How Apple could hack terrorist’s iPhone for FBI (if it wanted to)

A federal judge has ordered Apple to comply with FBI’s demands to unlock the San Bernardino terrorist’s iPhone 5c. Apple CEO Tim Cook has boldly and politely refused, however his reason has nothing to do with whether Apple has the ability to hack the iPhone.

It simply doesn’t want to.

Apple has spent the past few years making its devices more secure by adding Touch ID and a secure element. The iPhone 5c doesn’t have Touch ID though, so the FBI wants to brute-force unlock it by guessing the terrorists PIN. iOS will automatically wipe the device after too many unsuccessful attempts though and delays how often you can guess a passcode, so they’ve created a plan on how Apple can help them get around it.

In the court filing posted yesterday, the FBI detailed three things they want Apple to change on the terrorist’s iPhone 5c:

1 – Bypass or disable the auto-erase function whether or not it has been enabled;
2 – Enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE;
3 – Ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

Essentially the FBI doesn’t want to physically enter passcodes on the iPhone 5c’s screen for the next 20 years, so they’re asking Apple to hack iOS to let them submit an unlimited number of PINs electronically as fast as the hardware can handle *one passcode every 80ms) without any delays for wrong guesses.

In order for Apple to remove those restrictions they would have to create a customer version of iOS. Apple has actually created custom firmware for law enforcement before that bypasses the lock screen, however ever since iOS 8 encrypted data by default with a PIN and hardware key, the feds can’t access any data without breaking through the PIN entry.

The FBI can’t create its own iOS firmware and sideload it through DFU mode on the iPhone because they do not have access to the keys Apple uses to sign the firmware. The federal court order demands Apple provide the FBI with a signed iPhone Software file that can only run on the RAM of the terrorists iPhone, and then give them remote access to the device.

All of this could be done on Apple’s campus, without the feds getting their hands in on the action, or so they claim. The problem is that it would essentially create a master key to every digital safe Apple’s built. Apple would be creating a hacking tool for the feds and others, potentially exposing millions of customers to attack if the firmware makes it outside 1 Infinite Loop.

“In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” Tim Cook warned in his letter.

There’s also a very real possibility that Apple could create this hacking tool for the Feds and it won’t even help them with iPhone 5c in question. If the San Bernardino shooter used a 4 digit PIN for his passcode, the FBI’s proposed hack would allow them to guess one PIN every 80ms and break into the device within 30 minutes. But if the recovered iPhone is using an alphanumeric password then the changes are unlikely to provide a big enough boost to speed up the guess work.

“While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products,” warned Tim Cook. “And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”

Source: Cult of Mac

%d bloggers like this: