Apple Dodges a Bullet — or Something Like That
March 24th, 2016It almost came across as a movie cliffhanger. Just a day ahead of a scheduled court appearance in which Apple would fight the FBI’s demand to develop a “govOS” to unlock an iPhone, a motion by the Department of Justice to postpone the hearing was approved by the judge.
According to the court filing, the FBI had allegedly been contacted by a third party with a possible solution to unlocking an iPhone 5c, a work phone used by deceased terrorist Syed Farook. The FBI contended that its demand was just for that one iPhone, whereas it was soon revealed that similar demands were just waiting in the wings for this case to be resolved.
There ensued a very public debate between Apple and the FBI over the issues. Tim Cook and other Apple executives asserted, with clear justification, that the act of developing a less secure OS would result in a backdoor that could be exploited both by the good guys and the bad guys. TV pundits weighed in, but most were not terribly informed about the request or its ramifications.
At the heart of this case was the obvious suspicion that the FBI had waited for a high-profile case as an excuse to seek a court order, hoping for a quick ruling to make it so. But I also wonder why they didn’t look to security firms to help them if the government’s own resources were insufficient. Asking a company to build a special product based on a court order would create a nasty precedent.
According to published reports, software developer Cellebrite, from Israel, was the firm contracted to make the attempt to unlock that iPhone. The firm offers what it calls “mobile forensics solutions” to help unlock such gear. Not confirmed is a report that the contract is for $15,000. That would seem a tad low, unless Cellebrite was convinced it could get it done fairly quickly.
How would they do it? Well, according to published reports, one scheme would be to use NAND (flash memory) mirroring, to copy the data on the iPhone, and then trying passcodes on that copy. After nine attempts, the data is replaced, and they try new passcodes. There are 10,000 possible combinations, so it might take time to get a positive result even if the process was highly automated. Whether it takes hours or days, presumably it would eventually succeed.
Now there has been some interesting byplay in media comments about this possible solution. One suggests that Apple would be harmed if they lost the original case, simply because it would mean that a backdoor would be developed that would compromise iOS security. But if the iPhone is unlocked by a third party, using a hack of some sort that exploited a known, or newly discovered, flaw in iOS, it would only demonstrate that the platform is not as secure as Apple would like you believe.
On the other hand, Apple doesn’t claim its platforms are impossible to hack, and iOS is regularly updated as new security flaws are discovered, so they are promptly fixed. So any flaw exploited to unlock that iPhone would, if Apple knows about it, be fixed before long. It’s not a permanent concern.
But if a method is found to bypass the limit of 10 passcode attempts, which is what the NAND mirroring/copying scheme appears poised to do, it would not be the result of a security flaw. On the other hand, Apple could, I suppose, make it impossible to copy the flash memory without somehow impacting the integrity of the data. Indeed, the suggested solution is strictly theoretical at this point.
However it’s done, unless the FBI reveals the solution, it will probably be a secret, mostly, unless the method somehow leaks. Or someone else tries what they believe to be the solution, achieves a successful outcome and makes it public.
But if it doesn’t work, you can bet the FBI will return to court and the postponed hearing will take place.
Even if Apple were to win in the courts if a new skirmish occurs, it’s possible the U.S. Congress could get together and devise some sort of solution that would become law. But in this highly polarized climate, the prospects for its passage is minimal. The House might be more interested in passing yet another bill to rip up the Affordable Care Act, or approving the name of a new post office.
What might happen — regardless of the outcome — is that a committee will be appointed to evaluate the situation and make recommendations. One hopes that Silicon Valley companies would be represented. Even then, as with most committees, it may take months or years for it to deliver a report, and even if they did, the chances that a workable law would result aren’t terribly high.
In short, the final chapter of this story has yet to be written. And just imagine how one might feel if that iPhone 5c didn’t contain any actionable data after all? That’s what I think, because the terrorists were smart enough to destroy their personal tech gear. This is, after all, a work phone, so why would they put potentially incriminating stuff on a device that could have been easily recovered by the agency that owns it? I suppose, if it did contain something important, the handset could have been destroyed too before anyone had a chance to recover it.
| Print This Post
Just a quickee:
Presumably, they would be attempting to crack the code using multiple copies in parallel, not serially on a single copy. Depending on the number of copies, it could take just seconds to run through all 10,000 possibilities.