Apple responded to FBI requirements. In court, the company will support Google, Facebook and Microsoft

    Apple continues to fight against the FBI request. To investigate the massacre in San Bernandino and to investigate ties with the ISIS organization banned in Russia, intelligence agencies require data from the terrorist’s iPhone 5C. The data on the smartphone is encrypted. To crack the encryption software is required - special firmware and other tools. The court requires the creation of such products.

    The head of Apple has already responded to the situation with an open letter . In a recent interview, he repeatedtheir words that in Cupertino they condemn terrorists, but they can’t actually give a backdoor to anyone’s hands. Now Apple has released an official response for the trial. In it, the company outlined in detail the technical difficulties of creating a tool for breaking security. Meanwhile, information circulated in the media that the manufacturer will improve the strength of iPhone encryption protection to such an extent that no one, even Apple, can crack it.

    On December 2, 2015, a Pakistani-born couple launched a terrorist attack that killed 14 people and 24 injured. The motives and possibilities of ties with the ISIS group are still being clarified by the investigation. For an investigation, it is important to collect as much data as possible. One of the sources could be the terrorist's iPhone 5C office phone. But iOS 9 is installed on the phone, and the contents of the phone’s memory are encrypted. To unlock the phone you need a password that the FBI does not have. Therefore, intelligence agencies turned to Apple to unlock the phone. By the word “unlock”, a court order means creating a tool to disable several smartphone security features. Apple sees a similar attempt to get a backdoor.

    The day before the last possible date, Apple filed a lawsuit in court to challenge the requirement to create a tool. It is noticeable that the 65-page document was written quickly. This is felt right away, in errors in the table of contents and typos. The language is a little rustic for a legal document. The essence of the argument is as follows: for many reasons, the Act 1789 All Writs Act cannot be used in this matter. And even if it is possible, then the requirement is a violation of the first (freedom of expression) and fifth (due process) amendments of the US Constitution. Apple's answer provides technical assessments of the possibility of creating a backdoor.

    The encryption turned on by default did not appear on the iPhone immediately, but only in the eighth version in the fall of 2014. Even then, the security services began to show concern and resentment at this fact. FBIproposed to introduce a front door for special services. This caused criticism - experts regarded the avoidance of the term back door as a substitution of concepts.

    As you can see from Apple’s petition, Cupertino believes that the case of the terrorist’s smartphone is an excuse. The document suggests that the US Department of Justice and the FBI are seeking data collection, not just hacking one phone. If the backdoor falls into the wrong hands, then the confidential information of iPhone users may become the property of hackers, personal data collectors, foreign agents and arbitrary state surveillance. According to Apple, first adopted in 1789, the All Writs Act does not give the court the necessary powers. Apple mentions other recent cases in which courts are already considering demanding hacking smartphones. Officials already declare their desire to use the created operating system to crack more iPhone instances. After the first, other court orders will follow,

    The requirements violate the right to freedom of expression, the document states. The code is speech, and the state requires you to write a special code and sign it with a valid certificate. Thus, Apple is forced to say the opposite point of view of the company, which violates the first amendment of the US constitution.

    The company distances itself from a smartphone. Apple and iPhone terrorist are connected in the same way as General Motors and the car of the criminal. Apple recalls that she does not own data or a phone, that she is a private company and does not set out to serve the public. Curiously, the document hints that the FBI should contact other government agencies to crack the smartphone.

    The document also repeats familiar facts.: government agencies changed the iCloud password, which made it impossible to automatically backup the contents of the smartphone to the cloud. The document also contains specific assessments of what the court requires. The special services need three things: disabling automatic data deletion after 10 incorrect password entries, disabling password time delays (they increase up to an hour) and password entry methods in a quick manner, using electronic means.

    According to Apple, such software for the iPhone simply does not exist. Estimating the time for its creation is difficult, because before the company did not write such a thing. But an estimate has been given: it will take 6-10 Apple engineers to create, debug, and deploy from 2 to 4 weeks. The backdoor development team will require engineers from the central group of operating systems, a QA engineer, a project manager, and either a technical writer or a tool writer. Existing operating systems cannot do what the FBI requires. We’ll have to write new code, and not just turn off the functions, the document says. This is due to the requirement to allow the entry of passwords in electronic form. You will also have to either create a tool for enumerating passwords, or document the backdoor protocol in detail so that the FBI writes the brute force. If everything will be done remotely, you will need to configure secure data transfer methods. In this case, the entire methodology of work should be written down in case lawyers have questions.

    The firmware must go through the Apple QA department. The company's software ecosystem is complex and confusing. Changing one function often means a series of unexpected consequences. That is, testing on several devices will be required: it will be extremely important to make sure that the new firmware does not accidentally delete data on the device. There are likely to be problems. To solve them, some places in the code will be rewritten. Then testing of the corrected versions will again begin on a new one. Finally, the desired product will be obtained, which will be applied to the terrorist's phone. If, for security reasons, at the end of this case, the hacking tools are destroyed, when the next request arrives, the work process will start from scratch. So Apple’s petition describes the complexity of creating a backdoor to bypass encryption.

    A backdoor means only creating a separate OS, since the system on the iPhone 5C chip does not have a special component for Secure Enclave security. SE is essentially a separate computer that controls security features. SE first appeared in A7 chips. On the iPhone, where there is a Secure Enclave, the number of attempts and delays is controlled by a hardware component that is not subject to the main operating system. However, SE firmware can be updated, and you can do this even on a locked phone, says former Apple security expert John Kelly. (Jailbreakers are familiar with the concept of DFU Mode in question.) This means that if the court obliges, then Apple can crack any of the existing smartphones - you only need the appropriate certificates to sign the software.

    Impenetrable protection that no one can get around is possible if you remove the ability to update the firmware of a locked device. Apple is already working on a similar one, according to the New York Times. According to a newspaper source, engineers began work on such measures even before the attack in San Bernandino. Apple recently hired one of Signal's encrypted messaging app developers. It is unclear whether Frederick Jacobs's hiring is a coincidence or a necessity in connection with recent events.

    The terrorist physically destroyed his wife’s personal telephone and telephone. Is there any interest in the contents of the flash memory of the service smartphone for the investigation? As he saysthe head of the San Bernandino police, there is a good enough chance that there is nothing significant on the phone. However, he supports the FBI in deciphering: leaving potential clues would be unfair to the families of the victims.

    The head of Apple, Tim Cook, spoke about the importance of fighting for the privacy of user data at an annual meeting with shareholders. Among other things, they mentioned the confrontation with the FBI. Cook said that refusing to hack into a smartphone is right, and that Apple is not afraid to be adamant. In an interview with ABC News, Cook said that if necessary, the company will appeal to the courts of higher instances. Apple is seriously preparing to consider the case in the US Supreme Court.

    The desire to support Apple in court saidgiant companies Google, Facebook, Microsoft and Twitter. Earlier, many large figures and heads of prominent companies spoke about the correctness of the decision. This is an amicus curiae, an independent expert in court. What is really behind the words of Apple and supporters? Perhaps companies really care about user safety. Perhaps all this is marketing and a game for the public. Be that as it may, many began to think and talk about the role of the state in information security and privacy. The last such surge of attention was perhaps after the leaks of Edward Snowden.

    Full scan of Apple's response to the court

    Also popular now: