Apple’s Security Features have Locked the FBI Out

Apple's Security Features have Locked the FBI Out

A federal court order mandating that Apple assist law enforcement in breaking into the locked iPhone of Syed Farook, one of the San Bernardino attackers, has been opposed by Apple CEO Tim Cook.

Apple’s iPhone has software with a fairly simple security measure that can only be enabled by the user: the auto-erase function. This function renderers all data on the smartphone inaccessible when a certain amount of attempts to crack the four-digit security code have failed. Investigators believe this function was enabled on Farook's 5c model iPhone.

As described in the FBI court filings, the data on the iPhone is encrypted. The four-digit code you enter into your phone initiates a complex calculation which generates a unique key to unlock the data on the phone. If you don’t know the key, you don’t get the data. The auto-erase function, if triggered, will wipe out all the encryption keys rendering the data on the iPhone useless.

Another unique feature that the iPhone implores that would frustrate any user, is the time delay when trying to manually enter codes. A four-digit code can have up to 9,999 possibilities, and after just five tries, the user must wait one minute before trying again. After the six failed attempt, the wait is five more minutes. The seventh makes you wait 15 minutes and an hour after the next try.

Due to the auto-erase feature, the FBI can't attempt to unlock the iPhone without risking losing all the data. The FBI wants Apple to alter the operating system just on Farook's phone to allow the FBI to bypass or disable the auto-erase function. It also wants Apple to alter the software to allow the test pass codes to be entered without punching the keys by using Bluetooth or other means to speed the process. And the FBI wants Apple to change the operating system to eliminate the delays caused by multiple attempts to unlock the phone.

In an open letter, Cook addressed the issue stating that the FBI is asking for something that Apple just doesn’t have.

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation [of the San Bernardino mass shooting],” Cook said. ““In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”

Cook strongly disagrees with the FBI, explaining that if this new software was picked up by a hacker, there would be no privacy for anyone.

“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” Cook said.“And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3