Can an iPhone be hacked? Yes, but it's difficult
The FBI wants Apple to give it the tools to break into the iPhone of the San Bernardino terrorist Syed Farook. In a brave display on the company home page, Apple Chief Executive Officer Tim Cook refused. He was right to say no. If the Feds really wanted to, they have the skills necessary to break into that phone. This fight isn’t about gathering information on a terrorist. It’s about setting a legal precedent.
That the FBI chose to push this issue with the San Bernardino case is telling. Few Americans, they are betting, care about Farook’s privacy. They must believe the public — and the courts — will support them here.
Cook said that Apple has helped the FBI during every step of its investigation. It has turned over all iPhone data that Farook backed up to the cloud. But the Feds want to access his phone and make sure they didn’t miss anything. To do this, they want Apple to build a backdoor into its own operating system.
Apple’s iPhone, particularly the newer models, has sophisticated encryption technology, triggered by a PIN. Two specific security features make these smartphones particularly nasty to break into.
Cryptographic brute-force has long been one method of cracking any password. The hacker runs a program that spams every possible password combination at the encrypted device until it opens. Apple’s phones use either a four- or six-digit PIN. The four-digit PIN only allows for 9,999 different password combinations. The cracking program could run through those combinations in seconds.
The six-digit PIN allows for a million combinations, and is only available on iPhones running the iOS 9 operating system and above. Farook’s phone runs iOS 9. Still, a computer could run through all the possible combinations in less than a minute and break into the device — if it weren’t an iPhone.
Apple’s smartphones require users to enter passwords manually. That takes time. Worse for the would-be hacker is that the phone punishes you for failure. As any iPhone user who’s struggled to enter their PIN one-handed while, for example, walking along and chatting with a friend, knows, if you fail to enter your password too many times, the phone locks you out for a minute.
The phone is programmed so that the lock-out time increases after multiple failures. Six failed attempts pushes the lock-out time to five minutes. After the ninth failed attempt, users have to wait an hour before they can try again.
An iPhone 6 phone on display at the Fifth Avenue Apple store on the first day of sales in Manhattan, New York, September 19, 2014. REUTERS/Adrees Latif
After the 10 failed attempt, the phone erases all its data. Meaning the cryptographic brute-force method just doesn’t work on iPhones, if you don’t manage to get lucky in the early going.
Data encryption has come a long way in the past five years. One reason is tech giants such as Apple and Google now issue over-the-air updates to patch security issues in real time. When a tech company finds a flaw in its software, it pushes out an update as soon as possible to plug the hole.
The FBI is now asking Apple to create a special operating system that can be sent to Farook’s phone either locally or by over-the-air delivery, and then used to bypass Apple’s time delay and system wipe. This would allow federal agents to guess at the password as many times as they want.
What the Feds have requested is possible with Farook’s older model iPhone 5C. On these phones, the operating system runs the security features and Apple could manipulate it through an update.
The FBI says it is asking for this new tool just to breach the phone of one terrorist. But both Apple and many security experts recognize that the specialized operating system could be used as a backdoor into any older model iPhone on the planet.
This backdoor would not work on newer iPhones, however. There, security features live on a separate computer within the phone, called the secure enclave. And the secure enclave is just that — secure. Manipulating the phone’s operating system will not help would-be crackers break in.
The use of a secure enclave is part of an advanced, smart design trend in encryption. It makes products so secure that even the manufacturer can’t bust into them. Yet some experts speculated that Apple may have left the iPhone’s enclave open for updates — and federal manipulation.
Washington, however, has other methods of extracting data from phones that don’t require passwords. The CIA, the National Security Agency and the FBI have been working oninvasive and non-invasive methods of data extraction for more than a decade. Many security experts believe the intelligence agencies have devised unique solutions to problems just like the San Bernardino phone.
It’s possible, of course, for authorities to physically open the phone, pull out the computer chips and bombard them with lasers or radio frequencies to get at the information they need. But experts aren’t sure how much — if any — data would be lost in the process.
But this San Bernardino case isn’t about getting information off of a shooter’s phone. It’s about setting a legal precedent.
Cook and Apple are in a tricky position. One where Washington thinks that the American public will read the tech giant’s push-back as an endorsement of terrorism. Apple is betting the public and the courts are smarter than that.