Once it is exposed, Apple should be able to plug the encryption hole, comforting iPhone users worried that losing physical possession of their devices will leave them vulnerable to hackers.
When Apple does fix the flaw, it is expected to announce it to customers and thereby extend the rare public battle over security holes, a debate that typically rages out of public view.
The Federal Bureau of Investigation last week dropped its courtroom quest to force Apple to hack into the iPhone of one of the San Bernardino shooters, saying an unidentified party provided a method for getting around the deceased killer’s unknown passcode.
If the government pursues a similar case seeking Apple’s help in New York, the court could make the FBI disclose its new trick.
But even if the government walks away from that battle, the growing number of state and local authorities seeking the FBI’s help with locked phones in criminal probes increases the likelihood that the FBI will have to provide it. When that happens, defense attorneys will cross-examine the experts involved.
Although each lawyer would mainly be interested in whether evidence-tampering may have occurred, the process would likely reveal enough about the method for Apple to block it in future versions of its phones, an Apple employee said.
Even if the FBI hoards the information – despite a White House policy that tilts toward disclosure to manufacturers – if it is not revealed to Apple, there are other ways the method could come to light or be rendered ineffective over time, according to Zdziarski and senior Apple engineers who spoke on condition of anonymity.
The FBI may use the same method on phones in cases in which the suspects are still alive, presenting the same opportunity for defense lawyers to pry.
In addition, the contractor who sold the FBI the technique might sell it to another agency or country. The more widely it circulates, the more likely it will be leaked.