The phones at the center of the dispute are an iPhone 5 and an iPhone 7 Plus. Those phones were released in 2012 and 2016, and they lack Apple’s most sophisticated software. Tools from at least two companies, Cellebrite and Grayshift, are able to break into those iPhone models, though they pose different challenges.
The iPhone 5 is the simpler of the two. It no longer supports the latest iPhone software, and it has effectively the same technology as the device in the 2016 clash between Apple and the F.B.I., an iPhone 5C. In that case, the dispute abruptly ended when a private company broke into the phone for the bureau.
The iPhone 7 Plus is tougher to hack. It has a special processor, called the Secure Enclave, designed to improve its security. But it is still part of a group of iPhone models that have a known, unresolvable flaw called Checkm8, said Jonathan Levin, an iPhone security consultant.
“We know exactly how to exploit it,” he said. “It’s so trivial.”
Tools like those from Cellebrite and Grayshift don’t actually break iPhones’ encryption; they guess the password. To do so, they exploit flaws in the software, like Checkm8, to remove the limit of 10 password attempts. (After about 10 failed attempts, an iPhone erases its data.) The tools then use a so-called brute-force attack, which automatically tries thousands of passcodes until one works.
That approach means the wild card in the Pensacola case is the length of the suspect’s passcode. If it’s six numbers — the default on iPhones — authorities almost certainly can break it. If it’s longer, it might be impossible.
A four-number passcode, the previous default length, would take on average about seven minutes to guess. If it’s six digits, it would take on average about 11 hours. Eight digits: 46 days. Ten digits: 12.5 years.
If the passcode uses both numbers and letters, there are far more possible passcodes — and thus cracking it takes much longer. A six-character alphanumeric passcode would take on average 72 years to guess.