Snowden joins group calling FBI’s bluff: Apple assistance unnecessary to crack iPhone

Advertisement

Right now, the FBI is trying to compel Apple to develop new software that would allow it to more easily break the security on the locked iPhone 5c that’s currently at the center of the San Bernardino terrorism investigation. As configured, the smartphone’s set to permanently destroy the means to access its encrypted data if an incorrect PIN is entered too many times, and the FBI wants Apple to craft a special version of iOS that would disable this countermeasure. While Apple waits to see how its motion to dismiss the order plays out in court, security experts are questioning whether or not the FBI really needs the assistance it’s demanding of Apple.

That list of high-profile figures in computer security include Edward Snowden, who yesterday tweeted his support for this analysis of the situation:

Basically, there’s no reason the FBI should need a software work-around for the iPhone’s auto-delete mechanism, as it already has physical access to the phone’s flash storage. On the iPhone 5c, when too many incorrect PINs are entered, iOS deletes a key stored on that flash chip (not the encrypted data itself) – and without that key, the rest of the data on there can’t be decrypted, even with a correct PIN.

But there’s nothing stopping the FBI from removing that chip, copying it (like with the gear you see above), and guessing the PIN all it wants. When it guesses wrong too many times, it can simply reflash the chip, restore that key, and keep on trying. Unlike future iPhones, there’s no secure enclave on the 5c that can’t be readily accessed – all the data the FBI needs to work with is on that flash chip. Sure, this would take slightly longer than an automatic brute-force strategy, but it’s well within the FBI’s capabilities.

This analysis is only fueling speculation that the FBI’s motives for ordering Apple’s help go beyond gaining access to this one phone, and it could be more interested in the precedent of compelling tech companies to weaken their security.

Source: ACLU, Edward Snowden (Twitter)
Via: CNET

Advertisement

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!