ITsecurity
twitter facebook rss

Applesauce, The Apple FBI Backdoor

Posted by on February 19, 2016.

The Apple FBI Backdoor

While the FBI has been after Apple to create a backdoor to iOS, this recent episode stems from the December attacked of Syed Rizwan Farook who killed 14. Farook had expressed support for the Islamic State on a Facebook page and there are still many questions about whom the shooter might have contacted.

At question is the Phone of Farook, which it must be pointed out was issued to him by his former employer San Bernardino County. In essence, this is a business phone and entitle to no privacy beyond the company that issued it. San Bernardino County has given the FBI full authority to investigate.

At this point, the access is not even about encryption per se – it is about the PIN code and gaining access to the phone. It is a minor point, but the task is not to break the encryption – the task is to brute force the PIN to gain access. iOS will wipe the device after 10 wrong attempts. I cannot help but wonder how many “lives” the FBI used before going to Apple.

The FBI wants Apple to disable the 10-try limit. Cook states:

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation.

Is that even possible to do and not risk losing much of the relevant information on the phone… Moreover, if it was, and if the code only removed the 10-try limit, would that really be creating a backdoor – or just adding one more vulnerability to the system. You would still have to be in physical possession of the phone.

My Spidey-Sense is going off.

Here is what isn’t reported much about this case; Investigators have already obtained the most recent backup of Farook’s iCloud account. Apparently, the backups stopped a month before the attacks, and so the question of what might be missing is at foot. Yet, it has to be noted as Cook stated:

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants

So, I’m missing the big picture point on this one. It isn’t about cracking the encryption and it isn’t about protecting privacy beyond a subpoena. If I was a bit more cynical, I might think that the FBI took the opportunity to try to force Apple to build a backdoor. Yet Apple is certainly sophisticated enough to know the difference between an encryption backdoor and a brute force attack. They say there is no bad publicity and Apple’s stock price has be heading in the wrong direction. Nothing like promoting a super secure platform. Moreover, Apple has both the operating system and application Eco-system to do a little boasting in this area. The 2015 Verizon Data Breach Investigation Report noted that 96% of mobile malware targeted Android. But who reads DBIR’s – just us geeks. Getting that message out to the masses… “that ain’t Applesauce.”

 

 


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Martin Zinaich | Tags: , , , ,