On a technical level, Apple can comply with the FBI’s request for help in accessing an iPhone used by Syed Rizwan Farook, one of the people accused of killing 14 in California two months ago, security experts said Wednesday.
“I believe it is technically feasible for Apple to comply with all of the FBI’s requests in this case,” said Dan Guido, the co-founder and CEO of Trail of Bits, a New York City-based security firm, in a Wednesday post on his firm’s blog. “On the iPhone 5C, the passcode delay and device erasure are implemented in software and Apple can add support for peripheral devices that facilitate PIN code entry.”
Essentially, what the FBI has asked Apple to do — with a federal magistrate’s concurrence — was to make it possible for investigators to brute-force the passcode on the iPhone 5C by subverting iOS’s limitations on entering such codes, as well as removing the auto-wipe feature, triggered when several incorrect passcodes are entered. On Farook’s iPhone 5C, which is running iOS 9, each successive incorrect entry enforces a delay until the next can be punched in.
The result: The FBI has been stymied, afraid that entering wrong passcodes — which must be tapped in by hand — would take too long, but more importantly, quickly wipe the iPhone clean.
“In plain English, the FBI wants to ensure that it can make an unlimited number of PIN guesses, that it can make them as fast as the hardware will allow, and that they won’t have to pay an intern to hunch over the phone and type PIN codes one at a time for the next 20 years,” said Guido.
Guido initially argued that the same request would be moot on newer iPhones — any model equipped with the Apple-designed A7 SoC (system on a chip), which was first used in 2013’s iPhone 5S.
The barrier would be the Secure Enclave (SE), a co-processor fabricated as part of the A7. The Secure Enclave is not accessible to iOS, so any changes Apple might make to its mobile operating system — the gist of what the FBI’s asking Apple to do — would be worthless.
SE is responsible for processing the fingerprint data acquired by the Touch ID sensor, and also encrypts the device and its contents with a unique key pre-set during manufacturing that is “entangled,” or combined, with the device’s unique ID (UID) as well as the user-set passcode on the lock screen. Apple does not know or have a record of the key embedded in the Secure Enclave.
However, in an update to his post, Guido said that it would also be possible to undermine SE, although it would require revisions to not just iOS, but also to the SE firmware.
“Apple can update the SE firmware, it does not require the phone passcode, and it does not wipe user data on update,” he said. “Apple can disable the passcode delay and disable auto erase with a firmware update to the SE. After all, Apple has updated the SE with increased delays between passcode attempts and no phones were wiped.”
Other security experts agreed with Guido that it was technically possible for Apple to comply, but claimed that on later iPhones, SE made it futile. “On newer phones like the iPhone 6, with Apple’s [SE], such an update of the firmware would be impossible,” asserted Errata Security on its website. “Updating the firmware to do what the FBI wants would also erase the crypto keys, or at least first require unlocking. If such a trick would work on the newer phones, then Apple has been lying about them.”
But while Apple could comply — the experts agreed that it’s technically viable on the iPhone 5C — the Cupertino, Calif., company clearly does not want to.
Late Tuesday, Apple posted a memorandum by CEO Tim Cook that spelled out his firm’s position. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone,” Cook said in the open letter.
Cook also argued that the demand was the edge of a slippery slope, that by acceding to the FBI’s request, Apple would open Pandora’s Box. “The government suggests this tool could only be used once, on one phone. But that’s simply not true,” Cook contended. “Once created, the technique could be used over and over again, on any number of devices.”