What it sounds like is they've been asked to prepare a new OS release that allows an unlimited number of attempts to enter the passphrase via some network link. The press release is written to sound like without a software release, it wouldn't be possible to mount this kind of attack, however attacks like this are generally possible regardless of having some specially modified and signed OS image: for example, by cutting power to the hardware precisely when it is clear a password was incorrect, before the hardware has time to implement any destructive actions. Attacks like this have been used against SIM cards since the 90s.
I'm ambivalent regarding Apple's stance. In principle they are doing the right thing, but in practice, it seems they may be kicking up a whole lot of fuss over a relatively minor issue (with the exception that providing an easy means to brute force a phone to the authorities sets a horrible precedent). As for creating a universal backdoor, it seems highly unlikely they couldn't produce a signed OS / coprocessor firmware image that wasn't locked to one of the various serial numbers associated with this particular device
edit: as mentioned below, this order entirely originates with Apple's use of DRM to prevent software modification. Had users actual control over the devices they own the FBI wouldn't need to request a signed firmware in the first place. Please think twice about what Apple might really be defending here before downvoting
> with the exception that providing an easy means to brute force a phone to the authorities sets a horrible precedent
This is the entire concern (in my opinion and in my reading of Tim Cook's opinion). If the government can force Apple to backdoor this one iPhone (because terrorist), then they can force Apple to backdoor any iPhone for any person given a valid warrant, subpoena or otherwise granted power. Once the flood gates open...
It's worse than that. There's no guarantee that "the government" is "your government".
Imagine this scenario:
1.) Apple creates the custom iOS build for the FBI to use to decrypt this iPhone.
2.) China hacks into either Apple or the FBI and downloads this build. (We know they have the capability, because it's already happened. [1])
3.) A visiting U.S. diplomat, politician, or military officer has his iPhone pickpocketed while in China. (This also happens all the time.)
4.) The Chinese government uses this stolen software to brute-force the encryption on the device, finding access codes for classified U.S. military networks. (Because we know U.S. diplomats never use their personal email for state business [2], right?)
5.) Now a foreign power has access to all sorts of state military secrets.
The problem with backdoors is they let anyone in. Right now, there's a modicum of security for Apple devices because knowledge of how you would bypass the device encryption is locked up in the heads of several engineers there. The FBI is asking Apple to commit it to source code. Source code can be stolen, very easily. Tim Cook's open letter is making the point that once this software exists, there is no guarantee that it will stay only in the hands of the FBI.
> knowledge of how you would bypass the device encryption is locked up in the heads of several engineers there
WARNING — THIS Apple Engineer IS CLASSIFIED AS A MUNITION
--rsa--------------------------------8<-------------------------------------
#!/usr/local/bin/human -s-- -export-a-crypto-system-sig -RSA-in-3-lines-HUMAN ($k,$n)=@ARGV;$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d-^1[d2% Sa2/d0<X+dLa1=z\U$n%0]SX$k"[$m]\EszlXx++p|dc`,s/^.|\W//g,print pack('H' ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die"$0 [-d] k n\n")&~1)/2) -------------------------------------8<------------------------------------- TRY: echo squeamish ossifrage | rsa -e 3 7537d365 | rsa -d 4e243e33 7537d365 FEDERAL LAW PROHIBITS TRANSFER OF THIS APPLE ENGINEER TO FOREIGNERS
It used to be possible to do what you describe (cutting power at the right moment) and there were even physical bruteforce devices built to implement this but it's all been hardened in iOS 8 and there are no currently known ways to bruteforce a passcode. Obviously there might theoretically exist a software bug to do so, but there's no information around and it sounds even FBI couldn't find it if it exists
Could you elaborate on how's that prevented? I'm quite curious. [Or did someone already explain in some other post somewhere in this thread?]
edit: self-answer: the following post seems to have an answer: https://news.ycombinator.com/item?id=11115579, although it seems to describe a newer device than the one in the case; but I was interested in how such protection is possible at all, so that seems to answer it for me.
Did you read the release? They are up front that its entirely an issue about setting a bad precedent. Its completely and totally about the fact that it would be used over and over again, and nothing to do with the fact that is it possible. Your overly cynical stance on this is misguided, as you seem to not have grasped the information in the letter.
If you believe that the FBI wouldn't abuse a tool like that after the past few years of coverage of the Security sector there is really very little hope for you.
The problem is with the legal prescident this would provide. Although right now it's just limited to once specific use case, this ruling could and would be used in the future to require Apple (and other tech companies) to compromise security in ever increasing scope.
Hypothetically, it should be relatively simple to prevent a power-off-dodges-destructive-action attack, by simply making the operation (incrementing and storing the attempt counter, checking the password) an atomic operation.
So they would still get 10 bites at the cherry, and sure, on the tenth, they could depower the phone and prevent the wipe, but if each attempt is persistently stored before the password-check is carried out, depowering the phone wouldn't give them any more chances.
I'm ambivalent regarding Apple's stance. In principle they are doing the right thing, but in practice, it seems they may be kicking up a whole lot of fuss over a relatively minor issue (with the exception that providing an easy means to brute force a phone to the authorities sets a horrible precedent). As for creating a universal backdoor, it seems highly unlikely they couldn't produce a signed OS / coprocessor firmware image that wasn't locked to one of the various serial numbers associated with this particular device
edit: as mentioned below, this order entirely originates with Apple's use of DRM to prevent software modification. Had users actual control over the devices they own the FBI wouldn't need to request a signed firmware in the first place. Please think twice about what Apple might really be defending here before downvoting