Pages Navigation Menu

SHOWFUN - Show & Fun & More!

FBI’s iPhone hack limited to the iPhone 5c, earlier devices

The court battle between the FBI and Apple came to an anticlimactic end late last month when the FBI suddenly announced that Apple’s assistance was no longer necessary, and that it could access Rizwan Farook’s iPhone with help from a private company. While the FBI may have found a workaround in this case, the solution is an imperfect one, according to FBI Director James Comey.

Comey recently spoke at Kenyon College, where he told students and professors that the device the FBI purchased “[D]oesn’t work on 6s, doesn’t work on a 5s, and so we have a tool that works on a narrow slice of phones.”

Apple-SecureMode

The fact that the technique doesn’t work on devices later than the iPhone 5c suggests Apple’s implementation of ARM’s TrustZone technology (Apple calls its specific flavor Secure Enclave) is blocking the FBI’s hacking attempts on more modern devices. Here’s how Apple describes it in its iOS 9 security guide:

The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.

The Secure Enclave uses encrypted memory and includes a hardware random number generator. Its microkernel is based on the L4 family, with modifications by Apple. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data buffers.

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.

There are several implications to Comey’s statement. First, it’s entirely possible he’s simply lying. The NSA is known to collect zero-day exploits and many security experts have argued that the FBI / NSA could easily have cracked Farook’s iPhone, but went public with the court case as a way to win public approval and support for its actions.

If we assume Comey isn’t lying, it’s a virtual certainty the FBI and NSA will focus their cracking efforts on iPhone devices in the future — and they’re probably not going to be willing to talk about those issues with Apple, given the company’s very public non-cooperation. Comey alluded to this when he told the Kenyon students the following: “We tell Apple, then they’re going to fix it, then we’re back where we started from,” he said. “We may end up there, we just haven’t decided yet.”

The FBI’s own internal debate seems to mirror the arguments going on in the White House. The Obama Administration will not offer public support for draft legislation that would force Apple, Google, or other companies to crack their own encryption at the behest of the FBI, according to Reuters. The White House, like the FBI, is reportedly deeply divided on this issue.

Since we don’t know how much Apple and the FBI cooperated on security testing and bug fixes before now, we can’t judge the potential impact of future non-cooperation between the two organizations. No matter what happens, Apple is likely to put even more emphasis on securing its devices in the future — and the FBI will pour more effort into cracking them.

Leave a Comment

Captcha image