Apple's Tim Cook: We'll fight 'iPhone backdoor' demands from FBI

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Apple CEO Tim Cook says the company will fight a court order that demands it make a custom version of iOS for the FBI.

Apple CEO Tim Cook has issued a defiant response to a federal court order requiring the company to develop a special version of iOS to help the FBI access data on a terror suspect's iPhone.
"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand," Cook said in a statementon Apple's website.

Cook is responding to an order by a federal magistrate on Tuesday, compelling it to provide technical assistance to the FBI for its investigation into one of the San Bernardino shooters.

Data on the iPhone is encrypted unless the password is known, which the FBI wants Apple's help in bypassing.

The court directed Apple to provide the FBI with a "signed iPhone software file", essentially a custom version of iOS, which only works on the target device, which is an iPhone 5C.

The software would help the FBI guess the password to the device without being locked out or the device wiping itself after numerous failed attempts.

That the device is an iPhone 5c is an important detail, as security researcher Dan Guido points out.

If it were an iPhone 6, Apple would be unable to comply with the FBI's request because of the 'secure enclave' that comes with Touch ID devices.
"Since the iPhone 5C lacks a secure enclave, nearly all the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update," Guido said.

As Cook sees it, "The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation."

He continued: "The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."

Cook said Apple has provided the FBI with data in its possession and has complied with valid subpoenas as it has in the San Bernardino case, as well as supplying Apple engineers to advise the FBI. However, creating a backdoor would be "too dangerous".

"In the wrong hands, this software, which does not exist today, would have the potential to unlock any iPhone in someone's physical possession," he said.

Apple and Google have beefed up encryption on iOS and Android smartphones and on their systems in general in recent years, in particular since Edward Snowden's disclosures.

Pressure on Apple to provide a backdoor to iPhones increased after it tweaked the encryption in iOS 8 to prevent it from bypassing the user's passcode.

Although President Obama in October backed away from legislation requiring tech companies to provide an encryption backdoor, claims that terrorists involved in the San Bernardino incident in November and then Paris had used encryption sparked renewed calls in Europe and the US for laws to undermine it.

Computer security experts fairly unanimously oppose weakening encryption and, as Cook has said on a number of occasions, argue any advantage gained by doing so introduces even greater risks for consumers.

Cook said the FBI's attempt to use the All Writs Act of 1789 sets a dangerous precedent that would expand its authority.

Ars Technica highlighted yesterday that Apple had been served with an order under the same act in 2014, compelling it give access to an iPhone 5S. That order was issued in the weeks after Apple released iOS 8.

The order in this case, according to Cook, would undo the changes it made in iOS 8 that Apple has said make it technically infeasible to comply with such orders.

"The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by brute force, trying thousands or millions of combinations with the speed of a modern computer," Cook said.

"The implications of the government's demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data.

"The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge," he continued.

Apple has five days to comply with the order unless it can demonstrate that it is unreasonably burdensome.
 

DaveM

Level 2
Verified
Feb 12, 2016
62
That's exactly it. The FBI can claim it's a one time situation all it wants, but once the backdoor exists it can land in the hands of friend and foe. Once that happens, the dominoes start falling. If anyone believes that the FBI won't use it again and won't keep it in their possession to tweak it, they are dangerously naive.
 

DaveM

Level 2
Verified
Feb 12, 2016
62
Anyone else find it a tad suspicious that both sides are going to court next month..in Riverside, California? For those who may not know, Riverside is considered the drug hub of the United States for the cartels. I can already see the Feds using that in their argument. "Gee, Judge, we're in the drug capital of the United States of America. All of these cartel members that surround us in this fair city use encryption! Don't you think we should be able to protect our country by breaking this obviously nefarious technology and stick it it the bad guys? Think about the children!".

Hell, if I were a lawyer I'd pull that.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Sometimes the root of privacy tends to make lterally conscious at every angle, which why both parties would not agree to each other. FBI may consider to look alternatives instead.
 

DaveM

Level 2
Verified
Feb 12, 2016
62
Well, what alternatives would you consider? I genuinely would like to know, not to argue against you because I'm all for alternatives that give us the best of both worlds. Either encryption is there or it isn't. My personal opinion is that there is no middle ground in encryption. Weakening it is breaking it. People caved on privacy, and now we're tracked in some manner every hour of every day. Our smartphones, if left at default, know all. They are like having a wiretap on our bodies. Our home systems connect to Google, Microsoft, Facebook and thousands of other companies all tracking and making money off of our very existence. We let the monster off its leash and now the monster is roaming around doing whatever it wants and we can't catch it.

The same will happen with encryption, it can't happen any other way because those in power throughout the world won't let it happen any differently. The U.S isn't alone in wanting encryption under their control. If Apple gets knocked down in this fight, it's going to be over. What bugs me more is the FBI saying it really needs Apple to do it for them. The NSA and several other agencies that don't get in the news are quite capable of it. I believe they want to do all this publicly, for a variety of reasons.

I don't want terrorists getting away with anything, they deserve to be jailed or killed. But they aren't the only ones encryption and other security measures are protecting. Can we ask that operatives in intelligence agencies and our military stop using encryption too? We might need to prevent any wrongdoing on their end as well. That's the argument they use when they want the public to not have access to these tools. Guess what their answer will be if you ask?
 

DaveM

Level 2
Verified
Feb 12, 2016
62
Here's an interesting bit of news. Apple execs say county officials reset San Bernardino suspect's iCloud password "County officials changed the Apple ID password in the crucial days after the attack, senior Apple executives said today on a call with reporters. Had the Apple ID not changed, executives said, the data on the phone could potentially have been retrieved through the iPhone's auto-backup feature, which would have transmitted the data to the county-controlled iCloud system."
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@DaveM: Well alternatives like from Google and Microsoft, but again that should have a clear table on the things they wanted; nothing is safe anyway but to prevent those scenarios by preventing certain things.

Better yet make their own mobile OS which they can allow to put certain security enhancement.

Again that should depends on the flow of situation how they can agree to each other.
 

DaveM

Level 2
Verified
Feb 12, 2016
62
I just don't know what could really be done. The only way to really avoid the government pushing the issue is for companies like Google and others to report any and all suspicious activity on their services to the government. But, the problems that causes have been well shown by Edward Snowden and others. It seems like the only two ways the government will back off is if we either do away with public use of encryption or we go back to the days of East Germany with everyone watching and telling on each other.

Neither method is acceptable nor is it even guaranteed to work. Terrorists and criminals spent much of history doing what they do without the Internet, so if they feel unsafe on it, they'll leave. If the FBI thinks catching criminals is hard in the digital age, they need only remember what it was like before. The NSA would probably law awake at night with fever and chills if they had to go back to the old ways. That's if they could even still remember how to do it with the newer generation of employees.

The digital age can be a thorn in the backside of both camps, but let's see who's willing to to turn back the clock.
 

DaveM

Level 2
Verified
Feb 12, 2016
62
McAfee is, I think, trying to keep Apple from being burned at the stake publicly by giving the FBI what it wants. It won't work, but I think that is his goal. On that note, who is to say his elite teams with the mohawks won't use the same method on Apple for other reasons down the road or other services? Trump is Trump, so I won't even discuss that. The other side knows full well that if the FBI has its way, these companies will be bombarded with demands for every single incident. They also know that any backdoors they open up will immediately be at the mercy of global hackers. It'll be the old Chinese execution method of death by 1000 cuts.

If they try to close them, we'll be right back to where we are now.
 
D

Deleted member 178

Do i miss something? doesn't apple could unlock themselves this particular phone? and then give to the FBI the infos inside...?
 
  • Like
Reactions: Rishi and Sana

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top