Apple . Politics . Security

tl;dr technical explanation of #ApplevsFBI

On February 17, 2016 by
  • Apple was recently ordered by a magistrate court to assist the FBI in brute forcing the PIN of a device used by the San Bernardino terrorists.
  • The court ordered Apple to develop custom software for the device that would disable a number of security features to make brute forcing possible.
  • Part of the court order also instructed Apple to design a system by which pins could be remotely sent to the device, allowing for rapid brute forcing while still giving Apple plausible deniability that they hacked a customer device in a literal sense.
  • All of this amounts to the courts compelling Apple to design, develop, and protect a backdoor into iOS devices.

Firmware signing capabilities:

  • Apple has firmware signing capabilities for all of their devices, and are the only ones in the world that can boot custom software without exploiting a device. This also requires an authorization ticket from Apple’s servers in order to authorize the code to load onto a device.
  • Firmware updates run as a RAM disk on iOS devices, which is similar to booting off of a USB stick.
  • Apple can write a custom RAM disk (as a “SIF”), sign it, and boot it on any iOS device from restore or DFU mode to run from memory.

Security capabilities:

  • A7 chips have moved the backoff (delay) and retry count for passcode attempts into the “Secure Enclave” (SEP), which is a coprocessor inside newer devices, however this can be updated (or “flashed”) by Apple in its present form to remove these features.
  • The iPhone 5c does not have the new A7 chip, and therefore does not have a Secure Enclave, so the PIN delay is software-based and can be easily disabled anyway.
  • The mechanism that wipes after 10 failed attempts appears to still be software based on all devices, and could be disabled on any device.

Alternative methods:

  • A number of alternative methods exist, some of which are believed to be feasible alternatives that can be performed without Apple’s assistance.
  • The All Writs Act includes a “necessity” prong that insists an order can only be granted if it is the only way to achieve a certain task.

Summary:

  • Apple can, on a technical level, comply with the court’s order to brute force the PIN on an iPhone 5c.
  • Forcing Apple to develop a forensics tool is not the only feasible method available to access the content on the device in question.

Editor’s Notes

  • The only reason it is possible to decrypt this information at all is because the subject chose a weak (numeric) passcode instead of an alphanumeric passcode. Choosing a complex, alphanumeric passcode is computationally infeasible to brute force, regardless of any backdoor compelled by the government. Apple uses the PBKDF2 key derivation function, which involves a mathematically dependent 80ms delay to compute a key, controlled by encryption routines that are bound to the hardware. As a result, it would take six years just to brute force a six digit alphanumeric key, and exponentially more time for longer keys.