Custom version of iOS could undo years of work Apple put into securing iPhones. Tuesday’s court order compelling Apple to hack the iPhone belonging to a gunman who killed 14 people and injured 22 others has ignited an acrimonious debate. CEO Tim Cook called the order “chilling” because, he said, it requires company engineers to create the equivalent of a backdoor that could be used against any iPhone. Law enforcement officials, meanwhile, contend the order is narrowly tailored to ensure only the shooter’s phone is covered.
Here’s why the totality of what we know right now leans in favor of Cook and his slippery slope argument.
The order requires Apple to create a customized version of iOS that will run only on the iPhone 5C belonging to Syed Rizwan Farook. Along with his wife, Tashfeen Malik, Farook went on a deadly shooting rampage in San Bernadino. The FBI understandably wants access to the data stored on Farook’s phone so investigators have a better idea of the events leading up to the deadly attack and whether the husband-and-wife team received support from unknown people. But so far investigators have been unable to unlock the device. Security measures Apple built into the iPhone limit the number of guesses they can make, and there’s also concern too many guesses could cause the phone to automatically destroy the data it stores.
The special iOS version the court ordered would work around these restrictions. It would remove normal iOS functions Apple created to intentionally increase the amount of time it takes to repeatedly enter passcodes, and it would allow an unlimited number of guesses to be made without destroying any data. The Apple-produced software must also allow the FBI to submit PIN code guesses through the phone’s physical device port or through Bluetooth or Wi-Fi connections, a requirement that would allow investigators to use speedy computer scripts rather than manually enter each PIN candidate. Based on the wording of the order, the customized iOS version probably wouldn’t be directly installed on the phone, but rather loaded into the phone’s memory, in much the way OSes can be booted from a USB drive.
Because of requirements that iPhone software be digitally signed using valid Apple signing keys, Apple is the only company capable of installing the custom OS on Farook’s phone without going through the extremely risky process of jailbreaking it. In essence, the order requires Apple to create software that bypasses all of these key security features it built into the iPhone.
Aye, there’s the rub
To make this order more palatable, the court and the FBI stress that the software should work only on the 5C model owned by Farook. And this is the rub that generates legitimate concern. The court order provides no guidance on how Apple engineers should enable the restriction. No doubt, there are a few different technical avenues that might make it possible. For instance, the custom iOS version might be programmed to install only on a device that matches the exact hardware ID number corresponding to Farook’s phone.
But as the order is drafted now, there are no guarantees that government officials won’t get access to the software. That means it’s also feasible that any software Apple produces would be reverse-engineered by government engineers and very possibly private forensics experts who regularly work with law enforcement agencies. And if the past digital rights management bypasses are any guide, odds are that with enough analysis, someone will figure out a way to remove the restriction that the OS install itself only on Farook’s phone. From there, anyone with access to the custom iOS version would have an Apple-developed exploit that undoes years of work the company put into securing its flagship iPhone product.
It’s always risky when judges with little or no technical background make legally binding orders compelling the design of software with so many specific requirements. How can US Magistrate Judge Sheri Pym know if it’s even possible for Apple to design a version of iOS that will install on only a single, designated phone? And how is anyone supposed to know that such a measure can’t be bypassed the way so many other software restrictions are hacked? The answer is she can’t know, and neither can anyone else.
Besides the potential for abuse, some critics argue that a court-ordered exploit sets a dangerous example on the international stage. “This move by the FBI could snowball around the world,” Sen. Ron Wyden (D-Ore.) told The Guardian. “Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor?” If countries know Apple already has created the software needed to bypass iPhone security, the temptation to order Apple to use it would be strong, critics say.
It would be one thing for the court to order Apple to brute force this one device and turn over the data stored on it. It’s altogether something else to require that Apple turn over powerful exploit software and claim that whatever digital locks are included can’t be undone by a determined adversary. That’s why it’s no exaggeration for Cook to call Tuesday’s order chilling and to warn that its prospects for abuse of such a backdoor are high.