Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2016-03-23 20:00:00Format, images and links may no longer function correctly.
No, I don’t have any secret inside information confirming the Israeli newspaper report that Israeli based Cellebrite is the unnamed third party that is attempting to help the FBI crack one of the San Bernardino terrorists locked iPhones. So unless one of my unnamed, anonymous forensic friends has some insight to share, I will limit my speculations to the potential impact in civil discovery. So why do we care if the Cellebrite and the FBI publicly access an encrypted, locked current generation smart phone? Corporations with proper ActiveSync policies, MDM or MAM software already have the ability to force an administrative password reset or remotely wipe the device. Up until this point, counsel could only access encrypted BYOD devices that were either unlocked by the owner or had been altered to grant access (when the user first connected to corporate email). Furthermore, corporations were not concerned with upgraded/outdated devices as long as protocols were followed to wipe the old devices. Depending on what the proposed hack is, if it can bypass the stored encryption keys to access the device, we may have a problem.
When Apple introduced the new hardware based encryption chips (my memory says iPhone 4 and above), they changed the wipe process to just delete the encryption keys. I could not locate any information on the current iOS/A7 chips to indicate that they have a ‘long’ wipe option that actually overwrites the ones-and-zeros in a DOD5015 compliant wipe. That means that the encrypted user data still resides on the device in a formerly inaccessible format. So I will be watching closely to see if the unnamed third party can indeed extract user data from the encrypted iPhone and whether this is just another ‘steal the keys’ hack or a true decryption methodology. If the latter, then pretty much all of my clients will be getting a ‘time to update the BYOD and termination protocol’ notice.
Greg Buckles wants your feedback, questions or project inquiries at Greg@eDJGroupInc.com. Contact him directly for a ‘Good Karma’ call. His active research topics include analytics, SMB eDiscovery, mobile device discovery, the discovery impact of the cloud, Microsoft’s Office 365/2013 eDiscovery Center and multi-matter discovery. Recent consulting engagements include managing preservation during enterprise migrations, legacy tape eliminations, retention enablement and many more.
Blog perspectives are personal opinions and should not be interpreted as a professional judgment. eDJ consultants are not journalists and perspectives are based on public information. Blog content is neither approved nor reviewed by any providers prior to being posted. Do you want to share your own perspective? eDJ Group is looking for practical, professional informative perspectives free of marketing fluff, hidden agendas or personal/product bias. Outside blogs will clearly indicate the author, company and any relevant affiliations.