“Apple has instituted a number of software-based protections against brute force attacks, specifically an (user-selected) option to delete the contents of the disk after 10 failed passcode entries and a five-second delay between passcode entries. In addition, the passcode must be entered on the device’s touchscreen,” Ben Thompson writes for Stratechery. “The FBI is asking Apple to remove these limitations: allow more than 10 passcode tries, remove the five-second delay (there would still be an 80-millisecond delay if the computation is done on the device due to a hardware limitation), and allow passcodes to be entered by a separate device instead of a human finger.”
“Consider a sports analogy: in a game like basketball you need to play both defense and offense; the FBI, given their responsibilities, is primarily concerned with offense — uncovering secrets. However, the agency’s haste to score buckets has the effect of weakening the United States’ defense,” Thompson writes. “This is particularly unnecessary because the United States already has the best offense in the world! Consider the iPhone in question: the fact of the matter is that the data could be extracted without Apple’s help.”
“The first potential method would be to leverage a zero-day exploit that would allow the device to run code that is not signed by Apple; in other words, it is almost certainly possible that someone other than Apple could install the necessary software to bypass the 10 passcode entry limitation (the National Security Agency (NSA) is widely thought to possess several zero day exploits),” Thompson writes. “The second potential method would be to extract the data from the memory chips, and then de-cap the phone’s processor to uncover the device’s unknown UID and the algorithm used to encrypt the data, and then conduct a brute force attack on the passcode a separate computer designed to do just that.”
“Both of these processes are hugely difficult and expensive, which means they can only realistically be done by agencies with massive resources. Like, for example, the NSA — which is a big advantage for the United States,” Thompson writes. “If there is strong security everywhere (i.e. everyone has the same defensive capability), then the country with the biggest advantage is the country with the most resources to overcome that security (i.e. not everyone has the same offensive capability). To lower the bar when it comes to defense is to give up one of the United States’ biggest strategic advantages.”
Read more in the full article here.
MacDailyNews Take: It’d be shortsighted and simpleminded for the U.S.A. to fritter away such a strategic advantage while also trampling U.S. citizens’ privacy rights.
SEE ALSO:
Congressman Ted Lieu asks FBI to drop demand that Apple hack iPhones – February 23, 2016
In the fight to hack iPhones, the U.S. government has more to lose than Apple – February 23, 2016
Here are the 12 other cases where the U.S. government has demanded Apple help it hack into iPhones – February 23, 2016
John McAfee blasts FBI for ‘illiterate’ order to create Apple iPhone backdoor – February 23, 2016
Some family members of San Bernardino victims back U.S. government – February 23, 2016
Apple supporters to rally worldwide today against U.S. government demand to unlock iPhone – February 23, 2016
U.S. government seeks to force Apple to extract data from a dozen more iPhones – February 23, 2016
Apple CEO Cook: They’d have to cart us out in a box before we’d create a backdoor – February 22, 2016
Tim Cook’s memo to Apple employees: ‘This case is about more than a single phone’ – February 22, 2016
Obama administration: We’re only demanding Apple hack just one iPhone – February 17, 2016
[Thanks to MacDailyNews Readers “Fred Mertz” and “Arline M.” for the heads up.]