US

Digital Forensics Expert: Tim Cook Should Comply With Order To Unlock Terrorist’s iPhone

(Brendan McDermid/REUTERS)

Daily Caller News Foundation logo
Jonah Bennett Contributor
Font Size:

Apple CEO Tim Cook has decided to defy a federal court order to unlock an iPhone of one of the San Bernardino terrorists, but one digital forensics expert thinks that Apple needs to give up its fight and comply, since lives are at stake, and the operation is technically feasible.

“This is really a matter of life and death,” Cyrus Walker, managing principal of Data Defenders, told The Daily Caller News Foundation. “Obviously this is all stemming from the San Bernardino terrorist situation that went on—that was a loss of 14 lives. In situations like this where there really are lives on the line, I have to err on the side of the lives.”

“If you think about those 14 people who lost their lives, if you asked them now, ‘What would they choose, data or their life?’ I’m sure all 14 would choose their life over data privacy,” Walker told TheDCNF.

This does not mean, however, that Walker is interested in seeing Apple release a firmware update to back door all iPhones, which may lead to government abuse and introduce potential vulnerability pathways to be exploited by hackers.

“I’m not an advocate for installing back doors because other people could figure out how to use them, as well,” Walker said. Rather, unlocking iPhones should be done on a case-by-case basis and by court order.

However, Walker noted that it’s conceivable that the iPhone already has some sort of back door installed, which Apply may be able to access. Even if there isn’t, Walker still thinks that it’s technically possible for Apple to access the data and cooperate with the FBI.

Part of the reason lies in the difference between the iPhone 5c, used by Syed Rizwan Farook, one of the San Bernardino terrorists, and more recent versions, which rely on virtually unbeatable hardware-based encryption on the local level. The iPhone 5c, according to Walker, uses basic software encryption.

“Apple understands how this technology works, so they could figure out a way to get to the data around the encryption algorithm that’s used,” Walker said. “If it’s implemented from an operating systems level, there are ways of getting around it. Nowadays, Apple uses hardware-based encryption, which makes it impossible to access that data because that hardware encryption is only local to that phone. If it’s operated on a system basis, there’s more than likely a way Apple can get access to that way to get around that encryption algorithm.”

Dan Guido, CEO of Trail of Bits, an independent security company, said in a blog post Wednesday that the FBI’s request for technical assistance is definitely feasible. What the FBI wants is to make an unlimited number of pin guesses on the iPhone’s passcode, without delays, and without the data automatically self-destructing. This could be done through the creation of a special operating system loaded through the Device Firmware Upgrade Mode.

Guido also confirmed Walker’s statement that the iPhone 5c lacks a particular type of encryption called Secure Enclave.

“If the San Bernardino gunmen had used an iPhone with the Secure Enclave, then there is little to nothing that Apple or the FBI could have done to guess the passcode,” Guido wrote. “However, since the iPhone 5C lacks a Secure Enclave, nearly all of the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update.”

Apple can, in fact, load a new firmware over USB in DFU mode, though the company anticipated this option in the letter CEO Tim Cook wrote.

“Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control,” Cook said.

Cook confirmed in the letter he will not comply with the federal court order and implicitly denied the existence of any dormant back doors.

“We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business,” Cook wrote.

Follow Jonah Bennett on Twitter

Send tips to jonah@dailycallernewsfoundation.org.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.