Apple could bypass iPhone security, experts say—but won't

February 17, 2016 by Bree Fowler
Apple could bypass iPhone security, experts say -- but won't
In this Sept. 9, 2014, file photo, Apple CEO Tim Cook speaks during an announcement of new products in Cupertino, Calif. Faced with a federal judge's order to help investigators break into an iPhone allegedly used by one of the San Bernardino, Calif., shooters, Apple may well argue that the request would place an unreasonable burden on the company. In fact, doing what the government asks is not likely to be a tough technical feat for Apple. But doing so might have dramatic consequences on the data security of the millions of iPhone users around the world. (AP Photo/Marcio Jose Sanchez, File)

Faced with a federal judge's order to help investigators break into an iPhone used by one of the San Bernardino, California, shooters, Apple may well argue that the request places an unreasonable burden on the company.

In fact, experts say that complying with the government's request wouldn't be particularly challenging for Apple. But doing so might set a dangerous precedent that could threaten the data security of the millions of iPhone users around the world.

The phone in question was used by Syed Farook, who along with his wife, Tashfeen Malik, killed 14 people in a December attack. Investigators don't know if the phone contains important evidence about the attack or the couple's communications—and because its contents are encrypted, they won't unless they can get the passcode to unlock it. The phone was issued by Farook's employer, the county of San Bernardino.

Investigators can't just try random passcodes until they hit on the right one, either. The phone has apparently enabled an Apple security feature—a sort of self-destruct option that would render the phone's data unreadable after 10 incorrect passcode attempts.

The judge's order requires Apple to create a unique software package—one Apple CEO Tim Cook described as "a new version of the iPhone operating system"—that would allow investigators to bypass the self-destruct system. The same software would also let the government enter passcodes electronically, eliminating both the tedium of manual entry and the enforced delays the iPhone system imposes after a few wrong guesses.

Apple opposes the order, arguing that such software would amount to a security "backdoor" that would ultimately make iPhone users across the globe more vulnerable to information or identity theft. Both the ACLU and the Electronic Frontier Foundation have pledged to support Apple, saying that the government's request endangers security and privacy.

From a technical perspective, making such software shouldn't be difficult for Apple, experts say. But once created, it would be nearly impossible to contain, says Ajay Arora, CEO and co-founder of Vera, a startup that provides companies with encryption services.

"Imagine if that got into the wrong hands," he says. "What they're asking for is a God key—and once you get that, there's no going back."

The demands being made of Apple border on the bizarre, says Lee Tien, a staff attorney for the Electronic Frontier Foundation, a digital rights group. "Asking a technology company to make its security less secure is a crazy, stupid thing to do," he says. "It's like asking water not to be wet."

The government's best bet may be to argue that its request doesn't actually create a backdoor, even if that's how Apple characterizes the request, says Robert Cattanach, a former Justice Department attorney. But Apple is probably right to worry that a government win in this case will lead to broader requests down the road.

"If the court rules in favor of the government, then I think the stage has been set for the next step, which is, 'Thanks for removing the auto-wipe. Now you need to help us defeat the code'," Cattanach says. "If you're the government, you're going to ask for that."

Explore further: Apple to fight order to help FBI unlock shooter's iPhone

Related Stories

Apple to fight order to help FBI unlock shooter's iPhone

February 17, 2016

Apple Inc. CEO Tim Cook says his company will fight a federal magistrate's order to help the FBI hack into an encrypted iPhone belonging to one of the San Bernardino, California shooters. The company said that could potentially ...

Q&A: A look at the Apple vs US Justice Dept. court fight

February 17, 2016

A U.S. magistrate judge has ordered Apple to help the FBI break into a work-issued iPhone used by a gunman in the mass shooting in San Bernardino, California. Apple chief executive Tim Cook immediately objected, setting the ...

US unable to crack San Bernardino attacker's phone

February 10, 2016

US agents cannot access a telephone used by the Islamist attackers in the San Bernardino shooting, the head of the FBI said Tuesday, complaining that encryption is hampering investigations.

Recommended for you

Samsung to disable Note 7 phones in recall effort

December 9, 2016

Samsung announced Friday it would disable its Galaxy Note 7 smartphones in the US market to force remaining owners to stop using the devices, which were recalled for safety reasons.

Swiss unveil stratospheric solar plane

December 7, 2016

Just months after two Swiss pilots completed a historic round-the-world trip in a Sun-powered plane, another Swiss adventurer on Wednesday unveiled a solar plane aimed at reaching the stratosphere.

Solar panels repay their energy 'debt': study

December 6, 2016

The climate-friendly electricity generated by solar panels in the past 40 years has all but cancelled out the polluting energy used to produce them, a study said Tuesday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.