Constitution on ipad

How the FedGov could have had that terrorists iPhone data…yesterday.

But they don’t really want it.

Phone iOS

 

I really shouldn’t have to explain this. It’s simple to read the strategy behind the demand by a Federal Court that orders Apple to help the FIB’s find a 4 or 6 digit PIN to unlock an iPhone.

The iPhone that belonged to dead terrorist, Sayed Farooq. 

If this had actually been about a single iPhone,  the government could have gone to Cupertino, asked for a meeting with CEO Tim Cook and said the following:

 

Afternoon Sir. We need help. We can’t figure out how to crack the lock screen PIN. There is a possibility that there is information on the handset that might yield valuable insight to anti-terrorism operations. We simply need help. The owner is dead, he is a terrorist, he killed innocent Americans.

Can you help us get into this iPhone?

 

I don’t think in a scenario like that the US Government LE and Intel communities would have gotten very little pushback, if at all. Sayed is dead so his rights can’t be violated. He is in purgatory, so the last thing he cares about is his iPhone.  I’m sure everyone who is concerned with their privacy and their personal data would agree that it would be fine for Apple to take that handset back to the lab, and see what they could do about that request for help. I’m sure Apple would have appreciated the US Federal Government keeping this on the down low.

That’s how they could have done it.

 

IcloudSurely, Apple wouldn’t allow anyone to see how they did it…nor would they share the process or procedure from a successful data extraction from an encrypted iPhone with anyone. No one knows what is on that handset. It’s possible that Farooq turned off iCloud backup and used an encrypted iTunes backup…or he may not have backed anything up at all. He may have completely wiped the device. What the FBI wants to know if there is anything on the iPhone. They don’t know. So the big question is…would you like to be the person who has to make the decision on giving an iPhone backdoor to the Government and risk the privacy and security of 80 million people for what may very well be a clean install without any data at all? Luckily, that isn’t what needs to happen.

 

What Apple could do

The issue is the iPhone is set to auto-wipe after 10 failed lock screen pass code attempts.

The FBI has already used up 9.

Since the iPhone is a 5C, it doesn’t have TouchID. This makes things much less complicated. If the Secure Enclave was in play…or if this had been any other device that was an iPhone 5S or newer, there is  nothing that Apple, or the FBI for that matter, could do about anything that resides on that handset:

 

By setting up a device passcode, the user automatically enables Data Protection. iOS supports six-digit, four-digit, and arbitrary-length alphanumeric passcodes. In addition to unlocking the device, a passcode provides entropy for certain encryption keys. This means an attacker in possession of a device can’t get access to data in specific protection classes without the passcode.

The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5.5 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.

The stronger the user passcode is, the stronger the encryption key becomes. Touch ID can be used to enhance this equation by enabling the user to establish a much stronger passcode than would otherwise be practical. This increases the effective amount of entropy protecting the encryption keys used for Data Protection, without adversely affecting the user experience of unlocking an iOS device multiple times throughout the day.

To further discourage brute-force passcode attacks, there are escalating time delays after the entry of an invalid passcode at the Lock screen. If Settings → Touch ID & Passcode → Erase Data is turned on, the device will automatically wipe after 10 consecutive incorrect attempts to enter the passcode. This setting is also available as an administrative policy through mobile device management (MDM) and Exchange ActiveSync, and can be set to a lower threshold.

On devices with an A7 or later A-series processor, the delays are enforced by the Secure Enclave. If the device is restarted during a timed delay, the delay is still enforced, with the timer starting over for the current period.

 

Apple processor

 

That means, that if the Secure Enclave was present  to enforce the delay escalation, it would be nearly impossible to run the handset through every character combination in a reasonable amount of time to stop any impending terrorist activity happening in this decade. You never know though…someone might get lucky.

Since it is an iPhone 5C, there is no A7 processor to enforce delay escalation. So all Apple would need to do, is write an iOS firmware version that lacks the passcode restrictions that are controlled from this portion of the settings app:

 

Passcode erase

 

Custom Firmware

Once the firmware…sans pass code restrictions…is written, the device can be placed into DFU mode and  the iPhone is now in an environment where it wants to load iOS Firmware before it will do anything else. This environment is called Device Firmware Update…or DFU mode. It’s different from Restore Mode which is achieved by pressing and holding the home button while powering on.

DFU Mode is achieved by tethering an iPhone to a USB cable to a computer, and powering it down. Then, you press and hold the sleep/wake button for 2 seconds, then press the home button for 10 seconds, release the sleep/wake button while continuing to hold the home button for another 8 or so seconds…then the iPhone will: Do absolutely nothing.

But the computer will let you know through iTunes that the handset is powered on and connected. The screen will remain blank. This is how the iOS Jailbreak community injects the RAM Disk containing the packages needed to use Cydia on an unmodified iPhone.

Why can’t the United States Government do it?

Surely…iOS .ipsw’s have been disassembled and scrutinized by the us.gov hacks. I’m sure there are plenty of ‘special’ iOS firmware bundles that have all the things that the intelligence community needs to easily monitor, extract, record, capture and relay private user data…kinda like Android does. The problem is: they can’t install it. Since Apple code-signs firmware installs, (the process of validating the firmware with an Apple code-signing server to make sure it’s copacetic, free of malware and ‘other stuff’) only official Apple firmware is allowed to run on an iPhone.

This is the initial contingency on a long list of others that keeps your iPhone from getting hacked. If the government…and malicious hackers had their way, they could place that ‘special’ firmware on the web and lure unsuspecting iOS users to install it, compromising their iPhones and their private lives.

So why isn’t this about the Sayed iPhone?

This is the quintessential Win-Win-Win-Win scenario:

  • The US Intelligence community gets the Sayed iPhone data and possibly learns from it. (If there is even anything on it.)
  • Apple relations with the US Federal Government improve. After doing the FBI  a solid by helping them thwart thousands of terrorist attacks, (If that iPhone was the CommCenter for terrorists who plan ahead and document their plans on iPhones), thus saving countless lives…assuming that countless lives are in danger by not knowing what’s on that iPhone.
  • 80 million US iOS users won’t have their privacy and security placed in jeopardy, (just because 2 dead terrorists bought an iPhone and Government believes the survival of this planet hinges on monitoring all of them because of the actions of 2)
  • The citizens of the United States would be both safer from terrorism and their private data would still be secure from any individual, group, agency and government because no backdoor is created, nor is any backdoor installed on any iPhone.

 

Leverage.gov
Leverage

Unfortunately, some .gov decision maker decided they would use a domestic terrorist event as a tool for leverage by publicly ordering Apple to help the US Intel community extract the terrorists, “future plans of terror”, that they believe could reside on that single iPhone. And because it is possible that something might be on that iPhone, they should be able to install their firmware in their lab on their terms. This might have appeared to be a great plan to force Apples helping hand using the shifting wind of public opinion as a tool for leverage: If Apple doesn’t give the FBI the keys needed to open up this iPhone, (and consequently millions of others which is the end to the means here), then the Government believes that public opinion will label Apple as the Tech company that harbors terrorists plans and doesn’t care who gets killed.

Conclusion

I really do believe the FedGov honestly thinks they can keep this country secure from terrorism if they could simply ignore their own wire-tapping laws and simply do away with Amendment the 4th so they could monitor every cellular phone made. It seems like a rock solid plan until you analyze what it would take to actually accomplish that kind of data processing. Because of that point alone, it is quite easy to see that a leadership issue exists. You would think that after ISIS developed their own home-spun encryption scheme, someone in Washington would get a clue.

Apple is an advocate of user privacy. Strong encryption is their tool to enforce their commitment to their customer. It has got to be tough leading Apple against those who think the .gov folks should have an iPhone back-door, but Tim Cook seems to be steadfast in his position that Apple is responsible for protecting iPhone users. Taking the user privacy  fight head-on against the government and expecting people to follow you takes vision. It takes moral ethics. And it takes leadership. Especially when the media parrots the opposing position without any critical thinking of their own.

I never thought that the Government of the United States would shift its purpose so far out of calibration that the yoke of responsibility to protect the American people so they might retain their 4th amendment rights, hangs proudly around the neck of Apple Inc.

Logo of guru

%d bloggers like this: