Facebook Google Menu Linkedin lock Pinterest Search Twitter

Advertisement

Technology

Feb 18, 2016

Can the FBI hack your iPhone?

The US government pinkie swears it is only going to use a backdoor to Apple products this one time. But Apple's having none of it.

Share

applecook

Apple has been ordered by a US federal court to make it easier for the FBI to hack its phones, and the tech giant isn’t happy about it. What does this mean in the ongoing government war against encryption?

What does the FBI want from Apple?

The FBI wants Apple to create a version of its iOS software used on iPhones that will allow the FBI to enter as many PIN codes into an iPhone as it wants to be able to break into phones. It wants to be able to do this electronically, so instead of someone having to sit there and enter each code individually, the FBI could input via Bluetooth or wi-fi as many PINs as it can using a “brute force” method of breaking the code.

It also wants Apple to disable security protections that only give a user a certain number of tries to enter a PIN (after that number is exceeded the phone will be locked for a time until the user is allowed to try again). The FBI also wants Apple to disable a feature that can auto-erase everything on the phone after a number of failed attempts to enter the PIN.

Yesterday, a court ordered Apple to comply with this request.

Why do the Feds want your phone anyway?

Late last year terrorists Syed Rizwan Farook and Tashfeen Malik killed 14 people and injured 22 more in a shooting and attempted bombing attack in San Bernardino, California. They were killed in a shoot-out with police, and in the course of the subsequent investigation, the FBI obtained Farook’s iPhone 5C. The FBI says it needs to access information stored on the phone in case it can reveal connections to Islamic State.

But Farook, like most people, has a passcode on his phone, so unless the FBI can bypass that passcode, there is no way agents can access that information. Since iOS 8, data on iPhones are encrypted by default, using a combination of the PIN on the phone and a hardware key embedded in the phone itself (Apple says it has no record of the value of the key once it leaves an iPhone factory). Without knowing Farook’s code, the FBI is effectively locked out.

Why is Apple resisting?

It’s all about precedent. In a public letter to customers overnight, Apple CEO Tim Cook said the implications of the order went far beyond just this one case. He said Apple had been assisting by providing the FBI all data it had in relation to the case in compliance with subpoenas and search warrants, but the creation of a specific tool to bypass Apple’s own security would be too dangerous:

“Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

The FBI claims it would only be used on this one device this one time, but Cook has said there is no way to guarantee that:

“That’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

There is justifiable concern that once the backdoor software is out in the wild it could end up in the hands of anyone, including other governments and hackers.

If the FBI gets its wish could it hack any iPhone?

The US government claims it is just for this one device, but as Cook explained, it could potentially be used for almost any iPhone before the iPhone 6. If Farook had used an iPhone 6 or above, the FBI’s attempt to access his device using this special hacked version of iOS would have been fruitless.

This is because in the last two generations of iPhone, Apple introduced TouchID, which contains new hardware security called Security Enclave. Security expert Dan Guido has explained that the Security Enclave, separate from iOS, keeps its own check on failed attempts to enter a passcode, which iOS can have no impact on.

“The SE keeps its own counter of incorrect passcode attempts and gets slower and slower at responding with each failed attempt, all the way up to 1 hour between requests. There is nothing that iOS can do about the SE: it is a separate computer outside of the iOS operating system that shares the same hardware enclosure as your phone.”

Guido has noted that given the phone the FBI wants access to is an iPhone 5C, if the FBI is able to test as many passcodes it wants with a modified iOS, then a four-digit passcode could be cracked within an hour.

What about other smartphones?

Google’s initial silence on the matter raised concern about its own widely used Android operating system for smartphones, leading some, like NSA whistleblower Edward Snowden, to suggest Google might have picked sides in the war on encryption. But Google CEO Sundar Pichai said that compliance with the order could compromise user privacy. WhatsApp is also backing Apple’s position.

What does it mean for encryption?

Apple has framed this request in the larger debate about government overreach when it comes to the false balance between privacy and security. Governments around the world are beginning to fight tech companies over the encryption on their devices. The United Kingdom is pushing legislation that would require companies like Apple to provide a backdoor into communications on iPhones.

US lawmakers are currently talking about developing legislation to force companies to provide backdoors, stating that encryption “ought to be able to be pierced“. Democratic candidate for president Hillary Clinton has said a number of times that tech companies need to work with the government to develop backdoors into their software for national security investigations.

In Australia, Prime Minister Malcolm Turnbull appears to be resisting a push for a crackdown on encryption from Australian law enforcement agencies. Liberal MP Andrew Nikolic recently asked Australian Federal Police Assistant Commissioner Neil Gaughan whether the AFP had enough powers given the use of encryption, and Gaughan said encryption had brought “a whole raft of challenges” with it.

In his first national security statement, Turnbull indicated that he had asked ASIO to work with its international intelligence partners to “address the challenge of monitoring terrorist groups” in response to ever-increasing use of encryption technology.

Josh Taylor — Journalist

Josh Taylor

Journalist

Josh is Crikey’s general reporter covering politics, immigration, technology, the environment and, well, just about everything. Josh joined Crikey in 2015 after being lured away from his role as an award-winning technology journalist for ZDNet.

Get a free trial to post comments
More from Josh Taylor

Advertisement

We recommend

From around the web

Powered by Taboola

12 comments

Leave a comment

12 thoughts on “Can the FBI hack your iPhone?

  1. AR

    The sound of hammer & nails at the stable.

  2. JMNO

    I think that as a matter of principal any law enforcement agency should have to make a legally-based request to an organization to obtain access to its data on a case-by-case basis. It will be far too tempting to start trawling around for what they can find and that starts to be an unjustifiable breach of people’s privacy, even if they don’t have anything to hide.

  3. Maja

    How could they update the operating system of the phone if they don’t have the passcode for it already?

  4. Raaraa

    Don’t forget that the US already have precedent with the Nixon Administration in the “Watergate” scandal. The abuse of power by an executive using the FBI to obtain information about his opponents.

    It was an abuse of power, and Nixon had to resign because of this, but the people are aware that FBI compelling Apple to put in this backdoor could easily be abused by an interested agent.

  5. mikeb

    Have I personal stuff? Yeah – photos, contacts, emails, texts & the like. Nothing of interest to anyone but myself. Re hacking – as long as they can’t change anything (that’s a proviso) then it’s not going to worry me. I’m not a celebrity with nude photos which will embarrass. No bank account passwords or anything like that there either. To some people this will be a concern – just not me.

  6. Wayne Cusick

    mikeb, don’t you have personal information on your phone?

    I certainly have, and I’ve only been using a smart phone for 8 or 9 months.

  7. zut alors

    Whether to be on the side of an international behemoth (Apple) or a US government agency (FBI)?

    A choice between two undesirables but I’ll opt for Apple in this instance.

  8. hhcrikey

    WakeUpAustralia: see CALEA, stingray and friends – interception of the traffic in and out of the device has been a done deal for a couple of decades. Present battle is over access to contents of the device itself.

    mikeb : if a bad actor (your classic “black hat”) knows that the back door exists, they can find and use it too.
    About a week after that, every techie kid on your street.
    Read only or not, there are many things on my phone I would not want easily accessible even if I, like you, don’t really care about “the feds”.

  9. Keto Vodda

    Apple will be somewhat concerned.

    Why would anyone buy a phone with a backdoor?

    Buy phones from any other country.

  10. Keto Vodda

    “Provided that they can’t alter information held there then they are most welcome to have a look-see.”

    No doubt there are no hackers in the FBI so you should be safe – until some criminal also obtains access.

  11. mikeb

    I’ll probably get howled down for my opinion but so be it. I don’t really care if the FBI or ASIO or similar can hack my phone. It would only bore them. Provided that they can’t alter information held there then they are most welcome to have a look-see. I assume the people at Apple or whatever are clever enough to leave a backdoor open on the ios to allow entry for read only?

  12. WakeUpAustralia

    What?

    Like they don’t have a backdoor already?

    Or is that only applicable to the NSA?

Leave a comment