On February 9, 2016, the U.S. Department of Justice ordered Apple, Inc., to unlock the iPhone 5C used by one of the shooters in the attack that killed 14 people at the Inland Regional Center in San Bernardino, California, on December 2, 2015.
Vital Information on an iPhone
The FBI believes that Syed Farook’s phone—which was owned by the San Bernardino County Department of Public Health, where he worked as a health inspector—could contain vital information about the terrorist’s connections and activities. The court order was issued under the All Writs Act of 1789 (yes, 18th century law).
This particular iPhone’s iOS9 security will automatically erase the device’s contents after ten, consecutive, unsuccessful attempts to unlock it. Firmware that lacks Apple’s signature cannot be loaded to an iPhone, so the FBI cannot unlock the terrorist’s device without Apple’s help.
A Message from Apple CEO Tim Cook
Apple is, not surprisingly, battling the order.
While the FBI is asking for Apple to unlock just one iPhone, CEO Tim Cook says the ramifications reach much farther into security issues. In a letter to Apple’s customers, Cook wrote:
“Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data. Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.”
“In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.”
“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.”
Earlier versions of Apple’s iOS allowed for certain forensic tools to unlock an iPhone, but that was mitigated with iOS 9. In addition, the County that owned the phone did not have a device management system that would enable IT specialists to unlock this phone.
The FBI argues that this domestic terrorist attack, which was the worst since 9/11, should compel the technology giant to comply with the order. Experts on both sides of the equation are weighing in on the feasibility of the solution.
Cook believes that, “once you create a loophole in encryption technology, you can’t un-create it. You also can’t determine who’s capable of using it and who isn’t. If law enforcement, or even Apple, has software capable of disabling security features, why are we assuming that they’re the only ones that could take advantage of it? The very thought that this could be a single-use solution is naïve, and dangerous.”
Forensics and iPhone technology expert Jonathan Zdziarski believes that Apple doesn’t have to create new firmware—the dreaded “back door”—but has the capability to “boot custom software without exploiting the device.”
On Zdziarski’s blog, he explained that “firmware updates can run as a RAM disk on iOS devices, which is similar to booting off of a USB stick. Apple can write a custom RAM disk (as a ‘SIF’), sign it, and boot it on any iOS device from restore or DFU mode to run from memory.”
The court suggested that Apple could write the software with a unique identifier that would only unlock the phone in question.
Kevin Bankston, director of the Open Technology Institute at New America, said the issue wasn’t necessarily this one phone, but the power of the government to dictate security interventions that violate their users’ privacy.
“If a court can legally compel Apple to do that, then it likely could compel any other software provider to do the same thing, including helping the government to install tracking or eavesdropping software on a phone or laptop.”
There are currently 900 million iPhones worldwide that could be impacted by the firmware that Apple is being ordered to develop. Is yours one of them?
Where do you weigh in on this issue? Share your thoughts with us on Twitter @LTronCorp.