by Virgil Vaduva
Last week I covered the story of the FBI asking a federal judge to order Apple to insert a back-door into iOS in order to gain the ability to brute force the password and encryption keys of the San Bernardino shooter, and I concluded that Apple rightly said ‘No’ to the demand, pointing out how this would establish an extremely dangerous technical and legal precedent.
It turns out that I was right, and so was Apple’s CEO, when stating that undermining the security of iOS would destroy confidence in the security of their products and give the FBI the ability to undermine the privacy of any iPhone user at the FBI’s discretion. In essence, Apple is literally fighting for its life as doing so would cause customers to abandon Apple products in droves.
Now it turns out that the Justice Department now has filed additional motions asking courts to force Apple to undermine the security of 12 more iPhones related to unknown legal cases throughout the country. The undisclosed cases are not related to terrorism, which means that the FBI director outright lied when he stated that the case of the San Bernardino shooter was the one and only case in which Apple would be required to insert a “backdoor” into their operating system.
Apple no longer stores encryption keys for user devices and keys are now derived based on the passwords or passphrases users choose when they lock their devices. This means that it is technically impossible for Apple to “decrypt” an iOS device, however the FBI has asked Apple to build a custom iOS release which disabled the auto-wipe feature and the waiting period required between failed password, which in essence would allow the FBI to mount brute-force attacks against an encrypted device and eventually guess the password and decrypt the device.
In addition to the court order in the San Bernardino case, Apple also revealed that they in fact provided the FBI with decrypted, weekly backups of the shooters phone, however the FBI demanded the latest backup, which they were unable to obtain after one of their own agents reset the suspect’s password making the backup unusable. After screwing up the forensic recovery, the FBI resorted to attempting to force Apple to provide technical assistance beyond any reasonable expectations.
These latest revelations clearly indicate that the FBI director Brien Comey outright lied when stating that Apple will be required to decrypt only one device, and while Apple has not made a public comment about these additional cases, the court filing indicate that they objected to all of them or are about to do so.
Apple has until Friday, February 26 to file its first legal arguments in a California court.
Virgil Vaduva is a Libertarian security professional, journalist, photographer and overall liberty freak. He spent most of his life in Communist Romania and participated in the 1989 street protests which led to the collapse of the Ceausescu regime. He can be reached at vvaduva at truthvoice.com.