Apple’s Security Features have Locked the FBI Out

Apple's Security Features have Locked the FBI Out

A federal court order mandating that Apple assist law enforcement in breaking into the locked iPhone of Syed Farook, one of the San Bernardino attackers, has been opposed by Apple CEO Tim Cook.

Apple’s iPhone has software with a fairly simple security measure that can only be enabled by the user: the auto-erase function. This function renderers all data on the smartphone inaccessible when a certain amount of attempts to crack the four-digit security code have failed. Investigators believe this function was enabled on Farook's 5c model iPhone.

As described in the FBI court filings, the data on the iPhone is encrypted. The four-digit code you enter into your phone initiates a complex calculation which generates a unique key to unlock the data on the phone. If you don’t know the key, you don’t get the data. The auto-erase function, if triggered, will wipe out all the encryption keys rendering the data on the iPhone useless.

Another unique feature that the iPhone implores that would frustrate any user, is the time delay when trying to manually enter codes. A four-digit code can have up to 9,999 possibilities, and after just five tries, the user must wait one minute before trying again. After the six failed attempt, the wait is five more minutes. The seventh makes you wait 15 minutes and an hour after the next try.

Due to the auto-erase feature, the FBI can't attempt to unlock the iPhone without risking losing all the data. The FBI wants Apple to alter the operating system just on Farook's phone to allow the FBI to bypass or disable the auto-erase function. It also wants Apple to alter the software to allow the test pass codes to be entered without punching the keys by using Bluetooth or other means to speed the process. And the FBI wants Apple to change the operating system to eliminate the delays caused by multiple attempts to unlock the phone.

In an open letter, Cook addressed the issue stating that the FBI is asking for something that Apple just doesn’t have.

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation [of the San Bernardino mass shooting],” Cook said. ““In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”

Cook strongly disagrees with the FBI, explaining that if this new software was picked up by a hacker, there would be no privacy for anyone.

“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” Cook said.“And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Only 35 Percent of Companies Include Cybersecurity Teams When Implementing AI

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3