Yes, It Can Be Hacked!
For cyber security types, here is a good article providing evidence that the FBI’s arguments for coercing Apple to break into the San Bernardino terrorists iPhone 5c were essentially propaganda. The FBI appeared to use this case to lobby for federal legislation to require “backdoors” to be built into smartphones, etc., so that law enforcement can gain easy access to any device.
The story went like this: The FBI wanted access to one of the San Bernardino shooters iPhones so they could check up on contacts, emails, text messages, anything that would help the FBI discover a potential (but as yet unproven) network or other terrorist contacts. The iPhone in question was locked with a passcode and if you make too many wrong entries trying to guess the code, the iPhone will erase all it’s memory.
The FBI decided to ask Apple to unlock it. Apple said that the FBI mishandled the phone and prevented the phone from uploading its memory to the Apple cloud. Apple said it did not have a way to unlock the phone itself and this is very likely true. The FBI then asked Apple to use their intimate knowledge of the workings of the iPhone to figure out a way to unlock the phone, basically to hack into their own product. Apple refused. The FBI then went public and in a very high profile case, attempted to use legal means to force Apple to comply.
After a couple of weeks of very public bantering, the FBI claimed it found a way to hack into the phone and asked that the case to force Apple to break into it’s own product be dropped. Subsequently, the FBI made several well-publicized pleas to congress to come up with a law that would force companies to build in “backdoors” to their products so the FBI and other law enforcement would not have to resort to expensive hacking techniques or even necessarily get a warrant.
The argument they make is that it would be a valuable tool to prevent terrorism and crime. And maybe it would. But the complexities of this issue go far beyond the myopic FBI viewpoint. Here is why:
A backdoor is a cyber security term for a method to bypass a user’s security. You have your key to unlock your “front door,” and the FBI has a key (or method) to unlock a built-in “back door.” This would work if the FBI kept their key safe. But suppose they did not keep it safe? Suppose a future highly placed individual in the FBI decided to use these backdoor keys to gather compromising information about political figures in order to gain power. What would J. Edgar Hoover have done with such power? Or Vladimir Putin?
Apple was correct to deny the FBI their services. No one buys an Apple (or any other brand) product with an expectation that the manufacturer is going to hack it open on demand. Privacy is expected and the product should operate as intended. Also, engineers would have had to produce a new technique under coercion of the law. The FBI could likely then use this tool to break into any other iPhone as it desired (and the FBI confirmed they have many iPhones they want to open up). Can the government force a locksmith to create a two-key lock if the locksmith does not want to? Is that constitutional?
Ironically, when the news of this broke, techies on the internet were abuzz with an easy technique to break into the iPhone: Take it’s flash memory out, read it and “brute force” guess the password (try every one until you find it). This would prevent the memory from being erased. And this is exactly what the proof-of-concept paper referenced in the above hyperlink explains.
The FBI thought this technique was “impossible.” Apparently, engineers and hackers are now the power brokers in this country. 😉
Posted in Cyber Security, Hacking! by Mark with .