A Federal Magistrate has issued an order to Apple (NASDAQ:AAPL) to assist the government in unlocking the iPhone used by Syed Rizwan Farook in the San Bernardino shootings case. In an open letter to Apple customers, Apple CEO Tim Cook vowed to fight the order. This might not be the best strategy. Perhaps unwittingly, the government has pointed out significant security vulnerabilities in iOS devices. Closing those vulnerabilities would improve the security of iOS for customers, as well as make such future court orders impossible.
Agreement in Principle
I made my views on privacy known in a previous article, Apple Fights the Surveillance State... I consider the right of privacy to be a fundamental, inalienable human right that even transcends the Constitution. Without the right of privacy, all the other rights we take for granted can be crushed by the Surveillance State.
The right to encrypt one's personal data flows directly from the right of privacy. However, the Constitution, recognizing that law enforcement would have a reasonable need to abrogate privacy in criminal investigations, mandates the use of court orders to limit and control the investigatory powers of the state.
I think there's room for debate about whether a properly issued warrant should give the government the ability to unlock encrypted data. In any other form of physical data protection, such as a locked door or a safe, the government would have a right to break that protection.
What I and other privacy advocates have maintained is that encryption backdoors are so insecure as to be worthless to consumers, and ultimately to the government. Any encryption system with a backdoor would be avoided by criminals. Even if national governments were to make strong encryption software illegal, it would only create a black market in the software that would benefit criminals only.
In his letter to customers, Tim Cook makes many of these points as well. Unfortunately, in the San Bernardino shooter case, that isn't exactly what the government is asking for. The government is asking Apple to provide technical assistance in unlocking one specific iPhone. More importantly, the government is telling Apple exactly what it wants done. In the customer letter, Cook acknowledges that Apple can do what the government wants.
That's actually very significant, because in the past, Apple's defense has been that it simply was unable to decrypt encrypted data. This was apparently the case in October 2014 when the government first tried to compel Apple to assist it in decrypting data on an iPhone.
Coached in iOS
Since then, the government has apparently been coached by someone knowledgeable in the workings of iOS. This time around, the government is demanding that Apple do some very specific things. It wants Apple to develop a version of iOS that can be installed on the target phone that allows passcodes to be entered via an electronic interface, presumably the Lightning port, but it could be over WiFi. The other change is to make sure iOS doesn't erase encrypted data on the phone if the correct passcode is not entered within 10 attempts.
These changes are remarkably simple, yet they leave the iPhone almost completely vulnerable. Making changes to iOS turns out to be the backdoor Apple has been afraid of. This is due to a feature of iOS that makes it so convenient for customers: a new version of iOS can be installed while automatically saving all of the device data and files. Thus installing the new modified iOS on the shooter's iPhone would leave all of the data on the iPhone intact and open to subsequent inspection
If the shooter secured the phone with the usual 4-digit passcode, there are only 10,000 possible combinations of the code. By allowing electronic passcode entry and disabling erasure of encrypted data, the modified iOS could allow the government or a hacker to obtain entry into an iPhone in a matter of seconds, once the modified iOS is installed.
Unlocking the iPhone doesn't completely lay bare the encrypted data of the phone, however. In most cases, encrypted personal data is tied to the user's Apple ID and password. However, Apple does have the user's Apple ID and password in its possession, and Apple could easily be compelled to disclose these by court order.
Finally, if the user makes extensive use of iCloud Keychain, then many other passwords that might be used for bank accounts and the like could be exposed by logging in with the correct Apple ID and password. iCloud Keychain makes use of an additional security passcode, but that can also be a 4 digit code that could be easily circumvented in the modified iOS.
Addressing the Vulnerabilities
Apple has claimed that the modified iOS, once created, could become a tool for hackers and thieves. Undoubtedly this is the case, but the government has exposed vulnerabilities in iOS that Apple should close in any case. I'm also dubious as to whether Apple can win this particular legal battle. Apple will certainly fight the order, but should it lose, that's not the end of the world or even of privacy on iOS devices. Apple needs to close the vulnerabilities that the modified iOS exploits.
The 4-digit passcode is inadequate for real protection. Strong alphanumeric passcodes or Touch ID should be the minimum requirement. It should be impossible to brute force an iPhone, even electronically. iCloud Keychain needs to be more securely password protected as well.
Also, it's probably high time for Apple to adopt a more secure authentication approach for services and data tied to Apple ID. Perhaps the Security Token approach of Apple Pay could be adapted for user authentication. In that approach, Apple wouldn't have passcodes in its possession, and so these could never be compromised by hackers, or turned over to the government.
Apple is probably over-dramatizing the threat posed by the modified iOS. Given Apple's tight security, it's unlikely that the modified iOS would ever slip past the gates of Apple. Also, to make it widely applicable to a variety of iPhones, hackers would probably need iOS source code. To my knowledge, such source code has never been seen outside of Apple.
But the modified iOS exploit of the government exposes vulnerabilities that might be exploitable without installing a completely new iOS. For that reason alone, Apple should address the vulnerabilities in a future iOS update.
It's clear that Apple's focus on privacy is not universally shared. There's also a political division in this country regarding the balance between public safety and privacy rights, which I think is a perfectly reasonable debate. This will almost certainly lead to continued criticism of Apple in some circles.
Apple's focus on protecting customer privacy appears to be popular with Apple customers, and therefore, the controversy surrounding the court order doesn't hurt Apple appreciably. The security of Apple's iOS devices stands in stark contrast to the security of Android devices, and is probably a factor in the popularity of iPhone in the enterprise.
What's important for Apple is not so much the public championing of causes such as privacy, as the realization that iOS device security is an essential and valuable asset for the company. The government exploit has shown that Apple now has some work to do. Hopefully, we'll see evidence of progress in this area by the next WWDC in June. I remain long Apple and recommend it as a buy.
Disclosure: I am/we are long AAPL.
I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.