Resized PasscodeTime

Apple is vehemently opposing the FBI’s request to create a backdoor in iOS that would permit authorities to access encrypted data on the iPhone used by one of the San Bernardino shooters. In an open letter to all customers posted on the company’s website, CEO Tim Cook acknowledges that Apple believes that the FBI’s intentions are good and makes note of the fact that his company has done “everything that is both within our power and within the law” to help the authorities.

“But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” he wrote. “They have asked us to build a backdoor to the iPhone.”

Brute-force passcode attempts

As a quick backgrounder, the FBI wants Apple to help them bypass or disable the auto-erase function which automatically erases all data on an iPhone after ten failed passcode attempts. They also want Apple to modify the shooter’s iPhone so that brute-force passcode attempts could be performed through the handset’s physical port, as well as over Bluetooth and Wi-Fi.

In removing the delay between passcode attempts, the FBI could use speedy computers to break into the device. iOS enforces a 1-minute delay after five failed passcode attempts, a 5-minute delay after six attempts, a 15-minute delay after 7-8 attempts and a one-hour delay after nine attempts.

A tenth passcode attempt will erase all data on the device, provided a user has enabled the option in Settings → Touch ID & Passcode → Erase Data. Because these delays are built directly into the Secure Enclave hardware, a tiny chip that is walled off from other iPhone components and holds encrypted fingerprint, health and other data, removing it would require modifying iOS to let the FBI guess the password.

That, in and of itself, would constitute a dangerous precedent which might potentially undermine the security and privacy of all Apple users because government agencies could use a special version of iOS that Apple is supposed to provide to unlock anyone’s iPhone and access their data.

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation,” Cook wrote.

The FBI would, in theory, put the shooter’s iPhone into DFU mode in order to overwrite the firmware with a modified build of iOS that would let it brute-force its way into the device.

“In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”

The Secure Enclave

Apple’s iOS security guide document states that the Secure Enclave is a coprocessor fabricated directly in the A7 or later A-series processor. “It utilizes its own secure boot and personalized software update separate from the application processor,” explains the document.

The Secure Enclave provides all cryptographic operations for data protection key management and maintains the integrity of data protection even if the kernel has been compromised.

It uses encrypted memory and includes a hardware random number generator and its own microkernel. Communication between the Secure Enclave and the main application processor is isolated from the rest of the system to increase security.

In addition, each Secure Enclave is provisioned during fabrication with its own unique ID which is not accessible to other parts of the system and is not known to Apple.

The Secure Enclave is also responsible for processing fingerprint data from the Touch ID sensor. The main processor cannot read encrypted fingerprint data. Communication between the Secure Enclave and the Touch ID sensor is also protected by provisioning the Touch ID sensor during fabrication with its own unique ID.

Security as a tentpole feature

Apple has long maintained that it’s impossible for it to extract data from a passcode-locked iPhone running iOS 8 or later due to hardware-based encryption and the fact that it does not posses the encryption keys to make the data readable.

Cook’s extremely strongly worded letter went on to call the demand “chilling,” saying that building a version of iOS that bypasses security in this way “would undeniably create a backdoor.”

“And while the government may argue that its use would be limited to this case, there is no way to guarantee such control,” he added.

The Republican presidential front-runner Donald Trump blasted Apple today for not unlocking the shooter’s iPhone. “To think that Apple won’t allow us to get into her cellphone? Who do they think they are? No, we have to open it,“ he said during an interview on Fox & Friends.

“I agree 100 percent with the courts. In that case, we should open it up,” he said. “I think security overall — we have to open it up. And we have to use our heads. We have to use common sense. Somebody the other day called me a ‘common-sense conservative.’ We have to use common sense. Our country has so many problems.”

What’s your position on this topic? Should Apple create a special version of iOS to let authorities break into the shooter’s iPhone? What would you do if your were standing in Apple’s shoes?

Source: Apple

  • Nathan

    I don’t think Apple can really decrypt the phone anyways…they’d need the password.

    • Joshua The-Legend Wiebe

      That’s like saying you’re unable to solve a puzzle that you built.. Of coarse they can, but it’s too risky.

      • therealjjohnson


      • Joshua The-Legend Wiebe

        Thanks, hate autocorrect..

      • Jackson Grong

        They can, they just don’t want it it the FBI’s hands. Because they don’t trust them, like all of us.

  • Cameron Nelms

    Don’t you have to put the password in before you even upstate the iPhone?

    • iBanks

      Yup, or even to do an backup to iTunes.

    • Joshua The-Legend Wiebe

      Not if it’s in dfu mode as stated above.

      • Rowan09

        But then you lose all the information on the device

      • Joshua The-Legend Wiebe

        If you hit restore – yes, but in this case, it would be update. They’d still have the data on a modified current firmware that would allow them to bypass the passcode.

  • Connecting Mac User 

    Donald Trash should go f**k himself so hard.. Sometimes I wonder why that attention whore still appear on media and talk. Apple should stick with their rules, No unlock, No access, No backdoor. FBI find alternative or go to hell.

    • Gregg

      Donald Trumpet is a Kim Kar*trash*ian of politics.

  • iBanks

    I think they are upset that Apple is more secure than the very securities that call themselves protecting our nation.

    • Franklin Richards

      I think the government has the means to hack smartphone devices but they’re setting up plays so that they can blame companies like Apple or Google when they fail at protecting the country. They can’t possibly have so many departments specifically for digital surveillance and not have a way in.

      • Jackson Grong

        I agree, the FBI and other government surveillance departments probably have systems 20 years ahead of our mass produced chips.

      • Rowan09

        Don’t think so. Remember they were hacked multiple times so we shouldn’t overestimate their abilities.

      • Anonymous

        They do. One of my class mates works for some branch of the government and they have comfrimed that much. Although, they wont tell me much. But i agree with you and that there settting up apple and google.

  • Vince Reedy

    Donald Trump is uninformed and wrong on this issue. That worries me for a bunch of reasons, but I digress. We cannot allow access to everyone’s phone for access to one. Apple cannot back down. Tell the government to do their job at the border and keep radicals out of the country. I’m in the process of getting a passport that has taken weeks now because of a paperwork issue. If they only showed the same care with immigrants coming to the country for who knows what. This “tool” to backdoor a mobile phone must never exist, or you will be a walking data collector for the NSA. Please folks, do not let them use your emotions for wanting quick justice to allow this. It’s a tragedy for sure, but we can’t just rewrite the rules without representation when they hit a snag in the case.

    • Rowan09

      I agree they did the same with 9-11 and it’s never been the same since.

      • Vince Reedy

        Exactly. I was a proponent for the Patriot Act back then because of the situation. I have grown and learned since then and we cannot allow it to happen again. It has nothing to do with who’s president or which party wants what. None of them are to be trusted, they have proven themselves untrustworthy on both sides of the aisle time and time again. Our constitution is under attack daily.

      • Rowan09

        Yep. America itself un-Constitutional

    • omakad

      Couldn’t have said it better myself. This can not happen. I’m wondering if there is some kind of petition that’s been started that users that understand importance of security can sign. I don’t know if it would make any difference but it would be a start.

      • Vince Reedy

        I don’t think petitions make a lot of difference. I think pitchforks is where we are now.

      • omakad

        Yeah you are probably right, but i’m not sure how else can users get involved in this issue. I know petitions for presidential review need 100k signatures at which point white house has to respond. I was wondering if other institutions have simular rules that will give us a voice.

      • Morgan Freeman

        “Has to respond”…. do you believe that?

      • omakad

        You are killing me :).

      • Vince Reedy

        https ://petitions.whitehouse dot gov/petition/apple-privacy-petition

      • omakad

        I just read about it on 9to5 mac. Well let’s see what happens. There is only about 3k signatures. Hopefully more people will sign it.

      • Vince Reedy

        Hopefully it picks up steam.

      • Morgan Freeman

        Some folks up on Oregon tried that. Look what happened. It’s going to get REAL ugly once people wake the hell up and go out en masse to defy “the government”…

    • Chris Ryan

      i’ll openly admit i don’t know a lot about this case, however, i’m curious, it seems as tho they have 100% undeniable proof that the shooter is guilty, what other vital info do they feel this phone holds?

      • Vince Reedy

        I would assume info about future plans, people they conversed with, etc. If Apple can provide the information without compromising anyone else’s device than so be it. Not if it compromises 1 other device.

      • Xee

        Bull there will be naff all on that phone they are just trying to use this to twist Apples arm.
        Didn’t they already confirm those 2 act alone?

  • Alex Graham

    I am taking apple’s side on this.

  • Marly Marl

    Tim cook we know the letter is just to put the public at ease and the backdoor will be created anyways

    • Alberto M.

      could be.

    • Vince Reedy

      I want to say Apple would not risk the company’s future just from a public opinion standpoint, but the gubment has a way of getting what they want. I hope you are wrong.

  • Personally, I think they should do a one off for the greater good and only do it under the conditions that the “control” they are looking for is guaranteed. Simply put, if that was anybody from your family killed in San Bernardino, wouldn’t you be frustrated that this phone isn’t being unlocked? It could potentially lead to more justice being served for those affected by the shooting.

    • Mike Colacone Saal

      Actually, no. “those who give up essential liberty for temporary security deserve neither” a great quote for Benjamin Franklin. The problem is that maybe this would help in this one case, but to have that ios with a backdoor out means the government and hackers alike would be able to get to your information whenever possible. It wouldn’t bode well for our constitutional rights because the government would constantly infringe upon it. I applaud Apple for doing this.

      • You’re missing the mark here. The shooter forfeited his/her freedoms when he decided it was a good idea to kill innocent people. There’s no need to hold them to the same standard of privacy as us. The problem is everyone is so wrapped up this idea of “privacy.” The odds of a hacker actually taking this backdoor and using it to brute force your device are slim to none. Plus the iPhone mentioned is a 5C, which is missing the security enclave that would render it almost impossible to backdoor. Plus the government said that this operation could be performed at an Apple facility, in which I’m sure it would be well kept to Apple’s secure standards. Precedent or not, I think in instances like this it’s perfectly acceptable to deem the privacy of the shooter, who clearly is guilty, to be forfeited and their phone (Christ guys it’s a PHONE) to be unlocked for the purpose of justice. Lose the idea of “the man” and “hackers going to get their hands on this software” and whatever other conspiracy theories you believe will actually apply to you and think clearly for a second about the case at hand.

        h tt p://blog.trailofbits.(com)/2016/02/17/apple-can-comply-with-the-fbi-court-order/

        Read this article and inform yourselves. Vince Reedy included.

      • Vince Reedy

        So you’re saying that the government does not and will not use this or anything like this on everyday average citizens that are not guilty of a crime because we haven’t forfeited our liberties. Well then why, pray tell, do they collect data at ridiculous rates for every day, average, law abiding citizens with no purpose for it?

      • I highly doubt that for the average domestic court case, a precedent like this, if Apple is forced to comply, will be used. And about the data: who knows, and quite honestly who really cares. Your data is out there and there’s nothing you can do about it. Unless it’s putting a serious dampening on your lifestyle or keeping you from functioning, it’s irrelevant. The only time it will ever probably come out is if you commit a crime.

      • Vince Reedy

        The data in my case is irrelevant, I agree, but the practice that they use is not. Only when they start coming to your door for doing innocent research on a particular subject to ask questions will it be relevant I guess. The time to stop it is now, for it will be far too late then. I appreciate the intelligent dialogue on the matter without personal attacks and name calling, as the manner of some is.

      • The practice may be immoral or not, but do keep in mind, it’s for the purpose of national security, which I can understand. If you’re a law abiding citizen, you have nothing to worry about anyway, which many people just don’t understand and think the big bad government and the FBI/CIA are using their information for (insert any conspiracy cause here). Likewise on the dialogue. No need for slander, just airing out ideals.

      • Rowan09

        I hope you know what happens today affects the future. Look at what has happened to America since the Patriot Act how safer do you think America has become since? It’s a false sense of security because at the end of the day, they need civilians to help them out. Look at the failed bomb attempt in Times Square, it wasn’t the government that figured it out, it was a citizen. Don’t be fooled like all those scanners in the airport does anything to keep you safe. All you need is someone on the inside and there’s nothing they can do to stop anything from happening.

      • Whether or not you believe in the Institutions that are put in place to keep us secure is up to you. No matter what you think though, they will still operate however they feel will keep us safe as long as its Constitutional. We have systems in place in order to prevent things from getting out of hand, such as the Supreme Court.

      • Rowan09

        Have you been paying attention? The Constitution is constantly being attached in false sense of security. The government can now do general warrants which is illegal but was made legal after 9-11. The system will keep the system going and that’s it. If the government really cared we wouldn’t pay so much for insurance. In NYC gas prices right are extremely low but the market is being affected so they are thinking of raising the prices again.

    • Vince Reedy

      In case you don’t watch the news or inform yourself on these matters, one off is another word for legal precedent. One offs will become the norm. Give me an example where the US Government used a one off.

  • Alberto M.

    I stand with Apple.

  • iPhoneWINS

    they will capitulate eventually.. all companies do.. they are just posing and posturing to make the public think they care…lol

  • siddique

    This is just show off by apple , indirectly they will help FBI …two face apple

  • pnh

    Hello, FBI? One word. Pangu.

  • Anonymous

    Good on cook and the rest of apple. If the fbi really needs to get into the phone they can hack it them selves. They have the resourse to do it.

  • I respect Apple’s stance on this entirely. But could a comprise not be made? Something like the FBI gives the phone to Apple, they create the hack to get into it, grab all the data they need and then burn the phone and hack?

  • nvog

    Mostly a national security issue turned by apple into publicity gimmick… ok, iphones are totally secure we get it.

    Even so, Cook gave FBI a way out… “The FBI would, in theory, put the shooter’s iPhone into DFU mode in order to overwrite the firmware with a modified build of iOS that would let it brute-force its way into the device.”

    In other words…. PANGU.

  • nonchalont

    Apples right in what they are doing. Give privacy to the people, not the fbi. Fbi has good intentions I’m sure with this case, however that’s giving the government authority to unlock any iPhone in smaller cases.

    We the people will run this country, not the government. Bad stuff is going to happen, however let the people run it, not Uncle Sam.

  • smtp25

    FBI should just turn over the phone to Apple undersupervsion, they crack and return it. Don’t release the software or method (which they said they didn’t have anyway)

  • Gary LE

    Use the dead shooters finger prints to unlock the phones?

    • Rowan09

      It was a 5C but that that’s funny.

  • n0ahcruz3

    I know why Apple is doing this.. China. Think about it lol

  • techfreak23

    I think it’s a little ironic that Apple has been building up their encryption over the years for numerous reasons, one of them being the fact that Apple wanted to enter the business/government market, which required a certain level of encryption. Now they want Apple to backtrack and create a tool to circumvent some of those safeguards. I read some other articles saying that Apple has complied with 70 requests like this since 2008. Those reports don’t say how many were before iOS 8 came out, however. The point here is that Apple had the means to do so in the past before iOS 8 came out when they were storing the keys for all iOS devices, so they complied with those court orders. Now, with iOS 8/9, Apple does not currently have the means to get into iOS devices and the government wants them to create a tool to do so and that’s the big issue.