Wednesday, February 17, 2016

Apple refuse 'chilling' demand to unlock and hack San Bernardino shooter's iPhone

                                   
Apple has hit back after a US federal magistrate ordered the company to help the FBI unlock the iPhone of one of the San Bernardino shooters, with chief executive Tim Cook describing the demand as “chilling”.


The court order focuses on Apple’s security feature that slows down anyone trying to use “brute force” to gain access to an iPhone by guessing its passcode. In a letter published on the company’s website, Cook responded saying Apple would oppose the order and calling for public debate.

“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand,” he wrote.

While Cook took pains to stress that Apple was “shocked and outraged” by the San Bernardino shooting last December – “we have no sympathy for terrorists” – he said company is determined to push back against the court order.

Cook wrote that opposing the order “is not something we take lightly”.
“We feel we must speak up in the face of what we see as an overreach by the US government,” he added.

“Up to this point, we have done everything that is both within our power and within the law to help them. But now the US government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone,” he wrote.

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation.”
Cook claimed that “in the wrong hands” this software could be used to unlock “any iPhone in someone’s physical possession”, and warned that Apple would not be able to guarantee that the software would only be used by the FBI in this case.

“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals,” he wrote.

“The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe. We can find no precedent for an American company being forced to expose its customers to a greater risk of attack.”


FBI director James Comey has said that his agents are searching for evidence about the mass shootings in December 2015, but have been locked out of one of the shooters’ phones.
The investigators are trying to determine to what extent the shooters were influenced by radical Islamic terrorist groups, as well as who they had been communicating with before the shootings.

Sheri Pym, the federal judge, has ordered Apple not to turn off its encryption but to make it easier for federal agents to randomly guess the suspects’ iPhone passcode. Apple has built a security feature into iPhones so that a phone slows down anyone trying to “brute force” his way into a phone by guessing passcode after passcode.
The built-in delay is so substantial that Apple said it would take someone 5 1/2 years to guess every possible code for a single device.

“It will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred Apple hardware,” read a copy of the court order.
The magistrate also wants Apple to turn off any “auto-erase” functions on the phone, if enabled. This will be done with a program Apple is ordered to write and will allow FBI agents to install it on the suspect’s phone at a federal or Apple facility, according to the order.
Apple is allowed to provide a cost estimate and rebuttal if it “believes that compliance with the Order would be unreasonably burdensome”. It also allowed
 Apple the option of coming up with another way to achieve the same result.

In his letter, Cook claimed that the FBI’s use of the All Writs Act of 1789 to justify its request also could have a knock-on effect. The 225-year-old law gives courts broad authority to ensure their orders are fulfilled.
“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data,” he wrote.

“The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
Cook concludes: “We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

“While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”
Digital-rights body the Electronic Frontier Foundation (EFF) has thrown its weight behind Apple’s stance, in a blog post written by its deputy executive director and general counsel, Kurt Opsahl.

“Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security,” wrote Opsahl.
“The US government wants us to trust that it won’t misuse this power. But we can all imagine the myriad ways this new authority could be abused. Even if you trust the US government, once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens as well.”

Theguardian