Now that the FBI has cracked San Bernardino shooter Syed Rizwan Farook’s iPhone without Apple’s assistance, the company is left with the daunting task of fixing a security vulnerability it knows nothing about. Unlike other security issues where Apple is working to solve a known problem, the company has so far received no information from the FBI about the method used to break into the device. To complicate issues further, The New York Times reports Apple’s security operations have been in a state of transition since late last year, when Dallas DeAtley, leader of the Core OS Security Engineering team and the manager responsible for most government data extraction requests, left that team to work in a different part of the company.
Sources said other key employees — including one tasked with hacking Apple’s own products to expose security issues — have exited the company over the last few months, creating an influx of new employees who are now starting from scratch. Last year, the company broke up its product security team and placed the privacy group charged with ensuring data is properly encrypted and anonymized under a new manager. The rest of product security, including the RedTeam responsible for reacting to vulnerabilities reported by people outside Apple, was absorbed by the company’s main Core OS Security Engineering team right around the time DeAtley left.
Apple has pledged to “continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” but the high-profile hack has sparked rampant speculation about the method used to crack the phone. Forensics experts said the government could have removed the phone’s storage chip, copied it and then used the mirrored chip to fool the phone into giving it an infinite number of attempts to guess the passcode. The A7 chip in newer iPhones is thought to be less susceptible to that particular line of attack due to the Secure Enclave feature — which contains a unique numerical key essential to unlocking information stored in the phone — but until it knows the exact nature of the FBI’s hack, Apple can’t say for certain that it has plugged the hole in its security.