Information
Equipo Nizkor
        Bookshop | Donate
Derechos | Equipo Nizkor       

16Feb16


U.S. wants Apple to help unlock iPhone used by San Bernardino shooter


The Justice Department will ask Apple for help in unlocking an iPhone belonging to one of the shooters who carried out the Dec. 2. San Bernardino, Calif., terrorist attacks, according to a court order signed Tuesday.

The order does not ask Apple to break the phone's encryption, but rather to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password. That way, the government can try to crack the password using "brute force" — attempting tens of millions of combinations without risking the deletion of the data.

The order, signed by a magistrate judge in Los Angeles, comes a week after FBI Director James B. Comey told Congress that the bureau has not been able to open one of the killers' phones. "It has been two months now, and we are still working on it," he said.

The issue illustrates the frustration of law enforcement in gaining access to data in high-profile investigations, and raises the pressure on Apple to find a way to comply as the phone in question was used in the deadliest terrorist attack on U.S. soil since Sept. 11, 2001.

The Silicon Valley giant has steadfastly maintained it is unable to unlock its newer iPhones for law enforcement, even when officers obtain a warrant, because they are engineered in such a way that Apple does not hold the decryption key. Only the phone's user would be able to unlock the phone — or someone who knew the password.

The FBI's efforts may show just how impervious the new technology is to efforts to circumvent it. According to industry officials, Apple cannot unilaterally dismantle or override the 10-tries-and-wipe feature. Only the user or person who controls the phone's settings can do so. The company could theoretically write new software to bypass the feature, but likely would see that as a "backdoor" or a weakening of device security and would resist it, said the officials, who spoke on the condition of anonymity to discuss a sensitive matter.

The phone was used by Syed Rizwan Farook, who, with his wife Tashfeen Malik, opened fire at a holiday party at the Inland Regional Center, killing 14 people. The couple, who had pledged loyalty to the Islamic State, died a few hours later in a shootout with police.

FBI investigators recovered a number of electronic devices, including thumb drives, computer hard drives and Farook's cellphone. His phone belonged to the county public health department, where he was a health inspector.

Data that would be encrypted on the device include contacts, photos and iMessages. Having access to that material could shed light on why the couple picked the target they did, whether they were planning other attacks and whether they received any direction or support from overseas.

The phone ran on Apple's iOS9 operating system, which was built with default device encryption. When a user creates a password, say a 6-digit code, that phrase generates a key that is used in combination with a hardware key on a chip inside the phone. Together, the keys encrypt the device.

If the autowipe function is suspended, the FBI can run a massive number of combinations of letters, symbols and numbers until the right combination is found.

But there's a complication.

If the combinations are run on the phone itself, the process can be painfully slow, taking, according to Apple, 5 years for a six-digit lower-case password mixing numbers and letters.

If run on a supercomputer, it can be done many thousands of times faster. But to do it that way, the FBI would need the hardware key, which is built into the phone. Apple says it does not keep a copy of that key. To get that key, one could use a number of techniques, including melting the plastic off the chip and hitting it with bursts of lasers or radio frequencies to recover bits of the key.

Matthew Green, a cryptography expert at Johns Hopkins University, said the FBI could crack a six-digit numeric code in about 22 hours.

[Source: By Ellen Nakashima, The Washington Post, 16Feb16]

Bookshop Donate Radio Nizkor

Privacy and counterintelligence
small logoThis document has been published on 18Feb16 by the Equipo Nizkor and Derechos Human Rights. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.