18 February 2016

Apple Refuses to Unlock San Bernardino Shooter’s Phone: Get the Synack Perspective

Derek Athy

UPDATE: Fortune features CEO Jay Kaplan’s stance on “Why Apple’s Tim Cook is Right to Fight the FBI”

Patrick Wardle, Ex-NSA and now Synack Director of R&D, iOS expert

  • “I think Apple’s stance is brilliant from a marketing point of view, as they can claim that their customers are secure, yet at the same time it  alleviates the need for them to continually service law enforcement requests (specifically in terms of unlocking iPhones, etc).” 
  • “I believe requiring backdoors in encrypted devices is a horrible idea. Even the former director of the NSA has said; “The downsides of a front or back door outweigh the very real public safety concerns”
  • “Although Apple wants us to think that they can’t help the FBI unlock an iPhone,  that’s not necessarily the case. Apple should be able to provide a custom signed firmware that can mitigate the anti-bruteforcing features – allowing the FBI to run a brute force attack against the PIN code and likely unlock the phone.”
  • “There may be other options for the FBI too, even if Apple does not cooperate.
    • For example, a  bootrom or kernel  exploit (e.g. in a USB Kext), may  allow  the anti-bruteforcing features to be disabled on older phones, such as the 5C the FBI is trying to unlock.
    • For newer iDevices, which have a Secure Enclave – it will be far more difficult to mitigate the  anti-bruteforcing features, as they are implemented in hardware. As mentioned, a custom signed firmware from Apple should be able to disable or weaken them – however, an exploit against the Secure Enclave is an unlikely (though not impossible) scenario.” 

Jay Kaplan, Ex-NSA and now Synack CEO

  • “Apple is doing the right thing here — they simply can’t sacrifice the security of devices and integrity of their customers’ data. If there is even a single mechanism through firmware or changes in the security architecture for the government to access encrypted information, that same “backdoor” will be used for nefarious purposes and have serious long-term ramifications.”
  • “The government needs to shift thinking for an intelligence perspective and assume that it will just be harder to perform traditional SIGINT. There was a day when terrorist groups and others exchanged information through physical mediums that we were blind to as an intelligence community; we need to start looking at other ways through HUMINT, etc. to monitor these national security threats.”

“CliffsNotes” Overview

Apple CEO Tim Cook’s rejection of the United States District Court’s order stating that “Apple shall assist in enabling the search of a cellular telephone, Apple make: iPhone 5c ..” has polarized the nation, generating coverage from nearly every major news outlet and triggering strong responses from U.S. law enforcement leaders, government officials, Apple users worldwide, hell, even presidential candidates, and I would be remiss to leave out the opinionated *cough* Edward Snowden.

As most have read at this point, the phone in question belonged to Syed Farook, the man (with his wife Tashfeen Malik as accomplice) who shot and killed 14 coworkers in December in San Bernardino, California.

Assist” can be defined here as forcing Apple to create an iOS build that will enable the FBI to brute-force, or crack, the passcode of the phone, without deleting the phone’s data. To do so, Apple would have to create a custom signed firmware update, “unique” to Syed Farook’s iPhone 5c, in the sense that it would be designed to match only the serial number of Farook’s phone.

Cook refutes this concept, responding in a customer letter posted yesterday morning (Feb. 16th),

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again…it would be the equivalent of a master key, capable of opening hundreds of millions of locks… No reasonable person would find that acceptable…Once a bypass is known, the encryption can be defeated by anyone with that knowledge.

Cook makes a point to note Apple’s respect for democracy and this nation, and of the FBI and their intentions in combatting terrorist acts such as the San Bernardino shootings, specifically mentioning Apple’s full cooperation and aid with the investigation up to this point… but Apple will NOT build a backdoor to iOS devices, as the FBI may, or may not describe it.

The FBI’s “chilling demands” are based on the All Writs Act of 1789 – yes an act that precludes the original iPhone by over 200 years – that authorizes the U.S. federal courts to essentially issue any order necessary when compelled.

Tim Cook is standing strong, refuting the orders and refusing to bypass foundational iOS encryption tools and “undermine decades of security advancements” that have been put in place to protect Apple’s customers most personal data –  data that is even out of reach to Apple – from criminals, hackers, or in this case, the FBI.

A controversial decision by Apple/Cook, but one that ultimately aims to protect the privacy and safety of Apple customers around the globe.