Apple vs. FBI: Everything you need to know about Apple’s fight with the FBI (FAQ)

BY Gautam Prabhu

Published 23 Feb 2016

Unlock iPhone

Last week, a federal judge ordered Apple to unlock an iPhone 5c used by Syed Farook, one of the attackers who killed 14 people in San Bernardino, California, in December.

In response, Tim Cook in an open letter has publicly stated that Apple plans to oppose the order as it would set a “dangerous precedent”, and the implications of the demands are “chilling”.

So what exactly does FBI want Apple to do?

FBI wants Apple to develop a new version of iOS that disables an “auto-erase” feature that permanently deletes the data inside after 10 failed password attempts and eliminate the delay that locks you out of the iPhone if the wrong passcode is entered. It also wants Apple to implement a method that allows FBI to enter the passcode electronically, so it can unlock the terrorist’s iPhone by “brute-force”, trying thousands or millions of combinations with the speed of a modern computer.

Can Apple comply with the order?

Prior to iOS 8, it was much easier for Apple to extract the data from an iPhone. However, in iOS 8, Apple introduced a security feature which encrypted the data on the iPhone using the passcode, so they can no longer use the data extraction process on an iPhone running iOS 8 or later.

Having said that, Apple has acknowledged that it is technically possible, but creating a new version of the operating system that circumvents the security features would create a backdoor which could give someone access to any iPhone in someone’s physical possession. Tim Cook wrote in the open letter “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

Why is Apple objecting to the court’s order?

FBI has said that it wants to use the tool only once to get into the terrorist’s iPhone, not unlimited access to iPhones everywhere, but has Apple has argued there is no way to guarantee such control. The only way to guarantee that such a powerful tool is not misused is to never create it.

In fact, as Apple has pointed out “law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case”.

Apple has legitimate concerns. WSJ reports that the Justice Department is already pursuing court orders to force Apple to extract data from iPhones in about a dozen undisclosed cases around the country.

Has Apple done its best to help FBI within the law?

Apple has already provided all the information about the phone that was available with them. Apple has provided further information after getting new information from Justice Department’s filings.

On Friday, Apple executives revealed that within 24 hours of the government taking possession of the device, the Apple ID password linked to the terrorist’s iPhone was changed. That was the biggest blunder. Since the Apple ID password associated with the phone had changed, and it also cannot be unlocked, it cannot access iCloud services. If the password hadn’t been changed, FBI could have taken a backup of the device and got the data they were looking for by connecting it to a previously joined network.

Why did FBI change the Apple ID password?

It looks like they assumed they will be able to get the information from the iCloud backup. But they were able to successfully retrieve iCloud backups up to only October 19th. The reason it wants Apple to create a backdoor into the locked iPhone is because it believes there is data from October 19th to December 2nd on the phone relevant to the case yet to be recovered.

Where do other companies stand?

Companies such as Google, Twitter and Facebook have come out publicly in support of Apple’s stand against FBI’s request to unlock iPhone. Mark Zuckerberg again reiterated that he and Facebook supports Apple.

However, Bill Gates believes that Apple should unlock the iPhone as it is a one-off case.

Can FBI access the data on the iPhone without Apple?

According to security researchers, it is possible for FBI to crack the iPhone without Apple’s help with a process called “de-capping.” Senior Security Consultant at IOActive explains (via ABCNews) how it can be done:

In the simplest terms, Zonenberg said the idea is to take the chip from the iPhone, use a strong acid to remove the chip’s encapsulation, and then physically, very carefully drill down into the chip itself using a focused ion beam. Assuming that the hacker has already poured months and tens of thousands of dollars into research and development to know ahead of time exactly where to look on the chip for the target data — in this case the iPhone’s unique ID (UID) — the hacker would, micron by micron, attempt to expose the portion of the chip containing exactly that data.

The hacker would then place infinitesimally small “probes” at the target spot on the chip and read out, literally bit by bit, the UID data. The same process would then be used to extract data for the algorithm that the phone normally uses to “tangle” the UID and the user’s passkey to create the key that actually unlocks the phone.

From there the hacker would load the UID, the algorithm and some of the iPhone’s encrypted data onto a supercomputer and let it “brute force” attack the missing user passkey by simply trying all possible combinations until one decrypts the iPhone data. Since the guessing is being done outside the iPhone’s operating system, there’s no 10-try limit or self-destruct mechanism that would otherwise wipe the phone.

As you can see, this method seems to be quite risky. If at any point during the process there is a mistake, it would end up destroying the chip, and the data would be lost forever, which is the reason FBI doesn’t want to try this method (assuming they already know it).

Some of our readers have asked why FBI can’t use the IP Box, a tiny box that is able to use brute force to bypass a passcode and gain entry to a locked iOS device while keeping its data intact. According to reports, the IP Box doesn’t just gain access to a locked device, but it can also bypass the security measure that automatically wipes data after 10 failed unlock attempts. The IP Box works only until iOS 8.1.1, so they can’t use it (via Teel Technologies). Thanks Michael for the tip!

What do you think Apple should do?

At a broader level, it seems to be a fight between privacy and safety. I think both parties are right from their point of view. A lot has been said on the topic, but the bigger concern is that based on the support Apple has received people have lost trust in the law enforcement agencies, especially in the post-Snowden era where leaked documents have revealed widespread government surveillance by the NSA.

Take the poll below to tell us what do you think Apple should do?