As the Safety of iPhone Runs the FBI Wants Apple Break

Apple is involved in a great controversy in the US. The justice of the country asked the company unlock an iPhone 5c used by Rizwan Syed Farook, one of the two gunmen San Bernardino massacre in December 2015, suspected of having links with the terrorist group Islamic State. Apple has positioned itself saying in an open letter signed by CEO Tim Cook, who will not comply with the order by understanding it detrimental to the interests of its clients. How the protections of the iPhone that the FBI want to be broken by Apple itself?

Encryption and Security iOS

In 2014, with IOS 8, ​​Apple started to encrypt by default the file system of all iPhone and iPad updated with this version and has access password protected. In practical terms, this means that even with physical access to the device without the password data stored in them are useless: it is just a jumble of unintelligible bits. Not even Apple would be able to have access to the data – a basic guideline of any cryptosystem.

To get access, you need to know the password. What the FBI is trying to do is find the password that iPhone 5c by brute force, ie on the basis of trial and error. This, however, is made very difficult by the system. From the sixth wrong password entered on the device iOS starts to increase the wait time for a new attempt is made. On one minute (sixth attempt) at a time interval between attempts (ninth on).

Another measure is even more severe. If properly configured, iOS can self-destruct at the 11th attempt wrong: the whole system is reset, including the personal data that FBI investigators want to collect iPhone 5c shooter.

And there is an extra complication, which is the need to use their own iPhone to unlock it. Each iPhone has a unique identifier (UID) embedded in the hardware is checked against the password entered. They need to knock the release occurs. In other words, you can not use a supercomputer capable of multiple guesses per second to speed up the process.

What the FBI Really Wants

The letter to Tim Cook talks on creating a “backdoor”, a kind of intentional failure in the system in order to weaken it, or by keeping the original meaning of a “back door” left in the system to facilitate access by third parties. Specifically, FBI investigators want an adapted version of iOS without those consequences that the inclusion of wrong passwords implies, ie no longer intervals between attempts, and especially without the risk of losing the data at the 11th attempt.

If possible, it would decrease the interval between attempts to 80ms (time required to decrypt the password entered), which, in a four-digit password, iPhone case in question, it would lead to the break in just over 30 minutes. (Out of curiosity: six digits, it would take an average of 11 hours to guess it at The Intercept says. The ideal number of digits is eleven, in which case it would only be discovered, on average, within 127 years.)

Being an iPhone 5c, or an older version, it has a special weight. She does not have a security feature that Apple calls “Enclave Insurance”. This is a parallel system to iOS, even physically (it is a chip apart), responsible for ensuring the integrity and security of sensitive information such as device authentication system, such as the password and fingerprint used by the biometric Touch system ID.

The principle he considered that, were the iPhone in question have 5s or later, that is equipped with the Enclave Insurance, Apple could do nothing even if he wanted. Then, the company admitted that even on iPhones with newer it is able to circumvent this defense to allow the trial and error to guess the password.

This suggests that the positioning of Apple is political, not technical. What is at stake is to avoid open a legal precedent, namely that this case will serve as a paradigm for other iPhone security breach requests are made by the FBI and other countries. What would prevent China, the largest market outside the US Apple and now and then accused of spying Western communications, ordering and, more than that, that argument Apple would use to eventually deny the collaboration? Or even the US, through the NSA and related agencies to monitor closely US citizens and other countries?

The above was removed from the matter of the New York Times.

It is worth mentioning that Apple gave the FBI all the information of said iPhone that were synchronized with iCloud. The problem is that the shooter device owner ceased regular backups about a month and a half before the attack. The generated content in that range is just that iPhone 5c This infographic Wall Street Journal helps to understand the case:

The Threat of Terrorism

Suspicions that the couple of San Bernardino gunmen had links with the Islamic State inflamed the debate. The subject, extremely sensitive there, anywhere in the world makes the rather delicate issue. For Apple, even tap your foot and not give is a commercial risk – the eyes of many, it’s like she was refusing to cooperate with the investigation of a terrorist attack.

The question, however, is bigger than that. Encryption is an absolute matter; it does not admit exceptions. In the Washington Post, Bruce Schneier, author of Date and Goliath: The Hidden Battles to Collect Your Data and Control Your World (not yet published in Brazil), summarized in one sentence what is at stake: “Either everyone has security, or no one is. “

The subject is so important that other CEOs of large companies have positioned themselves. Jack Dorsey (Twitter), Sundar Pinchai (Google), Jan Koum (WhatsApp), and civil rights organizations like the EFF and the ACLU set out in defense of the decision Apple. Edward Snowden also criticized the onslaught of the FBI and the US justice system.

Analysts predict a long legal battle ahead, with important implications for encryption and therefore the right to privacy of all who use smartphones. There is a possibility that if Apple lost, many of the advances made in recent years end up withdrawn, which would not be good for anyone. It is a case to keep an eye.