February 17, 2016

Techno Bits Special: Apple, Encryption, the iPhone 5C and what it all means


Good morning everyone. I hope you enjoyed yesterday's regular issue. Today, due to developments on a particular story, I wanted to send out a special edition. Late yesterday, Apple released a letter to their customers, signed by CEO Tim Cook, concerning device encryption. Earlier in the day, a Federal Court, at the request of the Department of Justice, issued a technical assistance order to Apple to get them to comply. The phone belongs to a deceased person accused of shooting a number of people in an attack on a county facility in San Bernardino, California, and the iPhone 5C is locked. The FBI would like access to the locked device, presumably to determine whether the deceased was part of a terrorist cell, acting alone, or something even far more nefarious. Given the FBI's mandate, it is not a surprise that they want access to the phone.

In specific, the court has ordered that Apple provide a mechanism that would allow the FBI to discover the PIN code through repeated attempts, without delay, and without fear that the device would be erased by multiple repeated attempts. Additionally, they have required Apple to provide a method for guessing the PIN through a computer-controlled process, which would allow the FBI to guess a PIN approximately once per 80 milliseconds.

The goal here is the total circumvention of the Apple Security Paradigm with the least amount of work possible. If there is a 4-digit numeric PIN, at 80ms per attempt, the phone would be cracked in a maximum of 800 seconds. A complex PIN would require more time, with 8 character ASCII PINs potentially taking multiple years to conquer.

The device in question is an iPhone 5C, released back in September 2013, and was the last Apple device to ship without a Secure Enclave chip. That is important, because Apple uses the Secure Enclave to act as a check and balance against the very attack the FBI wants to use on this phone. The Secure Enclave will delay multiple repeated attempts at unlocking the PIN's keystore regardless of what the rest of iOS is telling it to do.

What else is the locking system in iOS 9 doing with the Secure Enclave? I'll let Apple speak for themselves:
 

How Touch ID unlocks an iOS device

If Touch ID is turned off, when a device locks, the keys for Data Protection class Complete, which are held in the Secure Enclave, are discarded. The files and keychain items in that class are inaccessible until the user unlocks the device by entering his or her passcode.

With Touch ID turned on, the keys are not discarded when the device locks; instead, they’re wrapped with a key that is given to the Touch ID subsystem inside the Secure Enclave. When a user attempts to unlock the device, if Touch ID recognizes the user’s ngerprint, it provides the key for unwrapping the Data Protection keys, and the device is unlocked. This process provides additional protection by requiring the

Data Protection and Touch ID subsystems to cooperate in order to unlock the device.

The keys needed for Touch ID to unlock the device are lost if the device reboots and are discarded by the Secure Enclave after 48 hours or ve failed Touch ID recognition attempts. 

In specific, the Secure Enclave holds the master keys for the Complete Data Protection class that controls your files.

But this is not true on the iPhone 5C. This means that the requests from the FBI are technically feasible. It could comply with this order, and there's good backup for that. Being technically able to comply, though, doesn't indicate that it's morally required to do so. 

Specifically, Apple would need to write a tool that would replace DFU mode on the given device - since DFU mode currently doesn't permit this - and it would need to be a new forensic tool written from scratch and at substantial cost that would permit someone to run a RAM-only signed bootloader that would permit the FBI unlimited attempts at the PIN.

They're asking for the keys to the kingdom. And they should be denied.

If you live in the United States, do me a favor: write to your congresspersons and senators and tell them that the government should not be in the business of compelling back doors in encryption technologies that keep our data out of the hands of hackers, foreign governments, or even friendly governments. Not sure who represents you? Here's an easy lookup. And, if you felt extra rabble-rousey when you did it, ask them to support H.R. 317/S. 1688 which gives my representative in Congress an actual vote.

While this particular request is grantable (and attacks against A7 phones and later is not), it shouldn't be granted, because we should not be giving anyone the ability to crack a locked iPhone, because developing those tools is admitting that they should be given to any government, not just ours.