iPhone

By Sean Sposito
March 2, 2016
Updated: March 2, 2016 – 8:45pm

Around the time of the eighth major release of its mobile operating system in September 2014, Apple made a bold statement: Not even it could crack the software’s updated pass-code protections.

“Unlike our competitors, Apple cannot bypass your pass code and therefore cannot access this data,” the Cupertino company bragged on its website. “It’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

Eighteen months later, it’s still true that Apple doesn’t possess the ability to actually bypass those pass codes. But by asking a federal court to force Apple to provide access to data on the iPhone of San Bernardino shooter Syed Rizwan Farook, the FBI has shown that technically, Apple could get past some of its own protections — just not, perhaps, in the way Apple might have originally envisioned.

The episode could force Apple to re-evaluate how it approaches security on its devices.

Already, the company reportedly is developing safeguards that would make the debate over whether it can comply in the manner the FBI is requesting moot.

An email sent to an Apple spokesperson requesting comment was not returned.

Last month, a federal magistrate in Riverside ordered Apple to write software that would allow law enforcement to unlock Farook’s iPhone 5c. Such software would appear to the smartphone’s operating system as a valid update from Apple, but serve as a kind of malware that, among other functions, would allow a computer to guess the phone’s pass code an unlimited number of times without the risk of erasing its data.

That effort would take place in a forensics lab housed on Apple’s campus. Apple argues that it would be unduly burdensome and unreasonable to be forced to create such software.

Creating the software would not be the same as bypassing the phone’s encryption, something that even the FBI appears to concede is impractical.

Way to unlock iPhone

Instead, by using a combination of switching the phone on and off and pressing the home and power buttons, firmware updates can be made to a locked iPhone that is connected to a computer with a USB cable, explains Andrew Blaich, Bluebox Security’s lead security analyst.

The FBI could hire its own programmers to write the update. But the agency and anyone it might hire would not have legitimate access to the cryptographic code-signing key that underlies authentic Apple software. This key helps iPhones recognize software in the same way your friends recognize you from day to day.

To read expanded article, click here.