- Apple was recently ordered by a magistrate court to assist the FBI in brute forcing the PIN of a device used by the San Bernardino terrorists.
- The court ordered Apple to develop custom software for the device that would disable a number of security features to make brute forcing possible.
- Part of the court order also instructed Apple to design a system by which pins could be remotely sent to the device, allowing for rapid brute forcing while still giving Apple plausible deniability that they hacked a customer device in a literal sense.
- All of this amounts to the courts compelling Apple to design, develop, and protect a backdoor into iOS devices.
Firmware signing capabilities:
- Apple has firmware signing capabilities for all of their devices, and are the only ones in the world that can boot custom software without exploiting a device. This also requires an authorization ticket from Apple’s servers in order to authorize the code to load onto a device.
- Firmware updates run as a RAM disk on iOS devices, which is similar to booting off of a USB stick.
- Apple can write a custom RAM disk (as a “SIF”), sign it, and boot it on any iOS device from restore or DFU mode to run from memory.
- A7 chips have moved the backoff (delay) and retry count for passcode attempts into the “Secure Enclave” (SEP), which is a coprocessor inside newer devices, however this can be updated (or “flashed”) by Apple in its present form to remove these features.
- The iPhone 5c does not have the new A7 chip, and therefore does not have a Secure Enclave, so the PIN delay is software-based and can be easily disabled anyway.
- The mechanism that wipes after 10 failed attempts appears to still be software based on all devices, and could be disabled on any device.
- A number of alternative methods exist, some of which are believed to be feasible alternatives that can be performed without Apple’s assistance.
- The All Writs Act includes a “necessity” prong that insists an order can only be granted if it is the only way to achieve a certain task.
- Apple can, on a technical level, comply with the court’s order to brute force the PIN on an iPhone 5c.
- Forcing Apple to develop a forensics tool is not the only feasible method available to access the content on the device in question.
- The only reason it is possible to decrypt this information at all is because the subject chose a weak (numeric) passcode instead of an alphanumeric passcode. Choosing a complex, alphanumeric passcode is computationally infeasible to brute force, regardless of any backdoor compelled by the government. Apple uses the PBKDF2 key derivation function, which involves a mathematically dependent 80ms delay to compute a key, controlled by encryption routines that are bound to the hardware. As a result, it would take six years just to brute force a six digit alphanumeric key, and exponentially more time for longer keys.