Privacy vs Security?
Apple has been ordered by the California magistrate to help FBI hack a iPhone 5c with iOS9 belonging to San BBernardino attacker last year. FBI could have asked the court to order Apple to unlock the phone but instead Apple were told to help the FBI in bruteforce attacks. FBI seemed to be confident enough in their bruteforce techniques thus asking Apple just for help. That help will be probably be something where Apple can authorize FBI unlimited bruteforce attempts. It is yet not clear if Apple are capable of doing such thing or if they have a means to do. If so which means they can hack any iPhone they want. Obviously a good thing and a bad thing. Which side are you on? Privacy vs Security?
“Apple’s reasonable technical assistance shall accomplish the following three important functions,” the document notes. “It will bypass or disable the auto-erase function whether or not it has been enabled; it will enable the FBI to submit passcodes to the subject device for testing electronically via the physical device port, Bluetooth, Wi-Fi or other protocol available on the subject device and it will ensure that when the FBI submits passcodes to the subject device, software running on the device will not purposefully introduce any additional delay between the passcode attempts beyond what is incurred by Apple hardware.”
“Now here’s a case where [the FBI] really want[s] to get into the phone and they’re suddenly able to become much more creative than they have let on,” says Matt Blaze, a cryptographer and computer science professor at the University of Pennsylvania. “It is well-known that people tend to use weak, brute-foreable passwords. And I suspect that the FBI is betting that this [case] is no exception. It’s entirely possible that the FBI’s strategy [for unlocking the device] is very likely to be quite successful.”
“So the bottom line is that Apple can comply with this order and test passcodes on the phone,” he told WIRED. “But it will take 80 milliseconds per test. Do the math on that. With a bad password, it’ll take no time. With a strong one, it’ll take years.”
