Apple’s Security Features have Locked the FBI Out

Apple's Security Features have Locked the FBI Out

A federal court order mandating that Apple assist law enforcement in breaking into the locked iPhone of Syed Farook, one of the San Bernardino attackers, has been opposed by Apple CEO Tim Cook.

Apple’s iPhone has software with a fairly simple security measure that can only be enabled by the user: the auto-erase function. This function renderers all data on the smartphone inaccessible when a certain amount of attempts to crack the four-digit security code have failed. Investigators believe this function was enabled on Farook's 5c model iPhone.

As described in the FBI court filings, the data on the iPhone is encrypted. The four-digit code you enter into your phone initiates a complex calculation which generates a unique key to unlock the data on the phone. If you don’t know the key, you don’t get the data. The auto-erase function, if triggered, will wipe out all the encryption keys rendering the data on the iPhone useless.

Another unique feature that the iPhone implores that would frustrate any user, is the time delay when trying to manually enter codes. A four-digit code can have up to 9,999 possibilities, and after just five tries, the user must wait one minute before trying again. After the six failed attempt, the wait is five more minutes. The seventh makes you wait 15 minutes and an hour after the next try.

Due to the auto-erase feature, the FBI can't attempt to unlock the iPhone without risking losing all the data. The FBI wants Apple to alter the operating system just on Farook's phone to allow the FBI to bypass or disable the auto-erase function. It also wants Apple to alter the software to allow the test pass codes to be entered without punching the keys by using Bluetooth or other means to speed the process. And the FBI wants Apple to change the operating system to eliminate the delays caused by multiple attempts to unlock the phone.

In an open letter, Cook addressed the issue stating that the FBI is asking for something that Apple just doesn’t have.

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation [of the San Bernardino mass shooting],” Cook said. ““In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”

Cook strongly disagrees with the FBI, explaining that if this new software was picked up by a hacker, there would be no privacy for anyone.

“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” Cook said.“And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3