Apple's iPhone Already Has a Backdoor

Nicola Hahn writes: As the Department of Justice exerts legal pressure on Apple in an effort to recover data from the iPhone used by Syed Rizwan Farook, Apple's CEO has publicly stated that "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." But, as one Windows rootkit developer has observed, the existing functionality that the FBI seeks to leverage is itself a backdoor. Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector. Update features marketed as a safety mechanism can just as easily be wielded to subvert technology if the update source isn't trustworthy. Something to consider in light of the government's ability to steal digital certificates and manipulate network traffic, not to mention the private sector's lengthy history of secret cooperation. Related: wiredmikey writes: Apple said Monday it would accept having a panel of experts consider access to encrypted devices if US authorities drop efforts to force it to help break into the iPhone of a California attacker. Apple reaffirmed its opposition to the US government's effort to compel it to provide technical assistance to the FBI investigation of the San Bernardino attacks, but also suggested a compromise in the highly charged legal battle.

In his first public remarks since Apple CEO Tim Cook said he would fight the federal magistrate's order, FBI Director James Comey claimed the Justice Department's request is is about "the victims and justice."

And soon it won't be

[JonahsDad]

When I read exactly what the FBI was asking Apple to do, I realized that there was a back door, and that Apple will most likely be doing what they can to close this back door in a future iPhone release.

If I were Apple, I'd make sure a future release gave the user the option of only allowing firmware updates after the user logged in. This doesn't have to be required for every iPhone (corporations might want this disabled on iPhones they purchase for their employees), but it should at least be an option.

Re:So the vulnerability is the updating mechanism?

I think the article is not correct. iOS doesn't let you run an update that reboots the phone unless you input the password first (ostensibly to prevent you from being locked out on reboot).

I think Apple can force load a new OS without this limitation, but it needs physical access to do so.

Android

[Tokolosh]

Lot's of good discussion about iOS and Apple.

I would like to have the same analysis about the state of Andriod. Can it be made secure against such backdoors? Do third-party flavors and rooting have a role? Is it possible to have a device where all software and firmware code can be examined?

iPhone 7 will use SE to authorize any OS updates

Apple has updated the secure enclave with an iOS update in the past and added additional protection, so it presumably can do an update that would REMOVE protections on the SE. So the same scenario of this phone can theoretically be applied to any existing iPhone and not just a 5c.

So right now, Apple is making the iPhone 7 immune to this attack vector. With the iPhone7, even Apple with not be able to do a firmware modification to the SE in DFU mode. The correct user password will *have* to be entered in the iPhone7 and it will be enforced solely in the SE hardware. There will be nothing that can get around that. You can't solder on a different SE chip, you can't swap components, change the IEMI, or anything else.

That will be the selling point of the iPhone 7. iOS 9 was software-based protection since a software update could (apparently) change the SE. Apple will disclaim they never expected their own government trying to force them to create a hacker-version of iOS, so security of the iPhone has to be hardware based. iPhone7 will have true 100% bulletproof hardware-based protection that will truly be bulletproof. And that is what they will sell.

Then, unfortunately, the FBI will simply demand iOS source code and signing keys.

Re:Tim Cook's letter

From the arstechnica article:

The document closed with a call for Congress to "form a commission or other panel of experts on intelligence, technology, and civil liberties to discuss the implications for law enforcement, national security, privacy, and personal freedoms. Apple would gladly participate in such an effort."

From the leaked White House memo linked in the Counterpunch article:

Proposed Policy Principles
Deputies agreed that attempts to build cooperation with
industry, with advice proposing specific technical solutions, will
offer the most successful option for making progress on this
issue. In particular, given industry and civil society's
combative reaction to government statements to date, any
proposed solution almost certainly would quickly become a focal
point for attacks and the basis of further entrenchment by
opposed parties. Rather than sparking more discussion,
government-proposed technical approaches would almost certainly
be perceived as proposals to introduce “backdoors” or
vulnerabilities in technology products and services and increase
tensions rather build cooperation.
However, if the United States Government were to provide a set
of principles it intends to adhere to in developing its
encryption policy, such a document could spark public debate.
Proposing such principles would not be without risk, as some
constituencies may not distinguish between principles and
specific technical approaches. As a result, these principles
could come under attack, but could also serve to focus Public or
private conversation on practicalities and policy trade—offs
rather than whether the government is seeking to weaken
encryption or introduce vulnerabilities into technology products
and services.

It seems like the plan is proceeding nicely. We getting into the "public debate" phase. Soon it will move on to the trade-off phase decided on by a panel of private and governmental experts.

Re:Cluster Fuck

[sjames]

This. If it's done once, the demands will never stop. At least not until the NSA steals a copy of the hacked firmware and distributes it the LEOs everywhere under an NDA.

Re:Cluster Fuck

[danceswithtrees]

If Apple is as serious as they say they are about security and privacy, they need to change the OS/firmware/hardware to make updating a phone impossible without either unlocking the phone or wiping it clean. This way, when this happens again, and it almost certainly will, they can honestly say, we can't rather than we would rather not.