Apple has point blank refused to bypass its own security mechanisms with new software which the FBI can use to unlock and read information on the iPhone of one of the San Bernardino gunmen.
A court order issued by a California magistrate yesterday effectively asks Apple to create a new custom iOS version to install on the device – an iPhone 5C running iOS9 – which will allow the FBI to brute force the passcode.
The order noted that Apple’s “reasonable technical assistance” should accomplish three important functions:
“It will bypass or disable the auto-erase function whether or not it has been enabled; it will enable the FBI to submit passcodes to the subject device for testing electronically via the physical device port, Bluetooth, Wi-Fi or other protocol available on the subject device; and it will ensure that when the FBI submits passcodes to the subject device, software running on the device will not purposefully introduce any additional delay between the passcode attempts beyond what is incurred by Apple hardware.”
The auto-erase function wipes all data after 10 incorrect passcode guesses, while the milliseconds-delay feature was introduced by Apple to neuter brute force attacks by making them take years to carry out.
The magistrate, Sheri Pym, asked Apple to respond if it was not possible to create a workaround as described above.
Tim Cook took the opportunity to do so in a long letter decrying the government’s attempts to undermine the security of Apple devices, although he notably didn’t reveal whether it was technically possible to do so or not.
While claiming no sympathy for the terrorists and pointing out that Apple has assisted the investigators to do “everything that is both within our power and within the law to help them,” he would not sanction the creation of software with the potential to unlock anyone’s iPhone.
“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control ...
For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.”
Cook also took issue with the FBI’s apparent attempts to use the All Writs Act of 1789 as a legal justification for this expansion of its authority.
“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
The news comes in the same week EU security agency Enisa came out in favor of strong encryption and against any attempts by law enforcers to undermine this by demanding backdoors.
Image credit: endermasali / Shutterstock.com