Yes, The Backdoor That The FBI Is Requesting Can Work On Modern iPhones Too

from the beware dept

this is not true

@AriX Not true, if Apple can be forced to modify iOS, they can be forced to modify SEP firmware as well. @trailofbits has SEP details wrong — John Kelley (@JohnHedge) February 17, 2016



@AriX I have no clue where they got the idea that changing SPE firmware will destroy keys. SPE FW is just a signed blob on iOS System Part — John Kelley (@JohnHedge) February 17, 2016

Apple can update the SE firmware, it does not require the phone passcode, and it does not wipe user data on update. Apple can disable the passcode delay and disable auto erase with a firmware update to the SE. After all, Apple has updated the SE with increased delays between passcode attempts and no phones were wiped.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

So... over the past couple days, plenty of folks (including us ) have reported that the backdoor demanded by the FBI (and currently granted by a magistrate judge) would likely work on the older iPhone model in question, the iPhone 5C, but that itwork on modern iPhones that have Apple's "Secure Enclave" -- basically a separate chip that stores the key.Plenty of reports -- including the Robert Graham post that we linked to, and a story by Bruce Schneier -- suggested that an attempt to follow through with the FBI's request in the presence of the Secure Enclave would effectively eliminate the key and make decryption nearly impossible.However, earlier this morning Apple started telling a bunch of people, including reporters, that. Effectively they're saying that, yes, the new softwareupdate the Secure Enclave firmware and keep the key intact -- meaning that this backdoor absolutely can be used against modern iPhones. One of the guys who helped design the whole Secure Enclave setup in the first place, John Kelley, has basically said the same thing , admitting that updating the firmware will not delete the key:A blog post by Dan Guido -- which originally asserted that the Secure Enclave would be wiped on update -- now admits that's not true and, yes, this backdoor likely works on modern iPhones as well:I've asked some security folks if it's possible thatiPhones could be designed to work the way peoplethe Secure Enclave worked, and the basic answer appears to be "that's a fairly difficult problem." People have some ideas of how itwork, but all came back with reasons why it might not. I asked one security expert if there was a way for Apple to build a more secure version that was immune to such an FBI request, and the response was: "I don't know. I sure hope so.": Iadd that this backdoor still just makes it easier for the FBI to then try to brute force a user's PIN or passcode.the user sets a significantly strong passcode, you have a better chance of protecting your data, but that's on the user (and, also, many users likely find it hellishly inconvenient to have a strong passcode on their phone).

Filed Under: backdoors, crypto, doj, encryption, fbi, going dark, iphone, secure enclave

Companies: apple