Picture 2

Picture 2

Apr 3, 2016

Apple Phone Hack: Use Tech Balance of Power, Not Law


Cellebrite, an Israeli technical company, is reportedly the third party that cracked the Apple phone. Cellebrite reportedly does a lot of contract work for the Israeli Defense Forces as well as foreign government agencies like the FBI.

From what I heard the government wanted Apple to do, I think the exploit is in two parts.  First, Apple software updates do not require the screen lock code.  They only require that the user ID and password for the Apple account be stored in the phone and that the settings allow automatic updates.  Second, ten wrong guesses on the screen lock code wipes the phone.  But if you stop the counter from counting, you can exhaust the possibilities in less than 24 hours if you have physical access to the phone.  So, you send the phone a software update with the counter disabled, so it doesn't count.  Then you try every possible lock code.  QED, "quite easily done," as my Mathematical Economics professor used to say.

There are some skeptics who say that Apple doesn’t allow updates without the screen lock code.  I believe this is incorrect.  The FBI has the physical phone.  According to the Internet documentation, you can update the Apple 5c by connecting it to an Apple computer and using Itunes.  The screen lock code is not required.  

Others objected that the lock codes would have to be entered through the touch screen of the phone manually.  I don’t think that’s true either.  Apple uses subcontractors to manufacture the screen hardware.  The specifications are circulated to competing subcontractors.  It would be relatively easy to simulate screen input on a phone you can physically take apart and rewire to an alternate input source. 

Now Apple is suing the FBI to force the disclosure of how the Feds unlocked the Apple 5C phone.  We do not need a lawsuit or a law.  Apple did not give the FBI a way to open the phone.  The FBI got Cellebrite, an Israeli technical company, to do it for them.  Now Apple wants the secret. There is no reason Cellebrite should be forced to give Apple the results of Cellebrite's research.  The FBI probably signed a nondisclosure agreement with Cellebrite as part of the deal to get the phone unlocked.  The method is not the FBI's to give.

Initially, I thought Apple should cooperate, but I've thought about it and changed my mind.  The pace of technology is going to make this a constant race between the cryptographers and the decoders. I don't think either side should have to reveal its methods to the other.  In America we litigate entirely too much.  We don’t need a court decision or a law on which side should have to give up their secrets to the other.  The law moves at a glacial pace, taking decades or even hundreds of years to change.  In one current example, the FCC is trying to regulate the internet using a rule framework designed for regulating railroads in 1887.  We can avoid the paralysis of the law for these cases.  We can just let the technical balance of power see saw back and forth on its own.

No comments:

Post a Comment