Apple’s fight with the FBI is in full swing and neither party looks ready to budge. The federal agency has made this a difficult battle for Apple from a PR standpoint, but the iPhone maker is determined not to break into its iPhone using a custom firmware to bypass its own passcode security measures. Using such a so-called “backdoor” would set a dangerous precedent and would have an adverse impact on the security of Apple’s entire iOS and OS X ecosystems, the company argues.
Accomplishing the tasks requested by the FBI isn’t easy, not because Apple doesn’t have the technical ability to do it, but because it would jeopardize future software releases.
Looking at the whole matter from a technical point of vie,w the EFF declared that Apple could break into the iPhone. The operation would be time-consuming and burdensome – this isn’t a 24 episode scenario where Jack Bauer walks into Cupertino and obtains the information on the phone within the hour.
Furthermore, the FBI could be capable of figuring out a way to hack into the iPhone on its own. But if that were the case, it’d have no grounds to ask Apple’s assistance. And the San Bernardino shooting is too good a case for the FBI to miss out on taking Apple to court over iPhone encryption.
As the EFF points out, the FBI doesn’t want to tell you that it can hack the iPhone and Apple, in turn, doesn’t want to admit publicly that it’s iPhone 5c could be easily hacked.
But what’s fascinating about EFF’s elaborate explanation of what Apple has to do to comply with the request is the way the company might be handling a critical piece of software: The code it uses to sign all programs that end up on iPhone or Mac.
Any iPhone software designated to meet FBI’s requirements needs to be signed to work on the iPhone. That makes the iOS signing key a major asset for the company, something it wants to protect at all costs. Signing a new piece of software isn’t convenient, and it’s not easy to use it.
“While we don’t know what internal security measures Apple takes with its signing key, we should hope they are very strict,” the EFF explains. “Apple would not want to store it on Internet-connected computers, nor allow a small group of employees to abscond with it or to secretly use the key on their own. It is most likely stored in a secure hardware module in a physical vault (or possibly split across several vaults) and requires several high-level Apple personnel to unlock the key and sign a new code release.”
Signing software for the FBI is thus risky, and might become an annoying process should Apple have to do it over and over.
The EFF sides with Apple in this complicated battle, arguing that creating the software the FBI is asking for would be “burdensome, risky, and go against modern security engineering practices.”
The EFF’s entire explanation of this legal fight is available at this link, and it’s worth a read in case you’re still confused about what’s at stake here.