Apple must help Feds unlock San Bernardino killer's iPhone – judge

FBI wants to brute-force PIN-protected encrypted mobile without it self-destructing

106 Reg comments Got Tips?

Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to one of the San Bernardino shooters in California.

US magistrate Sheri Pym says Cupertino has to find a way to supply software that prevents the phone from automatically annihilating its user data when too many password attempts have been made.

The smartphone belonged to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers on December 2. The couple died in a gun battle with police soon after.

Cops have been unable to access Syed's iPhone 5C because they do not know the correct PIN, and will now gain the assistance of Apple, as ordered by Judge Pym [PDF] on Tuesday.

iOS 8 and above encrypts data on devices, requiring a four to six-digit PIN to unlock. After the first few wrong guesses, iOS waits a few minutes between accepting further PIN entry attempts, escalating to an hour's delay after the ninth failed login.

After 10 wrong guesses, the operating system locks up requiring a sync with iTunes to restore, or automatically wipes the handset's data, depending on your settings.

The Feds want to brute-force the PIN entry system, but are thwarted by the rate limiting on guesses and the risk of destroying evidence on the iPhone.

Judge Pym wants Apple to come up with some magic software – perhaps a signed firmware update or something else loaded during boot-up – that will allow the FBI to safely brute-force the PIN entry without the device self-destructing. This code must only work on Farook's phone, identified by its serial numbers, and no other handset. The code must only be run on government or Apple property, and must not slow down the brute-forcing process.

Apple has five days to appeal or demonstrate that it cannot comply with the order. It is crucial to note that the central district court of California has not instructed Apple to crack its encryption – instead it wants Apple to provide a tool to effectively bypass the unlocking mechanism.

"It’s technically possible for Apple to hack a device’s PIN, wipe, and other functions. Question is can they be legally forced to hack," said iOS security expert Jonathan Ździarski.

"Theory: either NSA/CIA dragnet and cryptanalysis capabilities are severely limited, or this is a test case to see how the courts respond."

The ruling comes amid increasing anti-encryption rhetoric from US politicians who consider secure cryptography an unacceptable boon for terrorists and criminals. Law enforcement officers want the technology sector to deliberately weaken encryption so that backdoors can be provided to police. ®

Keep Reading

$2.07bn? That's one Dell of a deal to offload infosec biz RSA

Texan tech giant hacks off part of security real estate, sells to consortium

Mainframe madness as the snowflakes take control – and the on-duty operator hasn't a clue how to stop the blizzard

Who, Me? Each one unique, and they'll keep coming till there's no paper left... or someone kills the power

Roses are red, IBM is Big Blue. It's out of RSA Conference after coronavirus review: IBMers will not attend infosec event over 'health concerns'

Updated Who will join the IT giant in staying away from San Francisco?

RSA Conference loses one more abbreviated tech giant after AT&T disconnects over novel coronavirus fears

RSA Alternative headline: Killer bio-nasty linked to former alien vault and cyber-hacker gathering

California tech industry gets its first big coronavirus hit: RSA Conference attendee infected, in serious condition

Updated NASA also struck, more conferences cancelled, WISPA is moving ahead

Russian FaceApp selfie-slurper poses 'potential counterintelligence threat', FBI warns

Feds tell senator that age-filter toy a possible security risk

'I give fusion power a higher chance of succeeding than quantum computing' says the R in the RSA crypto-algorithm

RSA Expert panel sesh turns heated on infosec conference's opening day

Welcome to the telco, we've got fun and games: BT inks 5-year deal to outsource mainframe management to IBM

Exclusive - updated You lot can keep the blinkenlights flashing but you'll have to be TUPEd from BT...

Biting the hand that feeds IT © 1998–2020