Apple Will Fight Order to Help Unlock San Bernandino iPhone


#1

Last night, A CALIFORNIA COURT ordered Apple to assist the FBI in hacking an iPhone. It’s an unprecedented request, one with potentially huge repercussions for the privacy and security of every Apple customer. This morning, Apple CEO Tim Cook posted an impassioned defense of encryption, and signaled the legal battles to come.

The iPhone at hand belonged to one of the San Bernardino shooters, the couple who took 14 lives in an attack last December. But the open letter to Apple customers posted on Apple’s website early Wednesday morning is significant in that it doesn’t just respond to this court order and incident, specifically, but to the importance of encryption at large.

Tim Cook Says Apple Will Fight Order to Help Unlock iPhone | WIRED

The FBI wants Apple to implement a backdoor for law enforcement to use in order to access sensitive data on iPhones without risking the data being automatically deleted, which is what happens when a passcode is entered incorrectly more than 10 times if that option is enabled. The FBI argues that it can compel Apple to help them unlock the phone under the All Writs Act of 1789. Tim Cook in a letter claims that making a backdoor like this will open their customers’ devices to hackers.

The iPhone now implements AES 256 encryption on all devices by default. For those who want a starter on how encryption works, this is a good starter video.


#2

As I understand it the FBI is not willing to just turn the phone over to Apple engineers, have them unlock it and give the internal data to the FBI. This might be consistent with the law. Instead they want Apple to create a tool, which does not presently exist, turn it over to them, without compensation, so that they can unlock any iPhone. The 1789 statute requires courts to issue writs “agreeable to the usages and principles of law.” I don’t see this being fulfilled here. This is compelled performance without a contract or perhaps involuntary servitude. It goes way beyond assistance in gathering information for their investigation. In view of the fact that the high security of their devices is a major selling point for their products, I expect Apple to fight this to the Supreme Court if necessary. Compliance with the full FBI request would cause them a large and irreparable financial loss.

PS Big Brother has tried this before in the 90’s with the Clipper Chip and Skipjack. Amazingly, Senators John Ashcroft and John Kerry both fought against this mandatory key eskrow,


#3

I’m not familiar with “Skipjack.” I thought the clipper chip was a done deal.


#4

After Apple increased the security of the iPhone, Apple literally can’t just be given an iPhone anymore and told to get the data. The encryption design on the phone means the only person that can get to the data (at present) is the owner of the phone. Thus the consumer is assured that even if their phone gets stolen, or hackers try to remotely get into the phone, they won’t be able to take advantage of a backdoor.

Thus the court order. This judge has literally commanded apple to create a backdoor in their security product, undermining the security of the device so that law enforcement can get into the phone. I’ve seen news reports where the government is claiming they aren’t asking for a backdoor, but it’s really what they are commanding be given to them, a backdoor. Backdoors can and ARE used to hack into systems and for criminal activity. This order threatens all of Apple’s customers.


#5

I have no hands on knowledge of this product. Perhaps you could clarify:

  1. If The user correctly enters the unlock code (4 or 6 digits) then they have access to all information on the phone without entry of additional passwords or keys. Any further internal AES-256 decryption would be automatic and transparent to the user. Is this correct?

  2. Assuming 1. to be true. If in physical possession of the phone, Apple could install new programming, identical to the old except removing the wait times between password entries and total number of attempts. This would be no more complicated than deleting a few lines of code in Apple’s proprietary software. Is this correct?

  3. Assuming 1. and 2. are correct. The phone can now be unlocked with a brute force attack which would be automated to try all possible unlock codes. Is this correct?

Thanks for any clarification you can give.


#6

Apparently, newer models (not the one in this instance) have a separate computer known as the Secure Enclave that keeps its own count of incorrect passcode attempts separate from the operating system on the phone. If that were true, asking Apple to create a new OS with unlimited passcode attempts wouldn’t matter unless they could also do the same thing to the Secure Enclave.

To me, though, the FBI’s request goes beyond just this one iPhone. It sets a precedent that manufacturers must allow backdoors for law enforcement on their devices, which are never secure.


#7

So the FBI is asking for a remedy which goes far beyond what is required for this particular phone and this case. This is not justified by the 1789 statute which requires “the writ must be necessary and appropriate to the particular case”. Even if their request is ultimately denied by higher courts, they will come back to the same argument when the next terrorist has a better phone with a “secure enclave”. This issue is not going away any time soon. In the end the governments argument will boil down to “you must surrender your freedom in order for us to protect your freedom”. In my opinion, this issue is as important as the 2nd amendment which is at the top of my list.


#8
  1. Correct
  2. INCORRECT. The FBI is requesting a rewrite of iOS, and firmware changes that are then given to the FBI. These are not trivial changes only require “deleting a few line of code”. Significant alterations would be required. These changes could then be used to attack other iPhones currently on the market. Thus, a backdoor.
  3. Correct, assuming the extensive changes of point 2 are completed. It would also allow attacks on other iPhones currently on the market.

Speculation on my part. Apple should bake these security features directly into the hardware as read only memory moving foward thus preventing them from crippling their own OS. Apple has pretty much done everything right to protect it’s users from attack by “outside” entities, but now it’s being asked to attack it’s own users and provide the attack to a third party. Bad juju that. The security features should be baked into hardware to prevent even them from attacking their own users in the future. I suspect governments all over the world will oppose that action.


#9

The sidebar with this article gives a fairly good explanation of the technical issues and disputes:

Secret Memo Details U.S.

The article itself is also good. It is one thing to ask a company to assist in an investigation; it is quite another to ask them to dumb-down and castrate their product to make government’s job easier. If the NSA can’t figure this out on their own and the government can’t keep the personal details of millions of government employees out of the hands of the Russians and Chinese then maybe we should fire them all and contract all of this out to Apple.

PS The Donald is really trying my patience for nonsense with his call to boycott Apple. Unfortunately I still see him as “the best result possible” as opposed to the pie-in-the-sky “best possible result”.

:banghead:


#10

Apple is now claiming that the passcode was changed 24 hours after the phone was taken into possession. This would imply the FBI already had access to the phone, and is instead using this as an excuse to try and create backdoors in technology in general, rather than simply for this one situation.

The fact that none of the presidential frontrunners have taken a strong stance for encryption is honestly sad.


#11

It doesn’t matter if the FBI actions were a screwup or intentional; Apple and their customers are supposed to trust these clowns not to abuse this technology or leak it to criminals?


#12

[quote=“old_dog, post:2, topic:48312”]
As I understand it the FBI is not willing to just turn the phone over to Apple engineers, have them unlock it and give the internal data to the FBI. This might be consistent with the law. Instead they want Apple to create a tool, which does not presently exist, turn it over to them, without compensation, so that they can unlock any iPhone. The 1789 statute requires courts to issue writs “agreeable to the usages and principles of law.” I don’t see this being fulfilled here. This is compelled performance without a contract or perhaps involuntary servitude. It goes way beyond assistance in gathering information for their investigation. In view of the fact that the high security of their devices is a major selling point for their products, I expect Apple to fight this to the Supreme Court if necessary. Compliance with the full FBI request would cause them a large and irreparable financial loss.

PS Big Brother has tried this before in the 90’s with the Clipper Chip and Skipjack. Amazingly, Senators John Ashcroft and John Kerry both fought against this mandatory key eskrow,
[/quote]I have to agree in that if Apple gives the FBI such a program it will be used for other purposes and is an expansion against the privacy of citizens. While I also agree the FBI should know what the terrorists are doing the best solution is letting Apple decrypt it.


#13

The best choice is for the FBI to drop it. The fact that the government is arguing to make Americans smartphones less secure is all I need to know that they do not have our best interest at heart. IT is, quite frankly, a sad joke.


#14

The FBI claim that they cannot access the iPhone5 data of the San Berdo terrorists is crap. Here are the detailed how-to instructions:

It is just a question of money and a little time. They want something easier which is suitable for large scale, and possibly remote, use. It is a smokescreen. What they really what is to set a precedent to prevent Apple from future enhancements to the phones security. Anyone who thinks this proposed castration of technological advancement will always be restricted to terrorists is a fool.