On Feb 16 2016 Tim Cook the CEO of Apple Corp. posted an open letter to it’s customers in response to an FBI request to get Apple’s assistance in extracting data from a terrorists phone. While I applaud Mr Cook and Apple for his public statement I think there are just a few problems here:
Apple has already stated that they have provided all data that they currently have. I’m sure that means things like iTunes, iCloud, Maps, and maybe even iMessage. Of course if the phone was backed up then there is a good chance that the remaining bits of data are already available to the FBI.
Just what exactly does Apple need to do that the FBI cannot? Early iOS phones used a 4-number pin and depending on the configuration settings the phone may or may not delete itself. Whether or not the phone will self destruct is likely known to Apple in the data above. But it is 1000 combinations of 4-digits and the phone is unlocked. If it’s one of the modern Apple phones then it’s possible that a fingerprint might unlock the phone. Since the FBI has or had the bodies they have access to the phone.
Granted there has not been a trial and “the couple” has not been found guilty, however, the likelihood that they were not the killers is remote if not impossible. As such they have given up their rights. All of the laws that her have on the books are currently lawful and until they are tested must be complied with. I’m not sure that this is the best test case for challenging them. And even so; it would likely only effect future cases since this one is open and shut.
While this whole topic is filled with FUD (fear uncertainty and doubt) the security model likely does have a back door. The Apple Vault product, which allows the user to secure their entire harddrive, has some magic keys that “can” be stored on the iTunes server for later retrieval. It’s very likely that this same feature is already present in the iPhone only we don’t know it.
Furthermore, the user’s pin and fingerprint are only used to unlock the first few layers of the cryptography scheme. A 4-digit or even a 6-digit pin it not big enough to encrypt a block of data let alone an entire phone. So chances are better than 50:50 that there is an NSA team that could get into the phone.
So why did Apple and Tim Cook make the statement?
They made the statement because the FBI made a very public request and if it were known that there was any sort of data leakage whether by accident or on purpose the iPhone and iPad brands would be destroyed and quite possibly Apple itself since so much of it’s revenue is tied to those brands. Granted there is a segment of the population that would not care and maybe they would weather the storm but it would leave a mark nonetheless.