Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Tells US Judge It's 'Impossible' To Break Through Locks On New iPhones (reuters.com)

Posted by Soulskill on from the for-sufficiently-possible-values-of-impossible dept.

An anonymous reader writes: Apple told a U.S. judge that accessing data stored on a locked iPhone would be "impossible" with devices using its latest operating system, but the company has the "technical ability" to help law enforcement unlock older phones. Apple's position was laid out in a brief filed late Monday, after a federal magistrate judge in Brooklyn, New York, sought its input as he weighed a U.S. Justice Department request to force the company to help authorities access a seized iPhone during an investigation. In court papers, Apple said that for the 90 percent of its devices running iOS 8 or higher, granting the Justice Department's request "would be impossible to perform" after it strengthened encryption methods.

3 of 225 comments (clear)

  1. Sounds like by Chrisq · · Score: 5, Insightful

    Sounds like a challenge!

    1. Re:Sounds like by WorBlux · · Score: 5, Informative

      Considering Apple includes a security co-processor it's not actually that easy. Touch ID wrapped keys are discarded after reboot, 48 hrs, or 5 failed attempts. This authentication method can also be disabled or never activated by the user.

      Additionaly the root keys are only held in the co-prossesor and co-mingled with a UID (which even apple doesn't know) as well as the password. You can't begin a dictionary or pin attack without pulling out that UID (and cosidering the co-proccessor is running L4, the only way I know to do it is use nano-meter scale probes to spy on the hardware as it operates. The root of the file-system is encrypted by a key held only in the security co-processor, and the comingled password is used in a sort of chain of trust with the hardware key to secure file-metadata and per-file encyprion keys.

      The firmware is designed to resist brute force, and apple fixes every known vulnerability to brute-force it discovers. The update mechanism requires the user password and cannot be rolled back to a prior vulnerable version, So apple can't provide a targeted device update to enable brute-forceing. At best the forensic team will have to sit on the device and hope a new vulnerability is discovered, and hope the data erase after 10 failed attempts was not enabled by the user.

      https://www.apple.com/business...

  2. That, Detective, is not the right question by rmdingler · · Score: 5, Insightful
    Impossible or not, is it a private company's (or individual's) duty to engage in the evidence-gathering duties of law enforcement?

    I'm not sure the judicial conviction of this one suspect is worth granting law enforcement the unfettered ability to deputize anyone, any time it's convenient.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway