Remember the 2015 San Bernardino attack that brutally killed 14 and injured many? Yes, the mass shooting and the bombing attempt! While the attack perpetrators, Syed Rizwan Farook and Tashfeen Malik were killed in a police shootout, the case investigation was further handled by Federal Bureau of Investigation (FBI).
The San Bernardino terrorism investigation involved scrutinizing Farook’s iPhone 5C that actually gave the criminal investigative organization dire straits and all because of the stringent encryption in iPhone. To make decryption within the bounds of possibility, the federal magistrate judge in California passed a command to Apple to write a custom version of iPhone software that put out of action the key security features. Following this, the custom software can be installed on suspects’ iPhone to outwit encryption.
In response to the order passed by the federal magistrate, Apple CEO Tim Cook accounted it as a threat to customer’ security. Further clarifying that although the government promises to use the code only for one case, but once created, the technique could be used for any device which can compromise security of iPhone users.
While Apple and the civil liberties had no security concern for the dead perpetrator, but these groups considered this step as one of the governments’ effort to counteract security of their customer’s data. While the intelligence agencies and the law enforcement agencies have been fighting against the stringent smartphone encryption that makes their job laborious, the technology companies put forth the point of customer protection that might be compromised if they start complying with the request of these groups.
FBI Request to Apple Over San Bernardino Terrorism Investigation
The iphone encryption chip uses the Advanced Encryption Standard (AES) in order to mount guard on the customer’s data. In order to scramble/unscramble the data that is stored on iPhone, there is a unique 256 bit encryption key. This means, iPhone uses a string of 256 0s and 1s in order to safeguard its user’s data. So, the fact brings out the possibility that there are trillions of possible value to get the encryption key right. So, if anyone tries to guess the encryption key by applying brute force, a lifetime is not enough for it.
And guess what, when an iPhone leaves the factory, Apple do not keeps the copy of iPhone keys. So, if the FBI makes of copy of Farook’s iPhone data and then bring it to Apple for unscrambling, then Apple would be sorry for a reply of disappointment to the law enforcement group.
You must be wondering now that if this is the case, then why so much fuss between the FBI and Apple? The actual reason behind the war between the parties is the farook’s iPhone passcode, and not just the encryption. The matter of fact is, iphone encryption chip cannot work until it gets the correct passcode which is of 4-6 digits long, used to unlock the iPhone.
However, to crack smartphone’ passcode, there are a number of robots build that makes password cracking a job of 10-20 days. But the Apple had to make things more difficult for FBI here! To ensure that the users’ data is protected against such attacks, there are wonderful features added in the iPhone.
- If there are multiple wrong guesses of the passcode, the iPhone will introduce a gap of 1 hour for the alternate attempts.
- The iPhone user is provided with the option to enable the feature called “Self Destruct”. The iphone 5 self-destruct feature will delete the phone’s data after a particular number of failed passcode attempts.
So, there were three major problems for which FBI sought for Apple’s help:
Problem: After too many incorrect pin entries, the iPhone’s data can get wipe out.
Solution: The FBI wanted Apple to disable the auto-erase function, no matter if it is enabled or disabled.
Problem: To unlock iPhone, the pin must be entered by hand, one at a time.
Solution: The FBI wanted the Apple to enable them to submit the passcode to Farooks’ phone via physical port device like Wi-Fi, Bluetooth, or other possible protocol.
Problem: After every incorrect pin entry, iOS introduces a delay.
Solution: The FBI wanted that while password guessing, no time delay should incur.
|Most of the files in iOS are encrypted using the phone passcode and the hardware key that is embedded to every device at the time of manufacture. So, in order to recover the data, the FBI needed guess Farook’ phone passcode.|
iphone Secure Enclave was a Battle to Fight in FBI iPhone Caseh
The iOS devices having A7 (a 64-bit system on a chip) or later has a separate CPU within them that is responsible for various low level cryptographic operations and it is called the Secure Enclave. It has its own hardware AES engine and a UID and separated from rest of the system, the passcode verification process takes place here.
When a passcode is entered on the iPhone, it is snarled with the key that is associated in the Secure Enclave for unlocking the iOS device. So, whenever the passcode guesses are made, the secure enclave keeps a track of number of wrong attempts and thus slows down the system with every failed attempt. And yes, there is nothing that an iOS can do to control the Secure Enclave because it is a separate computer that although shares the same hardware but operates outside the iOS system. Therefore, the custom software that the FBI requested Apple to develop could not influence the behaviour of Secure Enclave.
FBI Cracks iPhone To Complete San Bernardino iPhone Investigation
And finally, to everyone’s surprise, FBI made it to enter Farook’s iPhone 5C, work around the encryption, and did the needful for investigation through the iPhone. However, it is still unknown as who helped FBI to unlock the iOS device, but the organization says that it is supported by some third party in the entire process of unlocking and decryption, after the help denial by Apple.
While such kind of strong encryption policies in smartphones create trouble for government agencies to investigate criminals, it gives strong reasons to the users to own an iPhone device. Considering that everything now happens on mobile devices, from sending an email to sharing critical information, preventing it from the prying eyes is something that Apple has successfully done for its users.