Apple Speaks Out Against US Court Order To Break iPhone Security

Yesterday, a United States district court judge ordered Apple to help the FBI access the smartphone of one of the perpetrators of the December 2015 mass shooting in San Bernadino, California. Apple has responded with a letter to customers signed by company CEO Tim Cook, saying the order would "undermine the very freedoms and liberty" of the United States.

US Judge Orders Apple To Help FBI Hack An iPhone

In the letter, published on Apple's website, Cook wrote that the court order — which essentially forces Apple to create a backdoor method for the FBI to break security and encryption on the iPhone — was an overreach by the government, and one that will have far more dangerous and far-reaching consequences both for Apple and its hundreds of millions of customers around the world. He wrote, "opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government."

In the ruling, handed down by Californian district court judge Sheri Pym, Apple has been ordered to assist the FBI in unlocking the San Bernadino shooter's iPhone by creating a custom firmware. That bespoke firmware, installed on the iPhone 5C used by Syed Rizwan Farook, would allow the FBI to repeatedly try different four-digit passcodes without triggering the phone's auto-erase function nor enabling a lengthy delay between incorrectly entered passcodes — essentially a brute-force attack by software on the iPhone's existing operating system.

Cook's open letter to customers says that doing such a thing — creating an intentional compromise for the iPhone's encryption — would be a gateway to allowing first the FBI, and eventually anyone with access to the tool, an open door into the iPhones of hundreds of millions of users around the world.

He wrote, "we have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone‚Äôs physical possession.

"The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."

Apple has said for some time that since the introduction of iOS 8 in September 2014, even the company itself is unable to access any data on an encrypted iPhone, nor break any iPhone's passcode security. [Apple]

Read the US court order here:

Read Apple CEO Tim Cook's letter to customers here:


Comments

    Courts and Judges being the final arbiters on what information should be available via court orders and warrants?

    What a novel idea.

      I'd probably agree if there was a method for unlocking them already but it seems odd that you could compel a company into building you a skeleton key.

      Could you ask a safe manufacturer to build such a key that would let you open any of their products? And if they could figure that out, wouldn't their safes be devalued by that act?

        Skeleton keys, backdoors and other scary words aren't very good analogies because frankly there aren't any good comparisons in the real world for wide spread digital encryption.

        The Court order, if you read it, asks Apple to make a custom update for iOS that works for only one device (by hardcoding the serial number of the device), the FBI will give them the phone and Apple can run the update at their HQ without showing the FBI the code, giving them the code, seeing it work, showing them the technical specifications or anything else. The FBI then said that the phone could stay in Apple's possession and Apple could give the FBI remote access to the phone's data so that the FBI wouldn't even have to touch the device once the custom software was installed. Once the data was extracted the FBI didn't care what Apple did with the code, they could destroy it for all they cared.

        As for private industry providing assistance, they do constantly. They provide building blueprints, technical specifications, experts for training, etc. Just depends on their needs. For instance in the Lindt cafe siege the manufacture of the glass in the outer windows of the cafe was consulted about the technical specifications of the product.

          Skeleton keys and back doors aren't terms I use for scary connotations, that's what these are.

          If someone figures out and writes that code, even for a single serial locked phone... How hard would it be to replace the serial number for that code if it got out?

          Presumably if Apple finds ways to break that encryption they'd generally patch out that loophole.

          So lets assume they put in the man hours to create a work around, then what? Do they leave that back door open for the next time a judge issues a warrant? Just hope that nobody else figures it out?

          Or do they fix it and next time a warrant comes out they have to develop a new tool to open up their phones?

          I'm not suggesting industries don't provide assistance either, I'm suggesting the hypothetical (Which may not apply here) of whether a company could be compelled to create a tool that would damage or destroy their own business?

            Well, a skeleton key is a key that accesses many locks and a backdoor is hidden authorised access to a system. So, with respect, they're different. But regardless arguing about analogies isn't really the main focus of our conversation.

            The code that the Court order told Apple to write is a software update to stop the iteration count of a variable that triggers a reset. So commenting out the i++; line of code (which increments I by one each time a loop is run) isn't exactly revolutionary. The court order simply asks Apple to create an update that disables the invalid PIN counter so that it no longer counts the number of failed PINs which thusly won't set off the device wipe feature. That's it. The FBI will then brute force the PIN - and a 4 digit pin is trivial to brute force.

            As for "What would happen?" Well, the same thing that would happen currently if Apple's signing key were released, along with iOS's source code. If you could sign your own updates and had access to iOS's code base then you could update your (or anyone's) iPhone with whatever OS you wanted. So... we're already in that position.

            It would be the same as if someone stole the source code to Windows 10 and Microsoft's signing code. They could make changes to the OS (like to spy on you, or log your credit card) and then push it as a legitimate update to every computer on earth.

            Making the requested custom update does nothing to change the present situation.

            As for what happens down the track, quite frankly, that has nothing to do with the Court order and as discussed above, keeping the code update or not would be much of a muchness.

    This is one fight I really hope Apple wins. While I can see where the FBI is coming from, I'm not sure introducing back doors is the way to save lives and terrorist will find other tools to further secure communications. In the end I think some of the solutions being floated around recently do more to harm consumers than it'll actually do to protect them.

    Last edited 17/02/16 10:34 pm

    Is the guy dead? I'd not make him incriminate himself via touch ID and stop trying to weave back doors out of tech companies that will result in a complete lack of security.

    Ahhhh FBI....when will you learn.... You can't have encryption and back door too!

    I don't like Apple. I don't like how they do business and the cult they've created around their products.
    But this? This has earned a measure of my respect.

    http://blog.mdsec.co.uk/2015/03/bruteforcing-ios-screenlock.html

    So the FBI haven't seen this and worked out how to use it on iOS9..

      That was running 8.1. This one is running 9. Would it still work?

    Well done Apple. It's good to know at least one tech firm cares about user privacy (unlike a certain other giant who makes a living hoovering up personal data). Privacy is one of the key reasons I use Apple gear.

Join the discussion!

Trending Stories Right Now