy. Law enforcement argues it can’t fight crimes unless it has access to information on mobile devices.

The hearing, called “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives,” will include two panels. The first features Amy Hess, executive assistant director for science and technology at the FBI, who will speak about law enforcement concerns along with other law enforcement officials from around the country. Apple general counsel Bruce Sewell will speak during a second panel, which will feature computer science and security professionals.

The FBI and Apple did not immediately respond to requests for comment on their testimony.

The hearing’s agenda comes just a day after a US Senate encryption bill was released that would give law enforcement and government investigators access to encrypted devices and communications. Authored by US Sens. Dianne Feinstein and Richard Burr, the bill furthers a fight that pits national security against cybersecurity.

Earlier this month, Facebook complicated things a bit further for the FBI when it announced that all communications sent on its popular WhatsApp messaging app are now encrypted.

Forget iPhone encryption, the FBI can’t legally touch the software ISIS uses

Featured

Forget iPhone encryption, the FBI can’t legally touch the software ISIS uses

The FBI insists that encrypted products like the iPhone and encrypted online services will put people in harm’s way, especially in light of the ISIS-connected San Bernardino shooting late last year. That’s why the Bureau has been arguing for encryption backdoors that would be available to law enforcement agencies, and why it looked to coerce Apple to add a backdoor to iOS.

However, extensive reports that show the preparations ISIS made before hitting Paris and Brussels revealed the kind of encrypted products ISIS radicals used to stay in touch with central command. Unsurprisingly, these products are out of the FBI’s jurisdiction, and one in particular was one of the safest encrypted communication products you can find online. In fact,its original developers are suspected to have ties to the criminal underworld.

Telling the inside story of the Paris and Brussels attacks, CNN explains that ISIS cell members used a chat program called Telegram to talk to one another in the moments ahead of the attacks. Using data obtained from official investigations,CNN learned that just hours before the Bataclan theater was hit, one of the attackers had downloaded Telegram on a Samsung smartphone.

Police never recovered communications from the messaging app. Not only is Telegram encrypted end-to-end, but it also has a self destruct setting.

Forget iPhone encryption, the FBI can’t legally touch the software ISIS uses

Conceived by Russian developers, the app is out of the FBI’s jurisdiction. But Telegram is the least problematic encrypted service for intelligence agencies looking to collect data and connect suspects. CNN also mentions a far more powerful app, one that hasn’t yet been cracked by law enforcement.

TrueCrypt is the app in question. One of the ISIS radicals who was captured by French police in the months leading to the mid-November Paris attacks revealed details about this program.

TrueCrypt resides on a thumb drive and is used to encrypt messages. French citizen and IT expert Reda Hame was instructed to upload the encrypted message to a Turkish file-sharing site. “An English-speaking expert on clandestine communications I met over there had the same password,” Hame told interrogators. “It operated like a dead letter drop.”

Forget iPhone encryption, the FBI can’t legally touch the software ISIS uses

According to The New York Times, Hame was told not to send the message via email, so as to not generate any metadata that would help intelligence agencies connect him to other terrorists.

The ISIS technician also instructed Hame to transfer TrueCrypt from the USB key to a second unit once he reached Europe. “He told me to copy what was on the key and then throw it away,” Hame explained. “That’s what I did when I reached Prague.”

Hame made a long journey home from Turkey, making it look like he was a tourist visiting various cities in Europe. Whenever he reached a new place, he was to call a special number belonging to one of the masterminds behind the attacks, and he used a local SIM card to mark his location.

Forget iPhone encryption, the FBI can’t legally touch the software ISIS uses

The Times also mentions a secondary program that was installed on flash drives. Called CCleaner, the program can be used to erase a user’s online history on any computer.

If that’s not enough to show the level of sophistication of these bloody ISIS attacks on Europe and other targets, a story from The New Yorker sheds more light on TrueCrypt, a program whose creators can’t be forced to assist the FBI.

According to the publication, TrueCrypt was launched in 2004 to replace a program called Encryption for the Masses (E4M) developed long before the iPhone existed. Interestingly, the programmer who made it is Paul Le Roux, who also happens to be a dangerous crime lord, having built a global drug, arms and money-laundering cartel out of a base in the Philippines.

E4M is open-source, and so is TrueCrypt, meaning that their creators aren’t companies motivated by a financial interest to keep their security intact.

“TrueCrypt was written by anonymous folks; it could have been Paul Le Roux writing under an assumed name, or it could have been someone completely different,” Johns Hopkins Information Security Institute computer-science professor Matthew Green told The New Yorker.

The developers stopped updating it in 2014 for fear that Le Roux’s decision to cooperate with the DEA might cripple its security. Le Roux was arrested in Liberia on drug-trafficking charges in September 2012. But Green concluded in 2015 that TrueCrypt is still backdoor-free, which explains why ISIS agents still use it.

How the FBI Cracked the iPhone Encryption and Averted a Legal Showdown With Apple

Featured

How the FBI Cracked the iPhone Encryption and Averted a Legal Showdown With Apple

An urgent meeting inside FBI headquarters little more than a week ago is what convinced federal law enforcement officials that they may be able to abandon a brewing legal fight with tech giant Apple, sources told ABC News today.

In the days after the December 2015 massacre in San Bernardino, California, which killed 14 people and wounded 22 others, the iPhone left behind by one of the shooters, Syed Farook, was secretly flown to the FBI’s laboratory in Quantico, Virginia, sources said.

The FBI had been unable to review the phone’s contents due to a security feature that — after 10 failed attempts to enter the 4-digit access code — would render the phone’s files forever inaccessible.

By last month, the FBI was at an impasse with Apple, which fought a court order telling the company to help authorities bypass the security feature. Apple maintained the U.S. government was asking it to create a “backdoor” into its devices that would endanger the privacy of hundreds of millions of iPhone users around the world.

“It is in our view the software equivalent of cancer,” Apple CEO Tim Cook recently told “World News Tonight” anchor David Muir.

But the FBI insisted it had a responsibility to access any data potentially relevant to the deadly terror attack in San Bernardino.

“I don’t know whether there is evidence of the identity of another terrorist on the phone, or nothing at all. But we ought to be fired in the FBI if we didn’t pursue that lead,” FBI Director James Comey told a House panel in February.

As the legal battle played out, the FBI appealed to cyber experts around the world for help.

“We’ve talked to anybody who will talk with us about it, and I welcome additional suggestions,” Comey said during a House hearing four weeks ago.

In response, countless companies and hackers — including what one source familiar with matter called many “whackadoodles” — came forward claiming to have a way into Farook’s phone, sources said.

But nothing appeared viable. That is, until a company that the FBI has yet to identify came forward about two weeks ago. After initial contacts with the FBI, company officials flew to Washington to lay out their solution, sources told ABC News.

On Sunday, March 20, in a meeting at FBI headquarters, company officials demonstrated their technology on another iPhone. Convinced it would work, the FBI greenlighted applying it to Farook’s phone, sources said.

This past weekend — just days ago — the attempt was made, and “the FBI has now successfully retrieved the data stored on” the phone, according to the Justice Department.

Forensic examiners are now attempting to exploit potential evidence from the phone. It’s unclear if anything of investigative value has been found yet.

The FBI has refused to identify the company that offered the solution, with one source citing a “mutual agreement.” Nevertheless, Apple did not play a part in finding the solution, company officials said.

As for whether the solution might be shared with Apple, it’s a decision that will be made through consultation with multiple federal agencies, sources said.

One federal law enforcement source said it’s important to emphasize that the ultimate solution identified in this case was not found despite the lawsuit filed against Apple, but because of it.

The solution was “generated as a result of the media attention,” the source said.

At the same time, the source said federal authorities believe the end to the current litigation should not end the national discussion about balancing the interests of security and privacy.

“Our need for public safety and our need for privacy are crashing into each other, and we have to sort that out as a people,” Comey said recently. “This world some people imagine where nobody can look at your stuff is a world that will have public safety costs.”

FBI Hacks iPhone, Ending Apple Encryption Challenge

Featured

FBI Hacks iPhone, Ending Apple Encryption Challenge

The Department of Justice said in a federal court filing Monday that it had bypassed encryption on the iPhone 5c used by a terrorist in a mass shooting last year in California and requested the court vacate its order compelling Apple to assist it in accessing the device.

The filing effectively ends a contentious legal battle between the federal government and Apple over the phone used by Syed Rizwan Farook. Farook was fatally shot by authorities along with his wife, Tashfeen Malik, after they killed 14 people in San Bernardino, California, in December.

“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016,” government lawyers said in their filing in U.S. District Court for the Central District of California.

The two-page filing contains no information about the methods the government used to bypass the phone’s encryption.

A scheduled March 22 hearing was canceled last week after government lawyers said an “outside party” had proposed a possible way to unlock the phone that would not require Apple’s help. The tech giant had vowed to oppose the order in court, stating that helping the government access an encrypted iPhone would set a precedent for undermining privacy and cybersecurity.

“Our decision to conclude the litigation was based solely on the fact that, with the recent assistance of a third party, we are now able to unlock that iPhone without compromising any information on the phone,” prosecutors said in a statement.

“We sought an order compelling Apple to help unlock the phone to fulfill a solemn commitment to the victims of the San Bernardino shooting – that we will not rest until we have fully pursued every investigative lead related to the vicious attack,” the statement said. “Although this step in the investigation is now complete, we will continue to explore every lead, and seek any appropriate legal process, to ensure our investigation collects all of the evidence related to this terrorist attack. The San Bernardino victims deserve nothing less.”

Why few hackers are lining up to help FBI crack iPhone encryption

Featured

Why few hackers are lining up to help FBI crack iPhone encryption

When the FBI said it couldn’t unlock the iPhone at the center of the San Bernardino shooting investigation without the help of Apple, the hackers at DriveSavers Data Recovery took it as a challenge.

Almost 200 man hours and one destroyed iPhone later, the Bay Area company has yet to prove the FBI wrong. But an Israeli digital forensics firm reportedly has, and the FBI is testing the method.

Finding a solution to such a high-profile problem would be a major feat — with publicity, job offers and a big payday on the line. But, in fact, the specialists at DriveSavers are among only a few U.S. hackers trying to solve it. Wary of the stigma of working with the FBI, many established hackers, who can be paid handsomely by tech firms for identifying flaws, say assisting the investigation would violate their industry’s core principles.

Some American security experts say they would never help the FBI, others waver in their willingness to do so. And not all of those who would consider helping want their involvement publicized for risk of being labeled the hacker who unhinged a backdoor to millions of iPhones.

“The FBI has done such a horrible job of managing this process that anybody in the hacking community, the security community or the general public who would openly work with them would be viewed as helping the bad guys,” said Adriel Desautels, chief executive of cybersecurity testing company Netragard. “It would very likely be a serious PR nightmare.”

Much of the security industry’s frustration with the FBI stems from the agency’s insistence that Apple compromise its own security. The fact that the FBI is now leaning on outside help bolsters the security industry’s belief that, given enough time and funding, investigators could find a workaround — suggesting the agency’s legal tactics had more to do with setting a precedent than cracking the iPhone 5c owned by gunman Syed Rizwan Farook.

Some like Mike Cobb, the director of engineering at DriveSavers in Novato, Calif., wanted to be the first to find a way in. Doing so could bring rewards, including new contracts and, if desired, free marketing.

“The bragging rights, the technical prowess, are going to be considerable and enhanced by the fact that it’s a very powerful case in the press,” said Shane McGee, chief privacy officer for cybersecurity software maker FireEye Inc.

Altruism could motivate others. Helping the FBI could further an inquiry into how a husband-and-wife couple managed to gun down 14 people, wound many others and briefly get away.

Another positive, McGee said, is that legal liability is low: While unauthorized tampering with gadgets has led to prison time, it’s legal as long as people meddle with iPhones they own — and the court order helps too.

But top security experts doubt the benefits are worth the risk of being seen as a black sheep within their community.

Hackers have said they don’t want to touch the San Bernardino case “with a 10-foot pole because the FBI doesn’t look the like good guy and frankly isn’t in the right asking Apple to put a back door into their program,” Desautels said. The assisting party, if ever identified, could face backlash from privacy advocates and civil liberties activists.

“They’d be tainted,” Desautels said.

The unease in the hacker community can be seen through Nicholas Allegra, a well-known iPhone hacker who most recently worked for Citrix.

Concerned an FBI victory in its legal fight with Apple would embolden authorities to force more companies to develop software at the government’s behest, Allegra had dabbled in finding a crack in iPhone 5c security. If successful, he hoped his findings would lead the FBI to drop the Apple dispute.

But he has left the project on the back burner, concerned that if he found a solution, law enforcement would use it beyond the San Bernardino case.

“I put in some work. I could have put more in,” he said. But “I wasn’t sure if I even wanted to.”

Companies including Microsoft, United Airlines and Uber encourage researchers and even hackers to target them and report problems by dangling cash rewards.

HackerOne, an intermediary for many of the companies, has collectively paid $6 million to more than 2,300 people since 2013. Boutique firms and freelancers can earn a living between such bounties and occasionally selling newly discovered hacking tools to governments or malicious hackers.

But Apple doesn’t have a bounty program, removing another incentive for tinkering with the iPhone 5c.

Why few hackers are lining up to help FBI crack iPhone encryption

Still, Israeli firm Cellebrite is said to have attempted and succeeded at defeating the device’s security measures.

The company, whose technology is heavily used by law enforcement agencies worldwide to extract and analyze data from phones, declined to comment. The FBI has said only that an “outside party” presented a new idea Sunday night that will take about two weeks to verify. Apple officials said they aren’t aware of the details.

Going to the FBI before going to the company would violate standard practice in the hacking community. Security researchers almost always warn manufacturers about problems in their products and services before sharing details with anyone else. It provides time for a issuing a fix before a malicious party can exploit it.

“We’ve never disclosed something to the government ahead of the company that distributed the hardware or software,” McGee said. “There could be far-reaching consequences.”

Another drawback is that an iPhone 5c vulnerability isn’t considered a hot commodity in the minds of many hackers, who seek to one-up each other by attacking newer, more widely used products. The 5c model went on sale in 2013 and lacks a fingerprint sensor. Newer iPhones are more powerful and have different security built into them. Only if the hack could be applied to contemporary iPhones would it be worth a rare $1-million bounty, experts say.

The limited scope of this case is why many hackers were taken back by a court order asking for what they consider broadly applicable software to switch off several security measures. Instead, experts wanted the FBI to invest in going after the gunman’s specific phone with more creativity. In other words, attack the problem with technology, not the courts.

“If you have access to the hardware and you have the ability to dismantle the phone, the methodology doesn’t seem like it would be all that complex,” Desautels said.

Two years ago, his team tried to extract data from an iPad at the request of a financial services company that wanted to test the security of the tablets before offering them to employees. Netragard’s researcher failed after almost a month; he accidentally triggered a date change within the software that rendered the iPad unusable. But Desautels said cracking the iPad would have been “possible and trivial” for someone with more time and a dozen iPads to mess with.

The same, he imagines, would be true for an iPhone. The FBI, though, has said it had exhausted all known possibilities.

Taking Apple to court generated attention about the problem and “stimulated creative people around the world to see what they might be able to do,” FBI Director James Comey said in a letter to the Wall Street Journal editorial board Wednesday. Not “all technical creativity” resides within government, he said.

The plea worked, grabbing the interest of companies like DriveSavers, which gets about 2,000 gigs a month to retrieve photos, videos and notes from phones that are damaged or belong to someone who died. But despite all of the enticements in the San Bernardino case, they’ve worked to unlock an iPhone 5c only intermittently.

They’ve made progress. Cobb’s team can spot the encrypted data on an iPhone 5c memory chip They’re exploring how to either alter that data or copy it to another chip. Both scenarios would allow them to reset software that tracks invalid password entries. Otherwise, 10 successive misfires would render the encrypted data permanently inaccessible.

Swapping chips requires soldering, which the iPhone isn’t built to undergo multiple times. They have an adapter that solves the issue, and about 300 old iPhones in their stockpile in case, as one already has, the device gets ruined.

Had they been first to devise a proposed solution, DriveSavers “absolutely” would have told the FBI because their method doesn’t present extraordinary security risks, Cobb said.

But whether it would want to be publicly known as the code cracker in the case, Cobb said that would be “a much bigger, wider conversation” to ponder.