White Hat iOS Hacker Advises Apple In Its FBI Battle
Will Strafach, a widely-known iOS hacker and mobile security expert, has some advice for Apple in its public dispute with the FBI after a judge ruled the company must help the FBI break into an iPhone that belonged to one of the San Bernardino shooters.
Strafach, now the CEO of Sudo Security Group, which specializes in enterprise mobile protection, thinks Apple is in a much more difficult position than many people realize. He goes as far as to say that the FBI has laid a trap for Apple in his article posted on BGR.
Strafach spent years hacking every iOS release to achieve full control and develop user-friendly jailbreaking tools used by people worldwide. He has reversed engineered iOS code base and has run security stress tests on different aspects of the iOS system, such as timing and viability of passcode cracking.
Strafach Offers His Advice
Following are Strafach’s five pieces of advice for Apple.
1) Many people have misinterpreted Apple’s public letter concerning the technique that could help break into the iPhone 5c. “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers,” the letter signed by company CEO Tim Cook says. “We oppose this order, which has implications far beyond the legal case at hand.” Strafach noted that the letter is referring to the issue of setting a precedent, not the technical issue.
Apple could comply with the order on a technical level by creating a RAM disk signed by the production certificate for the particular ECID of the suspect’s iPhone. Such a solution would permit Apple to use current technologies in the firmware file to provide access to the phone. Creating this disk would ensure there is no way the solution could work on another device.
Apple would show that breaking into an iPhone is doable and enable the FBI to use the case in the future as leverage. Giving the FBI this capability is the aspect that would impact the public.
Apple Will Set Precedent
If Apple assists in this, it sets a precedent for more technically difficult and unreasonable requests. The company will then have to explain why it cannot meet new requests. They will have to show why a new request differs from the last request.
2) Apple has encountered criticism about security issues in global markets it has been doing well in, such as China. If Apple does not fight the court order, it will lose standing with customers globally.
Blackberry was admired in the U.S. for taking a firm position on security, but it eventually succumbed when India demanded access to a user’s private data.
3) While the passcode attempt counter on the iPhone 5c can be done with little work, the FBI is asking to electronically make passcode attempts, which Strach sees as a “considerable issue.” To enable such attempts, Apple would have to adjust the SpringBoard source code powering the lock screen to add code and sign it with the production certificate so the device can run the code. Apple calls this is a “backdoor” since the order requests the company make an adjustment serving no purpose besides weakening iOS security. The modification weakens iOS security by enabling brute force attempts. If Apple complies, it again looks bad.
Why It’s Unreasonable
4) Not yet mentioned is the fact that the custom-signed RAM disk the FBI wants will not be possible to boot with the regular TSS restore servers that check firmware files being unloaded with each restore. To enable custom firmware to restore, the company would have to:
a) change the way the restore server works for this case, causing possible security issues of mistakes are made (something that could make the request unreasonable) or
b) bring the device onto its internal network and load the firmware with the restore server that is used internally. One can assume there is such an in-house server for restoring unreleased versions of firmware.
The company likely is not comfortable with what might occur on its internal network if it has to let in a phone belonging to a known terrorist. There is no way to know what might happen, considering that the FBI claims there is data it needs on the device.
Whether such arguments will convince a court is unknown, Strafach noted. The main point is that Apple has few technical arguments against having to comply with the order. The company’s objections can extend well beyond the moral positions it has publicly posted.
The Public Relations Challenge
5) Apple has another public relations reason for opposing the order. It knows that if it complies, the FBI will be able to break the passcode quickly. Strafach, from his own testing, said a 4-digit passcode can be cracked in less than an hour and a 6-digit passcode in less than a day.
To a layperson, the company will not be able to argue against any claim that the company has decrypted the device for the FBI. Even though such a claim would not technically be true, it would only matter that Apple was taking actions to allow the FBI to gain access to once-encrypted data on an iPhone.