What is Apple fighting for: iPhone security, or how the FBI wants to compromise privacy for a billion people

Some have called it the battle for our future: the clash between the world's biggest tech company and the world's biggest government.

But first, some background: on December 2nd, 2015, gunman Syed Farook and his wife, Tashfeen Malik, opened fire, killing 14 people and injuring 22 in a terrorist attack in the town of San Bernardino, California. After the shooting, the couple left in an SUV, only to be found hours later and killed in a shootout with the police. The FBI seized an iPhone 5c running on iOS 9 and locked with a passcode. The Federal Bureau believes that the phone has information vital to the investigation and it is pushing Apple to take unprecedented measures to crack the device.

A federal judge has issued a court order requiring Apple to build a backdoor that would allow the FBI to hack the iPhone of the San Bernardino shooter. Apple says that there are no guarantees that such a backdoor - that currently does not exist - would be used for this case alone and will allow the government to spy on anyone with an iPhone. The company will appeal. While the legal process will likely take months, it's good to know why this is important not just for the personal data of everyone with an iPhone, but for the personal data on any phone, period.

"If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge," Tim Cook said in an open letter to Apple customers explaining the situation.

What Apple is opposing here is Big Brother, in a very real, modern reincarnation.

First, though, let's try to understand why the all-powerful FBI finds it impossible to break into the San Bernardino shooter's iPhone on its own and has gone to the trouble to require Apple's assistance.

iPhone security 101

It's important to know that iPhone security can be roughly divided in two eras: pre-iPhone 5s (aka pre-Touch ID) and post iPhone 5s.

With the introduction of its Touch ID fingerprint scanner, Apple has introduced an overhaul of the iOS system security, making its platform much more secure. Before we dive into the details, we should clarify that the San Bernardino shooter used an iPhone 5c that the FBI now has. It is an old phone from the first, pre-iPhone 5s era of security. However, the FBI finds it impossible to crack even this phone within reasonable amounts of time.

This brings us to the core features of iPhone security.

There are three key protections on iOS that prevent the FBI from breaking into the San Bernardino shooter's iPhone:

  1. iOS may completely wipe the user’s data after too many incorrect PIN entries
  2. PINs must be entered by hand on the physical device, one at a time
  3. iOS introduces a delay after every incorrect PIN entry

What the FBI wants

As you'd expect, the court order (PDF here) asks Apple to remove all three in what would create a backdoor for the FBI to use to 'brute-force' the PIN code on the phone. Brute forcing simply means that the FBI will hook up the iPhone to a powerful computer that would quickly run through all possible PIN combinations until it guesses the one that the shooter has used on his iPhone. Here is what the FBI wants Apple to do to allow it to brute-force the phone:

  1. Disable the iPhone function that wipes the phone after too many incorrect PIN entries
  2. Enable PIN input to happen not on the iPhone itself, but from another device, so that the FBI could have a computer doing this work
  3. Disable the delay so that the computer that guesses PINs can do this as fast as possible

Two important notes here: some research firms claim they are able to hack into iPhones before the 5s that are running on up to iOS 8.4, so one can assume the iPhone 5c in question runs on iOS 9. Also, encryption would not be that critically locked down and could be bypassed easier on a phone that is not powered down. This suggests that the FBI either allowed the phone to run out of battery, or obtained it powered down. In either case, all evidence suggests that the FBI cannot crack into the shooter's iPhone on its own.

Put in simple terms, the FBI has ordered Apple to build a custom, signed version of iOS that would disable the protection that Apple itself implemented. The version will bypass passcode delays, won't wipe the phone after a few incorrect attempts, and will allow the FBI to hook up its computer to guess the passcode faster. This, by all means, is a backdoor.

So why cannot the FBI itself build such code and flash it onto the iPhone? The reason is in the way iPhone firmware updates work: they are flashed via the Device Firmware Upgrade (DFU) Mode. Once your iPhone is in DFU mode, you can add new firmware to your iPhone via a USB connected device. However, before installing the firmware, the iPhone always checks whether the firmware file has a valid signature key. Only Apple has the signature keys, and this is why the FBI cannot simply load its software on its own terms.

What if it was a newer iPhone: enter the Secure Enclave

The hacking of an iPhone, however, might have been even harder if the shooter used a newer iPhone - the 5s, 6 or 6s. 

With the introduction of Touch ID, Apple has placed a separate hardware chip, the poetically named Secure Enclave (SE), a separate computer (or co-processor, if you prefer) in the iPhone. The Secure Enclave takes care of the privacy of file encryption, Apple Pay and Keychain Services. When you enter your iPhone passcode on a device with Secure Enclave, the passcode is bundled together with a key that is embedded in the SE, so in order to break into the phone, you now need both the passcode and this key. Keys from the Secure Enclave cannot be read by iOS in any way, so that's why even a modified version of iOS would not be of any help to the FBI - had the shooter used a newer iPhone.

Even if the FBI succeeds in forcing Apple to build a custom iOS version (FBiOS?), if it were dealing with a Touch ID iPhone, the FBI agents would not be able to crack the phone. The obstacle in the way is the fact that the Secure Enclave (SE) keeps its own, separate record of failed PIN attempts and separately mandates a delay. After 9 failed PIN attempts, SE will introduce a 1-hour delay between attempts, making brute-forcing the password practically impossible.

However, since the San Bernardino shooter's iPhone 5c does not have this Secure Enclave chip, it relies only on software to dictate PIN attempt delays that prevent brute-force attacks. Hence, the FBI can order Apple to build such software, disable the delays and this would be enough to brute-force an iPhone 5c.

To illustrate the power of the Secure Enclave, you need to look no further than the recent scandal over 'Error 53'. The 'Error 53' is a fatal iPhone error that users who have serviced their iPhones in unauthorized centers get when their iPhone has been serviced with a third-party Touch ID fingerprint scanner. Apple has restricted iPhones to work with a single Touch ID sensor via the Secure Enclave, a security measure that prevents hackers from bundling fake Touch ID sensors to brute-force fingerprint authentication.

Going one step further, let's ask the question: what if the shooter had a newer iPhone? Building an iOS backdoor - as the FBI requires - would not be enough then, but is it even possible to crack the Secure Enclave? The answer is unclear. Apple is not providing details about the Secure Enclave to the public, but security expert Dan Guido suggests that Apple has changed passcode delay times in the past on Touch ID phones, which would be possible only if it could update the firmware for the Secure Enclave chip. Hence, if it was a newer iPhone (and, we bet, in the near future) the FBI would be asking Apple for not only an iOS backdoor, but a separate Secure Enclave backdoor as well.

An unconstitutional order

The fight for consumers privacy has been going on for eons, but for the first time in recent history, we have a company the scale of Apple make such a bold step to protest the government's requests. The American Civil Liberties Union and the Electronics Frontier Foundation (EFF) have taken a firm stand, supporting Apple's position and the right to privacy. Cryptologists and national security experts have long held this position. Google's Sundar Pichai has expressed (lukewarm) support as well. Other high-profile figures like Whatsapp chief Jan Koum has also taken a stand with Apple. But it is shocking to see giants such as Facebook and Microsoft, to name a few, remain in worrying silence.

Admittedly, Apple has positioned itself as one of very few that puts security at the forefront and makes it a key value for Apple as a brand, but this is a fight about much more than just Apple.

"If the FBI can force Apple to hack into its customers’ devices, then so too can every repressive regime in the rest of the world," Alex Abdo from the American Civil Liberties Union writes.
"Code is speech, and forcing Apple to push backdoored updates would constitute “compelled speech” in violation of the First Amendment. It would raise Fourth and Fifth Amendment issues as well," the EFF adds. Yes, this would be in direct violation of The Constitution.

What's really at stake? Put simply, law enforcement would typically request access to information by a warrant, but it cannot mandate a company to change its product, as that would mean interfering in its business. This would be comparable to the FBI ordering carriers to start recording everyone's calls, so that the FBI can listen in (currently, carriers only hold the numbers of contacts and lengths of calls, but not the actual call recordings). That is the type of precedent that is at stake.

The public backlash

Apple has not taken an easy decision: it stands firmly to protect users' privacy and security in a very sensitive case of terrorism that populists can easily use to manipulate the debate and put the blame on Apple. The headlines do not disappoint:

"Apple chose to protect a dead ISIS terrorist’s privacy over the security of the American people," Sen. Tom Cotton says, while Sen. Dianne Feinstein is about to introduce a bill to force Apple to comply with the court order.

Modern-day buffoons like Donald Trump have also quickly jumped in on this, in an attempt to rape in the benefits of a nation hurt by gun violence. "Who do they think they are?" Trump throws a tantrum in front of the media, but fails to consider the implications of a backdoor to the privacy of millions of people.

Those reactions will only intensify as public figures try to reap the political dividends of a highly sensitive issue. It's commendable that Apple is taking a firm stand to protect users privacy despite the very high possibility that it will be bad-mouthed by influential public figures.

Conclusion: Here's why this is important

Finally, to wrap things up, let us repeat the main concerns around this unprecedented fight for the people's privacy: if Apple is required to crack an iPhone for US law enforcement agencies, why should not it do the same when the Chinese, Iranian or Russian governments request the same?

If Apple provides code that allows the FBI to crack the iPhone 5c of the San Bernardino shooter, what guarantees are there that a malicious hacker won't some day get hold of that code and get the capabilities to break into millions of other iPhones? 

Furthermore, after the Snowden revelations in 2013, what guarantees are that our government itself won't hack into Americans' phones at will?

Which side are you on?


Story timeline



1. yoosufmuneer

Posts: 1518; Member since: Feb 14, 2015

The first time ever I am on Apple's side

2. Landon

Posts: 1245; Member since: May 07, 2015

You and me both!

3. S.R.K.

Posts: 678; Member since: Feb 11, 2016

Accept me, never have never will. Greedy patent trolls, and bullies. Don't like cowards.

8. Derekjeter

Posts: 1515; Member since: Oct 27, 2011

"Don't like cowards" Says the person talking smack behind a computer. Real brave of you.

40. darkkjedii

Posts: 31281; Member since: Feb 05, 2011


43. engineer-1701d unregistered

my face is on i tell everyone to there face and get into arguments about apple everyday and make it known, they have the backdoor access they just need to hold out until forced real hard to look like they never had the software, because apple them self said not even apple can unlock encrypted phone about 1 to 2 years ago. to help sell apple security. f it let mcafee do it. then apple will really look bad.

57. Bernoulli

Posts: 4361; Member since: Sep 01, 2012

What other way to interact here is there? Did you want him to Skype you?

60. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Yeah! And you're doing the same exact thing. You like him is just a screen name and a keyboard.

13. Nathan_ingx

Posts: 4769; Member since: Mar 07, 2012

This issue is greater than patents, trolls and bullies. It involves compromising Android devices too. Think clearly.

17. S.R.K.

Posts: 678; Member since: Feb 11, 2016

This does not involve Android. So many and much tragedies are caused by just Apple. Few moths ago a guy uses iPhone to bomb, while using iMessage. They are only concerned about this bad fruit.

44. engineer-1701d unregistered

yeah and its about finding out more about the killers and others that are going to do the same thing.

61. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

If Apple had such and gave such, these guys are terrorist right? The Feds can catch people right away or ever. If Tim Cook gave this than he and all his employees could all be attacked by those same terrorists with hours. The feds can't stop attacks even when they know a terrorist by name. For every one terrorists they do catch or kill, 1000's more are out their. Its a never ending game. Liek for example, no matter how many peopel they catch with weed, more people are still goign to smoke it. Drug wars are a waste of money and are stupid. The reason the USA has so many enemies because they keep trying to police the whole world and tell others what to do. They occupy other people territories trying to may everyone follow our way of democracy. Not everyone wants democracy, at least no the version we have because still some Government is still in control. The FBI isnt doing this to protect America. With every such advance, they take America further back in the stone age. Technology has simply allowed them to be more corrupt and made it easier for them to be so. Until you understand this, which I think you never will; you should be quiet. I am not saying you are right or wrong. What I am saying is, you want to open a door for potential for the government to do what they do best, which is; lie and make false claims. America created most of its enemies, by befriending them first and stabbing them in the back later. Islam is a religion...many Christians have killed in the name of their god, who are we to police someone else for the same? If the USA stayed on its own continent and stop trying to control others, they wouldn't have any enemies.

15. Landon

Posts: 1245; Member since: May 07, 2015

Accept you? Give me a reason to accept you. LOL

85. geoffphuket

Posts: 50; Member since: Feb 08, 2016

Don't know where you're from, but your English is terrible!

88. Landon

Posts: 1245; Member since: May 07, 2015

I was referring to S.R.K.'s #3 post. He should have put except instead of accept.

6. technitude

Posts: 263; Member since: Dec 19, 2013

Right is right. Hopefully the FBI is held accountable when privacy throughout the world is compromised. They probably cannot be held financially responsible, but full pensions of all government workers should be on the line if criminals get this code.

45. engineer-1701d unregistered

its not like you think god why are you all so backassward. i like living in america and not worrying about terrorists shoots friends and family

10. GreenMan

Posts: 2698; Member since: Nov 09, 2015

Count me in...!

38. Feanor

Posts: 1379; Member since: Jun 20, 2012

The first time that I'm on both Apple's and Phonearena's side. Congrats for the brave article. USA government should look on their policies about their involvement into global matters to seek the cause of their national security concerns. Not into (also non-american) people's privacy.

79. MSi_GS70 unregistered

Apple brought this up for purpose ... All sudden they talking about privacy ? So what FBI can do with ppls data ? something bad ? they are terrorists ? This is something else going on behind scenes.. I do not believe BOTH !!!

91. siduaoisud

Posts: 9; Member since: Nov 26, 2015

If AND IF you read the court order the FBI is not asking for a back door to get past encryption. It is asking for google to modify this single phone so they can brute force its password combo. They told Apple to do it at Apple's own HQ and to keep the source file if Apple is paranoid about it getting out.

4. slatt01

Posts: 9; Member since: Aug 25, 2015

NSA have got all this information from phone already, they just want apple to crumble so the information can be used. If apple are right then the NSA will be exposed.

5. S.R.K.

Posts: 678; Member since: Feb 11, 2016

It's been known to many as a fact: Apple does not care about making money, Apple only cares about making 'the best products'. I believe this is a lie. Apple's real goal is to keep profit margins as high as possible. This is not a real problem as long as their products are extremely competitive (or: when the competitors are weak). However, this has changed, competition is not so weak anymore. The iPhone 5 is a great phone, I have no doubts. The next phone however is already known to be a simple spec bump, the iPhone 5S. I honestly don't think think that in a fast-paced world as the smartphone world, the iPhone 5 can be 'the best smartphone' for two years long. In other words, when the 5S will be released, it will be a pretty good phone, possibly the best to date, but it won't be 'the best smartphone possible'. By the the time iPhone 5S will be released, there will be better screens, better cameras, better SOCs. The only reason why Apple will continue to keep the iPhone 5 design, is because it takes about 1 year to get yields to the maximum level. In other words, profit margins will be maximized after about one year, so Apple keeps the iPhone 5 in favor of a new design because it is more profitable, not because it's better. Apple cares more about their profit margin than they do about 'making the best products' and this compromizes Apple's competitivity. There is more than one fact which supports this statement. A good example is the storage capacity, they still sell 16 GB iPads and iPhones, even though some games are between 1 and 2 GB. 16 GB really does not ensure the best experience on an iOS device possible. My conclusion: in the end, Apple is not unlike any other company, they want to make as much money as possible to keep shareholders happy. Don't be fooled by Tim Cook saying all they care about is making the best products, because that's not true.

11. TerryTerius unregistered

What does that even have to do with what this article is about? I mean, it's fine if you have your views about Apple and you're entitled to that.... But none of what you said is relevant to the matter at hand. And that would be the privacy of not only the American people, but every single person that holds a smartphone on the planet. This isn't even really about Apple.

26. marorun

Posts: 5029; Member since: Mar 30, 2015

Agreed as much as i hate Apple this time they do the right thing. Maybe its for others reason thats what we been told still protect privacy is a good move!

28. Nopers unregistered

Yeah, his previous comments don't really make sense. He's just trolling, let him be salty.

34. jellmoo

Posts: 2620; Member since: Oct 31, 2011

"Apple's real goal is to keep profit margins as high as possible." Do... Do you think that this is some sort of revelation? That nobody knows this? Here's a bit of a newsflash: This is the goal of each and every publicly traded company.

62. darkkjedii

Posts: 31281; Member since: Feb 05, 2011

Coke and Pepsi want to keep their profits as high as possible too. GM, Porsche, Nike, awww the hell with it. All for profit companies do.

73. Mercedes-Benz

Posts: 403; Member since: Jan 18, 2015

What the utter s**t have you been smoking ? the 5S is 64bit , touch id and the security enclave is new . Benchmarks shows that its twice as fast as the iPhone 5 ,and on par wth the snapdragon 800

7. TerryTerius unregistered

Somewhat off-topic, but this makes it even more important that we fill that last vacancy on the Supreme Court, because there is no way this case isn't going all the way to them.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.