SoylentNews is people
SoylentNews
Judge Orders Apple to Unlock iPhone Belonging to San Bernardino Shooter
Apple has been ordered to assist in the unlocking of an iPhone belonging to one of the San Bernardino shooters. This may require updating the firmware to bypass restrictions on PIN unlock attempts:
Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to one of the San Bernardino shooters in California. US magistrate Sheri Pym says Cupertino must supply software that prevents the phone from automatically annihilating its user data when too many password attempts have been made.
The smartphone belonged to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers on December 2. The couple died in a gun battle with police soon after. Cops have been unable to access Syed's iPhone 5C because they do not know the correct PIN, and will now gain the assistance of Apple, as ordered by Judge Pym [PDF] on Tuesday.
iOS 8 and above encrypts data on devices, requiring a four to six-digit PIN to unlock. After the first few wrong guesses, iOS waits a few minutes between accepting further PIN entry attempts, escalating to an hour's delay after the ninth failed login.
[...] Judge Pym wants Apple to come up with some magic software – perhaps a signed firmware update or something else loaded during boot-up – that will allow the FBI to safely brute-force the PIN entry without the device self-destructing. This code must only work on Farook's phone, identified by its serial numbers, and no other handset. The code must only be run on government or Apple property, and must not slow down the brute-forcing process.
Apple has five days to appeal or demonstrate that it cannot comply with the order. It is crucial to note that the central district court of California has not instructed Apple to crack its encryption – instead it wants Apple to provide a tool to effectively bypass the unlocking mechanism. "It's technically possible for Apple to hack a device's PIN, wipe, and other functions. Question is can they be legally forced to hack," said iOS security expert Jonathan Ździarski.
Apple Ordered to Aid FBI in Unlocking Shooter's iPhone
According to this Reuters article, "A U.S. judge on Tuesday ordered Apple Inc to help the FBI break into a phone recovered from one of the San Bernardino shooters, an order that heightens a long-running dispute between tech companies and law enforcement over the limits of encryption.
Apple must provide "reasonable technical assistance" to investigators seeking to unlock the data on an iPhone 5C that had been owned by Syed Rizwan Farook, Judge Sheri Pym of U.S. District Court in Los Angeles said in a ruling."
"...Forensics expert Jonathan Zdziarski said Tuesday Apple might have to write custom code to comply with the order, presenting a novel question to the court about whether the government could order a private company to hack its own device.
Zdziarski said that because the San Bernardino shooting was being investigated as a terrorism case, investigators would be able to work with the NSA and CIA on cracking the phone. Those U.S. intelligence agencies likely could break the iPhone's encryption without Apple's involvement, he said."
Update: EFF to file an amicus brief in support of Apple's position.
Update 2: mendax writes: The New York Times has some "breaking news" which says that Apple will not comply with the judge's order. It's a good way to get in trouble with the judge but it's the right decision on Apple's part.
Previously: FBI Unable to Decrypt California Terrorists' Cell Phone
(Score: 5, Informative) by pTamok on Wednesday February 17 2016, @02:37PM
The iPhone does this.
The main flash is encrypted with a key stored in the secure chip. 'Secure Erase' simply deletes this key, which means the contents of the main flash are not touched, but continue to look like random bytes. If you desolder the main flash memory to read out the contents, you can: but they will look like random bytes.
So, how do you get at the key in the secure chip? The secure chip runs it's own micro-OS, loaded from on-chip flash. So it's simple: just re-flash the secure chip with a new micro-OS. But, unfortunately, it won't allow itself to be re-flashed without you entering the PIN. If you enter an incorrect PIN too often, the secure chip enforces a time out, so you can't just run through the entire PIN number-space in a short time.
If you try to tamper with the secure chip, it erases the encryption key. It is designed with effective anti-tamper mechanisms.
The FBI are probing the design, looking for loopholes. So we get to see if Apple's designers have done a good job. As far as I know, Apple's team have explicitly thought about what happens if the the main iOS is compromised or replaced, so it is not just a case of re-flash with a new , signed, iOS and bypass all the pesky restrictions.
Getting at the key held in the secure chip without triggering the anti-tamper mechanisms that erase it is, no doubt, possible, but very, very difficult.
Note: this is a vastly over-simplified view of how iPhone data security works. If there are flaws in the model described by me, it is no doubt because I have oversimplified, and I recommend looking at the actual technical details available elsewhere. I have deliberately not talked about how the key is used in RAM when the phone is on, because I don;t know enough of the details. I believe there are some protections against a malicious process simply reading the key.
(Score: 5, Informative) by pTamok on Wednesday February 17 2016, @03:14PM
Just to update my above posting.
Apparently, the phone in question is an iPhone 5c.
This does not have the secure chip aka 'Secure Enclave', so the time-delays between PIN checks are implemented in software, not secure hardware. This means is is likely possible that a customised revision of iOS could (if possible to install), for this model of iPhone, allow investigators to cycle through the PIN number space as fast as the processor will allow.
See: http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/ [trailofbits.com]
However, if the phone's user had opted to use a full, long, alphanumeric 'PIN' rather than a 4,5 or six digit number, then increasing the speed of PIN attempts may not help very much.
(Score: 2, Informative) by pTamok on Wednesday February 17 2016, @03:25PM
is here:
https://www.apple.com/business/docs/iOS_Security_Guide.pdf [apple.com]
(Score: 0) by Anonymous Coward on Wednesday February 17 2016, @11:56PM
Apple should just mess up (on accident of course). Oops phone wiped. My bad.