Thursday, February 18, 2016

FBI vs. Apple iPhone, The Real Story

Are you confused over the battle between the FBI and Apple over the iPhone?  On the surface it seems un-American that Apple does not wish to provide [2] the FBI information it requires for a terrorism investigation.  A deeper review shows the FBI interests are more broad than a terrorists iPhone.  The FBI and the court[1] are demanding Apple weaken strong iPhone security features used on all iPhones.  Let's review the court and FBI demands.

"...bypass or disable the auto-erase function...", this is a security feature on the iPhone that wipes data if there are too many failed password/pin attempts to unlock the phone.  It's disabled by default and optionally enabled by iPhone owners.

"...enable FBI to submit passcodes to the SUBJECT DEVICE for testing electronically...", the FBI desires to attempt many passcode/pin's rapidly to unlock a device.  In security parlance this is known as a Brute-Force Attack.  FBI wants to be able to brute force iPhones.

"...device will not purposefully introduce any additional delay between passcode attempts...",  this security feature introduces an increasing delay between successive failed passcode attempts which adds a growing penalty to the attacker for bad passcode/pin guesses.  This is another Apple security feature designed to prevent brute force attacks.  The FBI wants this removed.

"...SIF[Software Image File] will load and run from the Random Access Memory ("RAM") and will not modify the iOS on the actual phone...", this change helps the FBI avoid detection of it's iPhone monitoring activities while preventing unintentional tampering of forensic evidence that may be used in a trial.

If the FBI requested the information on the terrorists phone their motives would appear more creditable.  Instead they requested security features, used across all iPhones, purposefully weakened.

The order includes provisions to limit or lock the request to only the SUBJECT DEVICE.  On the surface it appears as though this demand is applicable to only a single named phone used by terrorists.  Weakening security on a single iPhone is the governments method to eat an elephant one piece at a time.  Initially the FBI compels Apple to make code changes supporting their agenda.  As time passes the FBI along with other government agencies will make increasingly more demands that use the previous assistance as a leverage point, opening a pandora's box.  If the FBI requested the information on the terrorists phone their motives would appear more creditable.  Instead they requested security features, used across all iPhones, purposefully weakened.  The public can only assume this court order is the FBI's attempt to gauge tech industries reactions for future information requests and continue their crusade on security backdoors.

[1] California District Court Order compelling Apple to assist FBI
[2] A Message to Our Customers, letter from Apple to customers on security

Share It!