What We've Learned from Apple-FBI Spat?

Posted by Kirhat | Monday, April 04, 2016 | | 0 comments »

Apple and the FBI
The Federal Bureau of Investigation (FBI) has a two-word message on the Apple encryption case: Never mind!

Not even a month and a half after the FBI convinced a judge that without Apple’s help, it could never unlock the encrypted iPhone 5c used by San Bernardino murderer Syed Rizwan Farook last year, the agency announced it had gotten into the phone without Apple’s help.

The latest news as reported by Rob Pegoraro of Yahoo! Tech — telegraphed a week before when the FBI asked for a delay in a hearing on its attempt to compel Apple to load special software on Farook’s iPhone 5c that would allow unlimited guesses of his unlock passcode — ends that case. But the conversation about it is nowhere near finished.

How did the feds do this?

The government’s three-sentence filing states concisely but vaguely that it "has now successfully accessed the data stored on Farook's iPhone."

As a result, it no longer needs Apple to perform the vulnerability transplant required by Judge Sheri Pym’s 16 February order to further its investigation of the 2 December 2015 attack in which Farook and his wife, Tashfeen Malik, murdered 14 people before being killed by police.

Apple, for its part, responded by sharing a statement with the media that declared, "This case should never have been brought.” But the company pledged its continued help with law enforcement investigations (that don’t involve it weakening its own cryptography) and its continued participation in “a national conversation about our civil liberties, and our collective security and privacy."

Security experts such as Robert Graham and Jonathan Zdziarski can only speculate how the FBI and, most likely, third party researchers managed a feat that the government previously declared impossible without Apple’s "exclusive technical means."

The best-case scenario for iPhone security is that investigators performed some tinkering with the iPhone's memory by physically removing that chip, copying its contents, trying passcodes on the device, then copying it back.

That shouldn't work on newer models with a "Secure Enclave" coprocessor set up to defeat such tampering, so its risk should fade as the iPhone 5c and older models go out of circulation.

And even if you use a 5c or older model, you should have some confidence that if your phone is lost or stolen, its vast store of data about your everyday habits will probably remain encrypted unless a skilled adversary with a personal interest in you acquires it.

The worst-case situation: The FBI now has its hands on an unpatched vulnerability it can use to crack any iPhone it obtains. Apple and any iPhone user would have to assume that this “zero-day” exploit would be known to more than investigators of the San Bernardino case.

In that scenario — Graham's best guess — expect to see more office lights on all night at Apple's Cupertino campus. To borrow a phrase from Apple's 16 February "Message to Our Customers" from CEO Tim Cook, this exploit "would be the equivalent of a master key, capable of opening hundreds of millions of locks."


Post a Comment