White Hat iOS Hacker Advises Apple In Its FBI Battle | Hacked: Hacking Finance


White Hat iOS Hacker Advises Apple In Its FBI Battle

Posted on .

White Hat iOS Hacker Advises Apple In Its FBI Battle


This article was posted on Thursday, 21:55, UTC.

Will Strafach, a widely-known iOS hacker and mobile security expert, has some advice for Apple in its public dispute with the FBI after a judge ruled the company must help the FBI break into an iPhone that belonged to one of the San Bernardino shooters.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Strafach, now the CEO of Sudo Security Group, which specializes in enterprise mobile protection, thinks Apple is in a much more difficult position than many people realize. He goes as far as to say that the FBI has laid a trap for Apple in his article posted on BGR.

Strafach spent years hacking every iOS release to achieve full control and develop user-friendly jailbreaking tools used by people worldwide. He has reversed engineered iOS code base and has run security stress tests on different aspects of the iOS system, such as timing and viability of passcode cracking.

Strafach Offers His Advice

Following are Strafach’s five pieces of advice for Apple.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

1) Many people have misinterpreted Apple’s public letter concerning the technique that could help break into the iPhone 5c. “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers,” the letter signed by company CEO Tim Cook says. “We oppose this order, which has implications far beyond the legal case at hand.” Strafach noted that the letter is referring to the issue of setting a precedent, not the technical issue.

Apple could comply with the order on a technical level by creating a RAM disk signed by the production certificate for the particular ECID of the suspect’s iPhone. Such a solution would permit Apple to use current technologies in the firmware file to provide access to the phone. Creating this disk would ensure there is no way the solution could work on another device.

Apple would show that breaking into an iPhone is doable and enable the FBI to use the case in the future as leverage. Giving the FBI this capability is the aspect that would impact the public.

Apple Will Set Precedent

If Apple assists in this, it sets a precedent for more technically difficult and unreasonable requests. The company will then have to explain why it cannot meet new requests. They will have to show why a new request differs from the last request.

2) Apple has encountered criticism about security issues in global markets it has been doing well in, such as China. If Apple does not fight the court order, it will lose standing with customers globally.

Blackberry was admired in the U.S. for taking a firm position on security, but it eventually succumbed when India demanded access to a user’s private data.

3) While the passcode attempt counter on the iPhone 5c can be done with little work, the FBI is asking to electronically make passcode attempts, which Strach sees as a “considerable issue.” To enable such attempts, Apple would have to adjust the SpringBoard source code powering the lock screen to add code and sign it with the production certificate so the device can run the code. Apple calls this is a “backdoor” since the order requests the company make an adjustment serving no purpose besides weakening iOS security. The modification weakens iOS security by enabling brute force attempts. If Apple complies, it again looks bad.

Why It’s Unreasonable

4) Not yet mentioned is the fact that the custom-signed RAM disk the FBI wants will not be possible to boot with the regular TSS restore servers that check firmware files being unloaded with each restore. To enable custom firmware to restore, the company would have to:

a) change the way the restore server works for this case, causing possible security issues of mistakes are made (something that could make the request unreasonable) or

b) bring the device onto its internal network and load the firmware with the restore server that is used internally. One can assume there is such an in-house server for restoring unreleased versions of firmware.

The company likely is not comfortable with what might occur on its internal network if it has to let in a phone belonging to a known terrorist. There is no way to know what might happen, considering that the FBI claims there is data it needs on the device.

Whether such arguments will convince a court is unknown, Strafach noted. The main point is that Apple has few technical arguments against having to comply with the order. The company’s objections can extend well beyond the moral positions it has publicly posted.

Also read:  Tim Cook: Building iPhone backdoor is ‘dangerous’; govt demand is ‘chilling’

The Public Relations Challenge

5) Apple has another public relations reason for opposing the order. It knows that if it complies, the FBI will be able to break the passcode quickly. Strafach, from his own testing, said a 4-digit passcode can be cracked in less than an hour and a 6-digit passcode in less than a day.

To a layperson, the company will not be able to argue against any claim that the company has decrypted the device for the FBI. Even though such a claim would not technically be true, it would only matter that Apple was taking actions to allow the FBI to gain access to once-encrypted data on an iPhone.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.

  • user

    AUTHOR Real Anti-Racist Action

    Posted on 7:38 pm February 19, 2016.

    Globalism has always been a bad idea. The Arab massacre of Americans is long over because none of their victims were armed, that is why more then three passed away.
    Their is no point for the FBI to do not, but to try and wither the few remaining freedoms away.
    The FBI is not with the people, they stand with the Zio-Rothschilds for now, and for ever more.

  • View Comments (1) ...
    The team:
    Dmitriy Lavrov
    Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
    Jonas Borchgrevink
    Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
    Mate Csar
    Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
    Mati Greenspan
    Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
    Rakesh Upadhyay
    Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
    Pamela Meropiali
    Account Manager
    Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
    Joseph Young
    Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
            Apple CEO Tim Cook, easily among…