Apple vs FBI Overview

Mike Luckovich Cartoon

Apple vs FBI Overview

Well, this is going on a bit longer than I expected.  I’ve changed the title (Apple vs IBM Overview), added a featured image, and am trying to make sure this stays pinned to the top of the first page.

Update Links and Descriptions

Update March 30: Did the FBI really crack the iPhone?  And, if so, what did they find?  Bonus: I am pointed to Jonathan A. Zdziarski, a genuine security expert.

Update March 22: The FBI has (at least temporarily) withdrawn their request to the court.  Can they really crack the iPhone or is this just another face-saving maneuver?

Update March 4: Attorney General Loretta Lynch comes clean about what the FBI really wants.

Update March 2: FBI Director Jim Comey has admitted that I (along with many others) was correct. The FBI screwed up.

Update February 21 3:30 left coast time: I asked a couple of iOS experts about this case.  Their answers are instructive.

Update February 21: The iPhone was the work phone.  But now the FBI is alleging that the county had to reset the iCloud password because no one knew the old password.  Earlier they claimed they had obtained data from the iCloud account, but the data stopped two weeks before the shooting.  How did they access the iCloud data if no one knew the password?

Update February 20: Was the shooter’s iPhone his work phone? If so, why is the FBI so interested in it?

Update February 19: How could a San Bernardino employee change the password for the shooter’s Apple ID?  And why can’t the FBI use that password to unlock the iPhone?

Apple vs FBI Overview

The FBI wants Apple to remove the encryption on the iPhone used by one of the murderers in the San Bernardino terrorist attack. That agency now has a court order on its side, courtesy of a court order issued by California Magistrate Judge Sheri Pym.  The case is Apple vs FBI.

Apple’s Reply

Apple CEO Tim Cook has responded defiantly in an open letter on the company’s website. Mr. Cook said,

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Over at MacWorld, Glenn Fleishman has a pretty good description of Apple’s security history as well as some tips on passcodes and fingerprint ID.

TidBits.com has an interesting explanation of the All Writs Act of 1789, noting the requirement that the writ not pose an “unreasonable burden” on the respondent. Author Adam C. Engst seems to think that’s the route Apple is pursuing.

The Wall Street Journal Weighs In

Apple’s iOS operating system is designed to automatically erase local data after too many incorrect passcode attempts.

Today’s Wall Street Journal has a long editorial that explores the issues pretty well. There is one factual error that should be corrected.

←The Journal says

This is wrong. Erasing your iOS 9.x device after ten unsuccessful login attempts is a user option, not mandatory:

iPad Lock Screen

iPad Lock Screen [click for larger image]

As you can see, I have disabled the “erase everything” option on my iPad Air. The question then becomes how incorrect passwords are handled. I’ll answer that soon. First, however, we need to understand how to crack the iPhone’s encryption.

Cracking the iPhone

The short answer is that, unless someone has used a very stupid passcode, you can’t remove the encryption unless you are very, very patient. Apple’s encryption is a two-layer scheme that makes it impossible for Apple to remove the encryption. The FBI will instead use a brute force method.

The Default Passcode

Here’s how it works. iOS requires a six-digit passcode:

Passcode Entry Screen Apple vs FBI

Passcode Entry Screen (click for larger image)

That means there are 10^6 possible combinations. The FBI’s brute force procedure will start with 000000 and try all combinations up to 999999. Frankly, writing a script to do this is so easy I could probably manage it. But (for better or worse) this is only the first step in the protection process.

Now you’re probably thinking, “How hard can it be to perform 1,000,000 guesses?” The answer is that there is more to the protection than six digits.

A Better Passcode

First, if you do a little exploration you can find other passcode options. Go to Settings/Touch ID & Passcode. You’ll have to enter your current passcode. After you do that, select Change Passcode. Enter your current passcode but DON’T CHANGE IT. Instead look carefully at the screen until you see this:

Passcode Options Link Apple vs FBI

Passcode Options Link

If you select Passcode Options you’ll see this:

Passcode Options Apple vs FBI

Passcode Options (click for larger image)

Oops. You can create any alphanumeric passcode you want. And you can make it as long as you want. There are 256 characters in the ASCII table. Even if you just pick six characters, there are 256^6 combinations. That’s 281,474,976,710,656 combinations. So much for only needing 1,000,000 tries.

But There’s More Security

The next layer of security starts with a question: what happens if you have disabled the automatic wiping after ten failed tries? The answer is that Apple imposes an ever-increasing time interval before you can try again. I’ve actually run into this issue. Here’s a start toward the answer.

While I am no fan of the Puffington Host (h/t James Taranto), there’s a pretty good description of how Apple’s encryption works in an article by Gernot Poetsch. This is a key point:

Currently the OS requires you to use your fingers to unlock your phone. After the 4th wrong attempt you have to wait 15 seconds, and on the tenth, you have to wait an hour for your next try. You have to enter a million of the now-standard 6-digit passcodes to try them all, and longer alphanumeric passwords are even crazier to guess. And if the user set it up that way, after the 10th failed attempt all the device key is dropped into the acid bath and there’s no point trying after that.

But if you’ve turned off the “wipe after ten tries” option, the time interval simply gets longer and longer. I have no idea whether this claim from one of Apple’s forums is accurate, but it’s indicative of the problem the FBI might encounter:

HI, I currently have an iPad which is up to over 13,000 minutes until next passcode attempt. 3 weeks! I do not know how many passcode attempts have been made upto  point to get this so high, anyone else seen a wait this long???

The Net Result

In theory the FBI could eventually crack the iPhone in question. In practice, if the passcode is reasonably long, the probability of getting the device cracked in any reasonable time is very, very low.

What the FBI Wants

Put simply, the FBI wants Apple to write some code that disables the delay feature. That way they can stream passcode guesses to the device at (literally) the speed of electricity. This will clearly be much faster. But is it a good idea?

Once Apple has written this code it can be used with any iPhone. Some have proposed that the code specifically access one of the device’s ID numbers. If you look at Settings/General/About you will see several unique ID numbers: a serial number, the IMEI number, the ICCID number, the MEID. Any or all of these could be used – assuming Apple knows those numbers. Remember, without knowing the passcode there’s no way to access Settings/General/About. I simply don’t know whether that information is included in backups to iCloud.

But it doesn’t matter. Once the technology has been developed, there will be many, many demands to have other iPhones cracked. And, since the technology is mainly software, there’s a good chance it will be leaked to the public. At which point hackers only need to figure out how to change those ID numbers. (Remember, this is the same U.S. government that gave away secret security information on U.S. government employees, many of whom currently or previously worked in the intelligence community.)

Conclusion

I’m with Tim Cook. I hope Apple sticks to its guns. Remember, government coercion can only go so far. Mr. Cook should probably start taking lessons in surviving some time in jail. Whether the government will go that far is an open question. But I have to point out that journalists have been held in U.S. prisons for withholding sources. The cases would appear to be similar.

12 Comments

  1. Apple vs FBI Gets Weirder - Tony Lima Associates
    Apple vs FBI Gets Weirder - Tony Lima Associates02-19-2016

    […] Update to my story of a few hours ago: […]

  2. looking closely
    looking closely02-20-2016

    >>But I have to point out that journalists have been held in U.S. prisons for withholding sources. The cases would appear to be similar.

    Don’t think so at all.

    Apple isn’t a “source” here. Apple has no information on this terrorist or any activity thereof. They have NO relevant information they can give the FBI whatever, even if they wanted to.

    Apple also, isn’t “withnolding” anything. They simply do not have what the FBI is asking for! They’re refusing to create, de novo, a “skeleton key” that will allow the FBI to crack any Apple phone any time it likes. Apple is 100% in the right here. If the FBI wants to create its own version of an IOS system, it can do so itself, and at its own expense. Why should Apple do this for the FBI or anyone else?

  3. dnice
    dnice02-20-2016

    Good points. Having worked in the military big gov’t can really screw things up.

    But hypothetical speaking, if the FBI had intell that there was a terrorist cell and a strike was imminent would Apple at least decrypt the data?

    • Tony Lima
      Tony Lima02-20-2016

      No idea. But if the attack was imminent there would most likely not be enough time to decrypt the phone.

  4. Apple vs FBI Continues to Mystify - Tony Lima Associates
    Apple vs FBI Continues to Mystify - Tony Lima Associates02-20-2016

    […] morning brought some interesting speculation. Apple vs FBI continues to mystify. Yesterday I wondered aloud how an employee at the San Bernardino agency where […]

  5. Apple vs FBI Curiouser and Curiouser - Tony Lima Associates
    Apple vs FBI Curiouser and Curiouser - Tony Lima Associates02-21-2016

    […] is the third update to the original article.  Click here to read the whole thing (including links to all […]

  6. Apple vs IBM Expert Opinions - Tony Lima Associates
    Apple vs IBM Expert Opinions - Tony Lima Associates02-21-2016

    […] is the fourth update to the original article.  Click here to read the whole thing (including links to all […]

  7. Linda Claudine
    Linda Claudine02-23-2016

    There is a bigger issue at stake here – the info on the iPhone is easily retrieved. But it sets a precedent – citizens still have rights – and unless they have good cause to dig into my iPhone and a warrant – no. I think that is part of it. I advise everyone to get an encrypted key for all sensitive – or personal – email. It’s quite simple. There is a great app in Appke Store – NET-Toolbox – that among many things gives simple directions for this. Run some of his tools on your network and be prepared to feel ill. Developer is Gernan, very responsive (Martin) to requests, includes tutorials, tech news and amazing tools. He dies have hidden in his info videos one of Anonymous’s videos – but if that’s the worst – no problem with me. He is definitely paranoid – but I believe for good reason. And he says he can show us the problems – but Apple WILL NOT ALLOW any apps to fix them. ANOTHER issue to consider – how much incompetence they are hiding.

    • Tony Lima
      Tony Lima02-23-2016

      I am approving this comment without investigating the claims made. It’s an important issue that deserves dissemination. Thanks, Linda!

    • Tony Lima
      Tony Lima02-23-2016

      Re encryption, I believe Truecrypt is still available for download (even though the company pulled the plug). A better alternative is GPG — open source, runs on most platforms, integrates with major e-mail clients. Do you have a public key?

    • Tony Lima
      Tony Lima02-23-2016

      It’s actually NetworkToolbox and is available in the iPad/iPhone app store. Costs $5.99. Has rave reviews. My first impression: Once upon a time there was the True North network analyzer. I used it for quite a few generations of windows. There is also the OS X network utility (which you may have to retrieve from an earlier version of OS X). This product brings the best of both to iOS devices. It’s cool, slick, and … may actually be useful.

      Here I need to offer a disclaimer. Our home office network is protected by a Sonicwall security router (TZ 200W to be precise). That means malware mostly doesn’t get past our gatekeeper. So my quick test of the “Security Check” feature of NetworkToolbox came up mostly empty. (I need to investigate the positive hit from the Verizon supercookie test.)

      If you are a network geek who wants to delve into the details of your network, this is a great tool. If you have an unprotected network, my advice is to get a security router. Today there are open-source computer-based systems available. I’m skeptical of those because fast updating to cover new threats is an important feature. At the same time, ever since Sonicwall was acquired by Dell, tech support and other features have been depracated.

      I write all this while recovering from three hours in my dentist’s chair this afternoon. Please report all incoherencies, errors, and other complaints to me asap.

Leave a Reply