x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • What is Apple fighting for: iPhone security, or how the FBI wants to compromise privacy for a billion people

What is Apple fighting for: iPhone security, or how the FBI wants to compromise privacy for a billion people

Posted: , by Victor H.

Tags :

What is Apple fighting for: iPhone security, or how the FBI wants to compromise privacy for a billion people

Some have called it the battle for our future: the clash between the world's biggest tech company and the world's biggest government.

But first, some background: on December 2nd, 2015, gunman Syed Farook and his wife, Tashfeen Malik, opened fire, killing 14 people and injuring 22 in a terrorist attack in the town of San Bernardino, California. After the shooting, the couple left in an SUV, only to be found hours later and killed in a shootout with the police. The FBI seized an iPhone 5c running on iOS 9 and locked with a passcode. The Federal Bureau believes that the phone has information vital to the investigation and it is pushing Apple to take unprecedented measures to crack the device.

A federal judge has issued a court order requiring Apple to build a backdoor that would allow the FBI to hack the iPhone of the San Bernardino shooter. Apple says that there are no guarantees that such a backdoor - that currently does not exist - would be used for this case alone and will allow the government to spy on anyone with an iPhone. The company will appeal. While the legal process will likely take months, it's good to know why this is important not just for the personal data of everyone with an iPhone, but for the personal data on any phone, period.

"If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge," Tim Cook said in an open letter to Apple customers explaining the situation.

What Apple is opposing here is Big Brother, in a very real, modern reincarnation.

First, though, let's try to understand why the all-powerful FBI finds it impossible to break into the San Bernardino shooter's iPhone on its own and has gone to the trouble to require Apple's assistance.


iPhone security 101


What is Apple fighting for: iPhone security, or how the FBI wants to compromise privacy for a billion people

It's important to know that iPhone security can be roughly divided in two eras: pre-iPhone 5s (aka pre-Touch ID) and post iPhone 5s.

With the introduction of its Touch ID fingerprint scanner, Apple has introduced an overhaul of the iOS system security, making its platform much more secure. Before we dive into the details, we should clarify that the San Bernardino shooter used an iPhone 5c that the FBI now has. It is an old phone from the first, pre-iPhone 5s era of security. However, the FBI finds it impossible to crack even this phone within reasonable amounts of time.

This brings us to the core features of iPhone security.

There are three key protections on iOS that prevent the FBI from breaking into the San Bernardino shooter's iPhone:

  1. iOS may completely wipe the user’s data after too many incorrect PIN entries
  2. PINs must be entered by hand on the physical device, one at a time
  3. iOS introduces a delay after every incorrect PIN entry

What the FBI wants


As you'd expect, the court order (PDF here) asks Apple to remove all three in what would create a backdoor for the FBI to use to 'brute-force' the PIN code on the phone. Brute forcing simply means that the FBI will hook up the iPhone to a powerful computer that would quickly run through all possible PIN combinations until it guesses the one that the shooter has used on his iPhone. Here is what the FBI wants Apple to do to allow it to brute-force the phone:

  1. Disable the iPhone function that wipes the phone after too many incorrect PIN entries
  2. Enable PIN input to happen not on the iPhone itself, but from another device, so that the FBI could have a computer doing this work
  3. Disable the delay so that the computer that guesses PINs can do this as fast as possible

Two important notes here: some research firms claim they are able to hack into iPhones before the 5s that are running on up to iOS 8.4, so one can assume the iPhone 5c in question runs on iOS 9. Also, encryption would not be that critically locked down and could be bypassed easier on a phone that is not powered down. This suggests that the FBI either allowed the phone to run out of battery, or obtained it powered down. In either case, all evidence suggests that the FBI cannot crack into the shooter's iPhone on its own.

The FBI cannot crack the shooter's phone... so it wants to be able to crack everyone's phone


What is Apple fighting for: iPhone security, or how the FBI wants to compromise privacy for a billion people
Put in simple terms, the FBI has ordered Apple to build a custom, signed version of iOS that would disable the protection that Apple itself implemented. The version will bypass passcode delays, won't wipe the phone after a few incorrect attempts, and will allow the FBI to hook up its computer to guess the passcode faster. This, by all means, is a backdoor.

So why cannot the FBI itself build such code and flash it onto the iPhone? The reason is in the way iPhone firmware updates work: they are flashed via the Device Firmware Upgrade (DFU) Mode. Once your iPhone is in DFU mode, you can add new firmware to your iPhone via a USB connected device. However, before installing the firmware, the iPhone always checks whether the firmware file has a valid signature key. Only Apple has the signature keys, and this is why the FBI cannot simply load its software on its own terms.

What if it was a newer iPhone: enter the Secure Enclave


The Secure Enclave is a separate chip built in every iPhone with Touch ID

The Secure Enclave is a separate chip built in every iPhone with Touch ID


The hacking of an iPhone, however, might have been even harder if the shooter used a newer iPhone - the 5s, 6 or 6s. 

With the introduction of Touch ID, Apple has placed a separate hardware chip, the poetically named Secure Enclave (SE), a separate computer (or co-processor, if you prefer) in the iPhone. The Secure Enclave takes care of the privacy of file encryption, Apple Pay and Keychain Services. When you enter your iPhone passcode on a device with Secure Enclave, the passcode is bundled together with a key that is embedded in the SE, so in order to break into the phone, you now need both the passcode and this key. Keys from the Secure Enclave cannot be read by iOS in any way, so that's why even a modified version of iOS would not be of any help to the FBI - had the shooter used a newer iPhone.

Even if the FBI succeeds in forcing Apple to build a custom iOS version (FBiOS?), if it were dealing with a Touch ID iPhone, the FBI agents would not be able to crack the phone. The obstacle in the way is the fact that the Secure Enclave (SE) keeps its own, separate record of failed PIN attempts and separately mandates a delay. After 9 failed PIN attempts, SE will introduce a 1-hour delay between attempts, making brute-forcing the password practically impossible.

What is Apple fighting for: iPhone security, or how the FBI wants to compromise privacy for a billion people
Secure Enclave is a separate chip that makes it extremely hard to brute force passwords

Secure Enclave is a separate chip that makes it extremely hard to brute force passwords


However, since the San Bernardino shooter's iPhone 5c does not have this Secure Enclave chip, it relies only on software to dictate PIN attempt delays that prevent brute-force attacks. Hence, the FBI can order Apple to build such software, disable the delays and this would be enough to brute-force an iPhone 5c.

To illustrate the power of the Secure Enclave, you need to look no further than the recent scandal over 'Error 53'. The 'Error 53' is a fatal iPhone error that users who have serviced their iPhones in unauthorized centers get when their iPhone has been serviced with a third-party Touch ID fingerprint scanner. Apple has restricted iPhones to work with a single Touch ID sensor via the Secure Enclave, a security measure that prevents hackers from bundling fake Touch ID sensors to brute-force fingerprint authentication.

Is it even possible to crack a Touch ID iPhone?


Going one step further, let's ask the question: what if the shooter had a newer iPhone? Building an iOS backdoor - as the FBI requires - would not be enough then, but is it even possible to crack the Secure Enclave? The answer is unclear. Apple is not providing details about the Secure Enclave to the public, but security expert Dan Guido suggests that Apple has changed passcode delay times in the past on Touch ID phones, which would be possible only if it could update the firmware for the Secure Enclave chip. Hence, if it was a newer iPhone (and, we bet, in the near future) the FBI would be asking Apple for not only an iOS backdoor, but a separate Secure Enclave backdoor as well.

An unconstitutional order


The fight for consumers privacy has been going on for eons, but for the first time in recent history, we have a company the scale of Apple make such a bold step to protest the government's requests. The American Civil Liberties Union and the Electronics Frontier Foundation (EFF) have taken a firm stand, supporting Apple's position and the right to privacy. Cryptologists and national security experts have long held this position. Google's Sundar Pichai has expressed (lukewarm) support as well. Other high-profile figures like Whatsapp chief Jan Koum has also taken a stand with Apple. But it is shocking to see giants such as Facebook and Microsoft, to name a few, remain in worrying silence.

Admittedly, Apple has positioned itself as one of very few that puts security at the forefront and makes it a key value for Apple as a brand, but this is a fight about much more than just Apple.

"If the FBI can force Apple to hack into its customers’ devices, then so too can every repressive regime in the rest of the world," Alex Abdo from the American Civil Liberties Union writes.
 
"Code is speech, and forcing Apple to push backdoored updates would constitute “compelled speech” in violation of the First Amendment. It would raise Fourth and Fifth Amendment issues as well," the EFF adds. Yes, this would be in direct violation of The Constitution.

This is a battle between the world's biggest tech company and the world's most powerful government


What's really at stake? Put simply, law enforcement would typically request access to information by a warrant, but it cannot mandate a company to change its product, as that would mean interfering in its business. This would be comparable to the FBI ordering carriers to start recording everyone's calls, so that the FBI can listen in (currently, carriers only hold the numbers of contacts and lengths of calls, but not the actual call recordings). That is the type of precedent that is at stake.

The public backlash


Apple has not taken an easy decision: it stands firmly to protect users' privacy and security in a very sensitive case of terrorism that populists can easily use to manipulate the debate and put the blame on Apple. The headlines do not disappoint:

"Apple chose to protect a dead ISIS terrorist’s privacy over the security of the American people," Sen. Tom Cotton says, while Sen. Dianne Feinstein is about to introduce a bill to force Apple to comply with the court order.

Trump and others have already started the smear campaign against Apple

Modern-day buffoons like Donald Trump have also quickly jumped in on this, in an attempt to rape in the benefits of a nation hurt by gun violence. "Who do they think they are?" Trump throws a tantrum in front of the media, but fails to consider the implications of a backdoor to the privacy of millions of people.

Those reactions will only intensify as public figures try to reap the political dividends of a highly sensitive issue. It's commendable that Apple is taking a firm stand to protect users privacy despite the very high possibility that it will be bad-mouthed by influential public figures.

Conclusion: Here's why this is important


Finally, to wrap things up, let us repeat the main concerns around this unprecedented fight for the people's privacy: if Apple is required to crack an iPhone for US law enforcement agencies, why should not it do the same when the Chinese, Iranian or Russian governments request the same?

If Apple provides code that allows the FBI to crack the iPhone 5c of the San Bernardino shooter, what guarantees are there that a malicious hacker won't some day get hold of that code and get the capabilities to break into millions of other iPhones? 

Furthermore, after the Snowden revelations in 2013, what guarantees are that our government itself won't hack into Americans' phones at will?

Phonearena polls
sort by
Which side are you on?
82.39%
627 votes
(627 votes) Apple
17.61%
134 votes
(134 votes) FBI

761 votes


Story timeline

93 Comments
  • Options
    Close






posted on 18 Feb 2016, 09:45 27

1. yoosufmuneer (Posts: 1507; Member since: 14 Feb 2015)


The first time ever I am on Apple's side

posted on 18 Feb 2016, 09:46 11

2. Landon (Posts: 556; Member since: 07 May 2015)


You and me both!

posted on 18 Feb 2016, 09:48 9

3. S.R.K. (banned) (Posts: 678; Member since: 11 Feb 2016)


Accept me, never have never will. Greedy patent trolls, and bullies. Don't like cowards.

posted on 18 Feb 2016, 09:54 20

8. Derekjeter (Posts: 974; Member since: 27 Oct 2011)


"Don't like cowards"

Says the person talking smack behind a computer. Real brave of you.

posted on 18 Feb 2016, 11:43 1

40. darkkjedii (Posts: 22128; Member since: 05 Feb 2011)


LMAOOOOO right!

posted on 18 Feb 2016, 12:00 3

43. engineer-1701d (unregistered)


my face is on i tell everyone to there face and get into arguments about apple everyday and make it known,
they have the backdoor access they just need to hold out until forced real hard to look like they never had the software, because apple them self said not even apple can unlock encrypted phone about 1 to 2 years ago.
to help sell apple security.
f it let mcafee do it. then apple will really look bad.

posted on 18 Feb 2016, 14:45 2

57. Bernoulli (Posts: 4093; Member since: 01 Sep 2012)


What other way to interact here is there? Did you want him to Skype you?

posted on 18 Feb 2016, 14:51

60. TechieXP1969 (Posts: 10700; Member since: 25 Sep 2013)


Yeah! And you're doing the same exact thing. You like him is just a screen name and a keyboard.

posted on 18 Feb 2016, 09:58 13

13. Nathan_ingx (Posts: 4003; Member since: 07 Mar 2012)


This issue is greater than patents, trolls and bullies. It involves compromising Android devices too.
Think clearly.

posted on 18 Feb 2016, 10:09 2

17. S.R.K. (banned) (Posts: 678; Member since: 11 Feb 2016)


This does not involve Android. So many and much tragedies are caused by just Apple. Few moths ago a guy uses iPhone to bomb, while using iMessage.

They are only concerned about this bad fruit.

posted on 18 Feb 2016, 10:13 5

18. miket1737 (Posts: 3027; Member since: 17 Mar 2013)


Please stop trolling. if you don't see how this won't have ANY implications for Android and Android users, then I highly suggest you go back to high school. There is no room here for your trolling nonsense. This will have implications far beyond just iOS and this specific case

posted on 18 Feb 2016, 10:26 1

25. S.R.K. (banned) (Posts: 678; Member since: 11 Feb 2016)


It's difficult to say with any degree of certainty - Apple does not disclose enough about its operating system to know.
Other secure products such as smart cards are designed so that the security cannot be changed after they leave the factory.
Some devices such as bank computers wipe themselves if you try to change the software.
But phones are not designed primarily from a security perspective.
It's possible that forcing a new version of iOS onto the phone would wipe it. Apple may have designed it in this way - and it would certainly be the more secure way to do it."

Tim will go to prison, Or-else Apple collapses.

posted on 18 Feb 2016, 10:39 7

30. Nathan_ingx (Posts: 4003; Member since: 07 Mar 2012)


For reals homes?
What are you smoking dude? I want none of that sh¡t.

posted on 18 Feb 2016, 11:19 1

37. Landon (Posts: 556; Member since: 07 May 2015)


Wow... where do you get your weed?
From you, Dante.
Oh yeah! What's up, Mr. Cheezle!

posted on 18 Feb 2016, 12:01 1

44. engineer-1701d (unregistered)


yeah and its about finding out more about the killers and others that are going to do the same thing.

posted on 18 Feb 2016, 14:58 3

61. TechieXP1969 (Posts: 10700; Member since: 25 Sep 2013)


If Apple had such and gave such, these guys are terrorist right? The Feds can catch people right away or ever.

If Tim Cook gave this than he and all his employees could all be attacked by those same terrorists with hours. The feds can't stop attacks even when they know a terrorist by name.

For every one terrorists they do catch or kill, 1000's more are out their. Its a never ending game.

Liek for example, no matter how many peopel they catch with weed, more people are still goign to smoke it. Drug wars are a waste of money and are stupid.

The reason the USA has so many enemies because they keep trying to police the whole world and tell others what to do.

They occupy other people territories trying to may everyone follow our way of democracy.

Not everyone wants democracy, at least no the version we have because still some Government is still in control.

The FBI isnt doing this to protect America. With every such advance, they take America further back in the stone age.

Technology has simply allowed them to be more corrupt and made it easier for them to be so.

Until you understand this, which I think you never will; you should be quiet.

I am not saying you are right or wrong. What I am saying is, you want to open a door for potential for the government to do what they do best, which is; lie and make false claims.

America created most of its enemies, by befriending them first and stabbing them in the back later. Islam is a religion...many Christians have killed in the name of their god, who are we to police someone else for the same?

If the USA stayed on its own continent and stop trying to control others, they wouldn't have any enemies.

posted on 18 Feb 2016, 10:02 1

15. Landon (Posts: 556; Member since: 07 May 2015)


Accept you? Give me a reason to accept you. LOL

posted on 19 Feb 2016, 20:06

85. geoffphuket (Posts: 50; Member since: 08 Feb 2016)


Don't know where you're from, but your English is terrible!

posted on 20 Feb 2016, 03:54

88. Landon (Posts: 556; Member since: 07 May 2015)


I was referring to S.R.K.'s #3 post. He should have put except instead of accept.

posted on 18 Feb 2016, 09:52 2

6. technitude (Posts: 117; Member since: 19 Dec 2013)


Right is right.

Hopefully the FBI is held accountable when privacy throughout the world is compromised. They probably cannot be held financially responsible, but full pensions of all government workers should be on the line if criminals get this code.

posted on 18 Feb 2016, 12:03 1

45. engineer-1701d (unregistered)


its not like you think god why are you all so backassward.
i like living in america and not worrying about terrorists shoots friends and family

posted on 18 Feb 2016, 09:56

10. GreenMan (Posts: 1441; Member since: 09 Nov 2015)


Count me in...!

posted on 18 Feb 2016, 11:27 1

38. Feanor (Posts: 733; Member since: 20 Jun 2012)


The first time that I'm on both Apple's and Phonearena's side. Congrats for the brave article. USA government should look on their policies about their involvement into global matters to seek the cause of their national security concerns. Not into (also non-american) people's privacy.

posted on 18 Feb 2016, 19:24

67. lyndon420 (Posts: 4564; Member since: 11 Jul 2012)


I'll have to agree with you there.

posted on 19 Feb 2016, 04:48

79. MSi_GS70 (unregistered)


Apple brought this up for purpose ...
All sudden they talking about privacy ?
So what FBI can do with ppls data ? something bad ? they are terrorists ?
This is something else going on behind scenes..
I do not believe BOTH !!!

posted on 22 Feb 2016, 22:40

91. siduaoisud (Posts: 9; Member since: 26 Nov 2015)


If AND IF you read the court order the FBI is not asking for a back door to get past encryption. It is asking for google to modify this single phone so they can brute force its password combo. They told Apple to do it at Apple's own HQ and to keep the source file if Apple is paranoid about it getting out.

posted on 18 Feb 2016, 09:52 2

4. slatt01 (Posts: 5; Member since: 25 Aug 2015)


NSA have got all this information from phone already, they just want apple to crumble so the information can be used.
If apple are right then the NSA will be exposed.

posted on 18 Feb 2016, 09:52 1

5. S.R.K. (banned) (Posts: 678; Member since: 11 Feb 2016)


It's been known to many as a fact: Apple does not care about making money, Apple only cares about making 'the best products'. I believe this is a lie. Apple's real goal is to keep profit margins as high as possible. This is not a real problem as long as their products are extremely competitive (or: when the competitors are weak). However, this has changed, competition is not so weak anymore.

The iPhone 5 is a great phone, I have no doubts. The next phone however is already known to be a simple spec bump, the iPhone 5S. I honestly don't think think that in a fast-paced world as the smartphone world, the iPhone 5 can be 'the best smartphone' for two years long. In other words, when the 5S will be released, it will be a pretty good phone, possibly the best to date, but it won't be 'the best smartphone possible'.

By the the time iPhone 5S will be released, there will be better screens, better cameras, better SOCs. The only reason why Apple will continue to keep the iPhone 5 design, is because it takes about 1 year to get yields to the maximum level. In other words, profit margins will be maximized after about one year, so Apple keeps the iPhone 5 in favor of a new design because it is more profitable, not because it's better.

Apple cares more about their profit margin than they do about 'making the best products' and this compromizes Apple's competitivity. There is more than one fact which supports this statement. A good example is the storage capacity, they still sell 16 GB iPads and iPhones, even though some games are between 1 and 2 GB. 16 GB really does not ensure the best experience on an iOS device possible.

My conclusion: in the end, Apple is not unlike any other company, they want to make as much money as possible to keep shareholders happy. Don't be fooled by Tim Cook saying all they care about is making the best products, because that's not true.

posted on 18 Feb 2016, 09:57 10

11. TerryTerius (Posts: 1928; Member since: 10 Apr 2014)


What does that even have to do with what this article is about? I mean, it's fine if you have your views about Apple and you're entitled to that.... But none of what you said is relevant to the matter at hand. And that would be the privacy of not only the American people, but every single person that holds a smartphone on the planet. This isn't even really about Apple.

posted on 18 Feb 2016, 10:13 4

19. miket1737 (Posts: 3027; Member since: 17 Mar 2013)


Seems like a copy pasted comment from someone else somewhere, anyway completely unrelated.

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories