FBI wants Apple's help in unlocking another suspected terrorist's iPhones

An iPhone's lockscreen with someone's thumb attempting to enter the passcode.
(Image credit: Wachiwit/Shutterstock)

Buckle your seat belts -- we may be in for another bumpy ride over FBI access to locked iPhones.

NBC News reported yesterday (Jan. 7) that the FBI sent a letter Monday (Jan. 6) to Apple requesting the tech giant's help in unlocking two iPhones apparently belonging to Mohammed Saeed Alshamrani, the Saudi air force officer suspected of killing three people in a mass shooting last month at Naval Air Station Pensacola in Florida. The FBI confirmed the existence of the letter to The New York Times.

The letter, reportedly signed by Dana Boente, the FBI's top lawyer, said the FBI had tried to get help from other federal agencies, from foreign countries and from "the third-party vendor community," but that nothing had worked.

"Investigators are actively engaging in efforts to 'guess' the relevant passcodes but so far have been unsuccessful," NBC News quoted the letter, which sounds more like a polite request rather than an order, as stating.

To complicate matters, Apple told NBC News it had already given the FBI everything it could long before the letter was sent.

"We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations," Apple said to NBC News. "When the FBI requested information from us relating to this case a month ago, we gave them all of the data in our possession and we will continue to support them with all the data we have available."

What Apple is really saying

Reading between the lines, Apple seems to be saying that it's already given up everything that Alshamrani may have backed up on iCloud or may have included in his Apple account. 

But Apple's end-to-end messaging encryption means that the company can't read his Apple Messages, and its device-encryption policy means that the company -- or anyone else -- can't get into his iPhones without the proper passcodes.

Apple iPhone screen-lock passcodes require at least six digits, allowing for a million possible combinations, though users can make them even longer and stronger with letters and more numbers. 

Apple's safeguards force anyone trying to guess the passcode on an iPhone to take a break after six unsuccessful tries, and the breaks get longer with each wrong guess after that. After 10 guesses, the iPhone will either lock up entirely or wipe its data, depending on user preferences. (The legitimate user would have to connect the iPhone to a computer on which the phone had already been backed up.)

Back in 2016, Apple and the FBI engaged in a legal and public-relations battle over a workplace-issued iPhone used by Syed Farook, an American who with his wife killed 14 of Farook's co-workers at a Christmas party in San Bernardino, California. 

Despite a court order, Apple refused to create a tool or a software update that would let the FBI, or even Apple itself, bypass the screen-lock protections on Farook's iPhone. The FBI eventually paid for a third-party company to access the data on the phone, which reportedly turned up nothing of interest.

Security precautions added to Apple hardware and software since the Farook case have made it even harder for third-party tools to get into locked iPhones. Alshamrani added a safeguard of his own, according to NBC News: He fired a bullet into one of the iPhones during the attack before he was killed by a sheriff's deputy.

This apparent terrorist's iPhone is not like the last one

The Farook and Alshamrani cases sound superficially familiar -- both men were suspected of having terrorist motives, and both are dead and can't unlock their phones themselves. 

But the FBI made several technical and legalistic mistakes with Farook's phone, including accidentally unhooking it from Farook's iCloud account and not reaching out to all other possible sources of assistance before asking Apple for help. 

It doesn't seem to be making any such mistakes in the Alshamrani case. The Register's Kieren McCarthy points out that the FBI is putting itself on firmer legal ground should it have to get a court order to get Apple to unlock the devices. Essentially, the FBI is saying that Apple is its only hope.

There's still a lot we don't know here. It's not clear if the FBI tried using Alshamrani's face or fingerprint to unlock the devices, although those methods wouldn't work if an iPhone had been fully powered off or not unlocked for a long period of time. (Farook's phone was an iPhone 5c without a fingerprint or face reader.) 

It's also not clear exactly which iPhone models Alshamrani had, or which version of iOS they run. And, of course, it's not clear how Apple will respond to the FBI's request, although Apple executive Jane Horvath said at a privacy panel discussion at CES 2020 in Las Vegas yesterday that the company was still opposed to building security "backdoors" into its devices for police to use.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.