Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Experts contend Apple has the technical chops to comply with court order

Gregg Keizer | Feb. 19, 2016
Possible to subvert iOS to give FBI ability to brute-force the passcode, say security professionals.

However, in an update to his post, Guido said that it would also be possible to undermine SE, although it would require revisions to not just iOS, but also to the SE firmware.

"Apple can update the SE firmware, it does not require the phone passcode, and it does not wipe user data on update," he said. "Apple can disable the passcode delay and disable auto erase with a firmware update to the SE. After all, Apple has updated the SE with increased delays between passcode attempts and no phones were wiped."

Other security experts agreed with Guido that it was technically possible for Apple to comply, but claimed that on later iPhones, SE made it futile. "On newer phones like the iPhone 6, with Apple's [SE], such an update of the firmware would be impossible," asserted Errata Security on its website. "Updating the firmware to do what the FBI wants would also erase the crypto keys, or at least first require unlocking. If such a trick would work on the newer phones, then Apple has been lying about them."

But while Apple could comply -- the experts agreed that it's technically viable on the iPhone 5C -- the Cupertino, Calif. company clearly does not want to.

Late Tuesday, Apple posted a memorandum by CEO Tim Cook that spelled out his firm's position. "The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone," Cook said in the open letter.

Cook also argued that the demand was the edge of a slippery slope, that by acceding to the FBI's request, Apple would open Pandora's Box. "The government suggests this tool could only be used once, on one phone. But that's simply not true," Cook contended. "Once created, the technique could be used over and over again, on any number of devices."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.