Calgarypuck Forums - The Unofficial Calgary Flames Fan Community - View Single Post - Apple ordered to create software to help unlock a phone for FBI

Mike F · 02-20-2016, 01:30 AM

I found this article helpful in really understanding what was being requested by FBI:

Quote:

How dangerous is the tool the FBI is asking Apple to build?

....Tim Cook has described the tool as "too dangerous to create," potentially undoing years of security work that protects nearly a billion phones. At the same time, the government has portrayed that software as effectively harmless — a single software update targeted to a single phone. So how dangerous is this firmware update really?

For most iPhones, the danger comes from criminals rather than feds. The lock screen is one of the biggest protections against iPhone thieves, who often have to wipe a phone entirely after it’s been stolen. If those thieves had a way to unlock the stolen phones, victims could be exposed to anything from identity theft to extortion, depending on how much sensitive data is on the stolen phone. That threat was one of the main motivations for Apple’s shift to stronger encryption in iOS 8, and any software that unravels those protections could have serious consequences for iPhone users.

Because of that threat, the FBI’s proposed system has a number of protections to make sure its passcode hack can’t be used by anyone else. Apple has to sign any automatic firmware updates before a given iPhone will accept them, and the FBI's proposed update would be coded to an individual phone. Unless the phone’s serial number matches the serial number in the code, the software simply wouldn’t install. The method proposed by the FBI is also specific to the 5c, which lacks the Secure Enclave chip that ties lockscreen protections to hardware in more recent iPhones. Still, it’s likely that if the FBI is successful, the bureau will request similar methods for cracking Enclave-equipped phones.

But while the precise software proposed by the FBI can’t be used to unlock other phones, it can still be useful to thieves. If the code fell into the wrong hands, it could potentially be reverse-engineered into a generic version, removing the code that ties the attack to a specific phone. That reverse-engineered version would still need Apple’s signature before it could be installed — something thieves are not likely to have — but that signature system would be the only thing protecting a stolen iPhone and the information inside it.