The FBI has specific requests for Apple regarding the iPhone retrieved from one of the San Bernardino shooters. The agency wants to access the information stored on the handset, but the phone is protected by a PIN code. A judge already ordered Apple to comply with the FBI’s demand, but Apple is resisting, explaining in great detail why iPhone security and encryption is necessary.
However, since this is an iPhone 5c, it turns out that Apple does in fact have the technical capability to do what the FBI is asking.
The one thing that protects the iPhone in question is a simple PIN code that the FBI could try to hack using a brute force attack. However, there are hurdles that could prevent the attack from working, which is why the FBI needs Apple.
There are three things that protect the security of the iPhone, Trail of Bits reminds us:
- iOS may completely wipe the user’s data after too many incorrect PINs entries
- PINs must be entered by hand on the physical device, one at a time
- iOS forces a delay after every incorrect PIN entry
The FBI knows all this and it wants Apple to remove the auto-erase feature, to allow PIN input by computer rather than by hand, and to remove the delay. The FBI could crack the password in half an hour if Apple complies with its requests, and it would do so by using a computer to guess all the possible combinations until it finds the right one.
But Apple doesn’t want to do it — on principle in this case, not because it can’t.
Unlike newer devices that pack a fingerprint sensor and a secure enclave, the old iPhone 5c can be tricked into running a custom “FBiOS” to open it up for inspection. The procedure is akin to jailbreaking the device. Apple could feasibly take control of the phone, install the new software and give the FBI all of the data on the handset – so “FBiOS” would not actually be used by the FBI’s hackers.
As Trail of Bits explains, this hack is possible because the secure enclave isn’t present. On an iPhone 5s or newer, that enclave would keep track of how many times a wrong PIN code is entered and get “slower and slower at responding with each failed attempt.” That means that even if Apple complies with a request concerning new devices, the hack the FBI is requesting would not work.
Interestingly, the site says that Apple has allegedly cooperated with law enforcement in the past using a custom firmware that bypassed the lock screen (read this CNET report from April 2012), so it could do it again. It should be noted, however, that many things have changed in iOS since then so the same methods might not work anymore.