A lot has been written about whether Apple should comply with the recently publicized FBI demands surrounding the San Bernardino attack last year. However, I’m going to avoid the political side of the debate and focus on the technology instead. One could argue Apple has fallen victim to the old adage of “be careful what you are good at.” I discussed this topic with several peers at Security Innovation (thank you all, btw!) We seem to collectively agree the security that Apple has built into the iPhone over the last few years has been impressive and likely got them into this situation in the first place. If they weren’t so good at security, the FBI could retrieve this data on their own using their own security experts and technology.
The Apple device in question is a 5c. It’s likely that it is using iOS 8 or higher in which case most files are encrypted. The data on the device is stored in encrypted form with password-based encryption, by means of a user PIN. There is no easy way of gaining access to this data without cracking the PIN. This version’s auto lock feature enforces an auto-erase function that kicks in after 10 failed PIN attempts with an increased delay after every attempt to thwart a brute force attempt. All of the password guess attempts are tracked by the OS (not in hardware – more on this later). This is brilliant security design for its intended use, which is to prevent a lost or stolen from having all its confidential data extracted by a malicious user. However, for the FBI this means they would only have a certain number of attempts at getting the password correct before data is erased permanently, which is a very difficult task.
What the FBI asked for in their initial request is essentially for Apple to make a version of iOS that bypasses or disables the auto-erase function and doesn't purposefully delay the passcode attempts. FBI also requested for the iOS version to allow the PIN guesses to be sent over USB (rather than having to be entered by hand on the screen). This request would help the FBI make unlimited PIN requests using their laptops at the max speed of one passcode every 80ms rather than having to type the passwords repeatedly using the small iPhone screen. This would require Apple to patch the OS, sign it with their firmware signing key, side load it on the phone after putting it in DFU mode, and then give it to the FBI. Device Firmware Update mode is an iPhone mode that allows the user to change and choose the firmware the user wants to install on the device - without having the iTunes to automatically load the latest version of iOS on to the iPhone. The FBI would then attempt to brute force the PIN and unlock the phone. From a technology perspective, this is simple for Apple to do.
This situation might have gotten even stickier had the gunman used a newer iPhone version. The iPhone devices 5S and later are designed in a way that Apple probably couldn’t even help them even if they were willing. In these newer versions, the device encryption keys are stored inside what is called as a Secure Enclave. This is basically a separate component outside your iOS that just shares the same hardware space with the iPhone. When the user enters a passcode, it is combined with the key stored inside the Secure Enclave to unlock the device. The Enclave has its own counter and delays the passcode attempts by up to an hour when 9 or more attempts are made. The iOS secure Guide (page 11) provides a detailed view of how the Secure Enclave works. Though the Secure Enclave would make things difficult for the FBI, Apple could still be able to circumvent their own security process and make things easier if needed. This would be accomplished with an additional firmware update to the Secure Enclave that disables this delay along with any possible auto-wipe.
All of these options are possible; however, they’d all require Apple to create something specific for the FBI’s use. This reinforces just how good Apple’s security is for their iOS devices. Clearly, Apple has taken security and privacy of its consumers very seriously and should be applauded for that. The value of secure software and system design cannot be over-stated.