Apple defies FBI demands to create an iPhone backdoor

Apple will defy a court order demanding it cooperate with the FBI in attempt to break into the iPhone 5c used by a perpetrator of last year's San Bernardino mass shooting.

California district court judge Sheri Pym yesterday ordered to Apple assist the FBI in gaining access to the iPhone by creating a custom version of its operating system for the device in question. This version of iOS would disable the iPhone's auto-erase functionality, ensure no delay is introduced after entering an incorrect password, and allow to test passcodes through software. These adjustments would theoretically allow the FBI to brute-force the iPhone's encryption.

Prosecutors have said the data on the iPhone in question may provide information as to who helped the shooters carry out the massacre, in which 14 people were killed and a further 22 were injured. The FBI has been investigating the shooters' potential links to Islamic State and other militant groups.

Apple CEO Tim Cook described the order as a "chilling" overreach that would put all iPhone users at risk, in an open letter to the company's customers.

"Building a version of iOS that bypasses security in this way would undeniably create a backdoor," wrote Cook. "While the government may argue that its use would be limited to this case, there is no way to guarantee such control."

"The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable."

"The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe."

While Cook believes the FBI's "intentions are good", he described the creation of an iOS backdoor as a dangerous precedent that could ultimately lead to mass surveillance.

"We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country," wrote Cook. "We believe it would be in the best interest of everyone to step back and consider the implications."

Cook did however note that Apple has "worked hard to support the government's efforts" in solving the crime, and said the company has done everything that is within its power and within the law to help. 

Google CEO Sundar Pichai took to Twitter to side with Cook, and said that "forcing companies to enable hacking could compromise users’ privacy".

"We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism," wrote Pichai. "We build secure products to keep your information safe and we give law enforcement access to data based on valid legal order, but that’s wholly different than requiring companies to enable hacking of customer devices one data. Could be a troubling precedent."

Security firm Trail of Bits CEO Dan Guido has suggested that while Apple is technically able to fulfil the courts request due to the fact the iPhone is a 5c, such a task wouldn't be possible on newer devices due to Apple's Security Enclave. The Security Enclave is a separate piece of hardware found inside any iPhone with a Touch ID sensor that operates independently of iOS. As such, a customised version of iOS could not, for example, reduce the amount of time between incorrect passcode attempts on an iPhone 5s or newer.

While it may technically be possible to create a backdoor that would work on the iPhone 5c (and older iPhones), it is assumed that Apple wishes to avoid setting a precedent where governments (in the United States or otherwise) are able to force it to hack into other customers' iPhones, among other concerns.  

Locally, Attorney General George Brandis has sided with the likes of Republican Candidate Donald Trump, telling ABC that all technology companies should cooperate with serious crime investigations.

"We would expect, as in Australia, that all orders of courts should be obeyed by any party which is the subject of a lawful order by a court," said Brandis.

Ethical hacker and founder of Whitehack Adrian Wood told CyberShack that an iPhone backdoor would not only be a massive overreach, but also violate the right to privacy as laid out by the human rights act.

"[If Apple was to build to comply with the order], there is no guarantee that other threat actors will not get their hands on the backdoor and exploit it against the same people the FBI claim to be protecting, and then intercept corporate and government secrets, or simply blackmail individuals," said Wood.

"The individuals [in government and at the FBI] coming up with these ideas to gain backdoor access to services and software have no understanding of security and encryption, and appear to be ignoring all advice from professionals and experts about the substantial negative ramifications of what they are suggesting."

Earlier this year, advocacy group Electronic Frontiers Australia (EFA) Executive Officer Jon Lawrence described "calls to undermine encryption in the name of 'national security'" as "fundamentally misguided and dangerous".

"Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types, including of course government agencies," wrote Lawrence. "Undermining encryption therefore represents a serious threat to national security in its own right, as well as threatening basic human rights and the enormous economic and social benefits that the digital revolution has brought for people across the globe."

Post Horizontal Banner




Leave a Reply

Your email address will not be published.