Click to Skip Ad
Closing in...

Does Apple even have the ability to hack the iPhone like the FBI wants?

Published Feb 17th, 2016 12:33PM EST
Apple iPhone Security Backdoors

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The FBI has specific requests for Apple regarding the iPhone retrieved from one of the San Bernardino shooters. The agency wants to access the information stored on the handset, but the phone is protected by a PIN code. A judge already ordered Apple to comply with the FBI’s demand, but Apple is resisting, explaining in great detail why iPhone security and encryption is necessary.

However, since this is an iPhone 5c, it turns out that Apple does in fact have the technical capability to do what the FBI is asking.

DON’T MISS: Apple’s upcoming iPhones might change the game more than you can even imagine

The one thing that protects the iPhone in question is a simple PIN code that the FBI could try to hack using a brute force attack. However, there are hurdles that could prevent the attack from working, which is why the FBI needs Apple.

There are three things that protect the security of the iPhone, Trail of Bits reminds us:

  • iOS may completely wipe the user’s data after too many incorrect PINs entries
  • PINs must be entered by hand on the physical device, one at a time
  • iOS forces a delay after every incorrect PIN entry

The FBI knows all this and it wants Apple to remove the auto-erase feature, to allow PIN input by computer rather than by hand, and to remove the delay. The FBI could crack the password in half an hour if Apple complies with its requests, and it would do so by using a computer to guess all the possible combinations until it finds the right one.

But Apple doesn’t want to do it — on principle in this case, not because it can’t.

Unlike newer devices that pack a fingerprint sensor and a secure enclave, the old iPhone 5c can be tricked into running a custom “FBiOS” to open it up for inspection. The procedure is akin to jailbreaking the device. Apple could feasibly take control of the phone, install the new software and give the FBI all of the data on the handset – so “FBiOS” would not actually be used by the FBI’s hackers.

As Trail of Bits explains, this hack is possible because the secure enclave isn’t present. On an iPhone 5s or newer, that enclave would keep track of how many times a wrong PIN code is entered and get “slower and slower at responding with each failed attempt.” That means that even if Apple complies with a request concerning new devices, the hack the FBI is requesting would not work.

Interestingly, the site says that Apple has allegedly cooperated with law enforcement in the past using a custom firmware that bypassed the lock screen (read this CNET report from April 2012), so it could do it again. It should be noted, however, that many things have changed in iOS since then so the same methods might not work anymore.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.