Just a geek who lives in Olympia, WA with my wife, son, and animals, writing fiction that he hopes will make the world a better place someday.
190 stories
·
2 followers

Decrypting an iPhone for the FBI

1 Share

Earlier this week, a federal magistrate ordered Apple to assist the FBI in hacking into the iPhone used by one of the San Bernardino shooters. Apple will fight this order in court.

The policy implications are complicated. The FBI wants to set a precedent that tech companies will assist law enforcement in breaking their users' security, and the technology community is afraid that the precedent will limit what sorts of security features it can offer customers. The FBI sees this as a privacy vs. security debate, while the tech community sees it as a security vs. surveillance debate.

The technology considerations are more straightforward, and shine a light on the policy questions.

The iPhone 5c in question is encrypted. This means that someone without the key cannot get at the data. This is a good security feature. Your phone is a very intimate device. It is likely that you use it for private text conversations, and that it's connected to your bank accounts. Location data reveals where you've been, and correlating multiple phones reveal who you associate with. Encryption protects your phone if it's stolen by criminals. Encryption protects the phones of dissidents around the world if they're taken by local police. It protects all the data on your phone, and the apps that increasingly control the world around you.

This encryption depends on the user choosing a secure password, of course. If you had an older iPhone, you probably just used the default four-digit password. That's only 10,000 possible passwords, making it pretty easy to guess. If the user enabled the more-secure alphanumeric password, that means a harder-to-guess password.

Apple added two more security features on the iPhone. First, a phone could be configured to erase the data after too many incorrect password guesses. And it enforced a delay between password guesses. This delay isn't really noticeable by the user if you type the wrong password and then have to retype the correct password, but it's a large barrier for anyone trying to guess password after password in a brute-force attempt to break into the phone

But that iPhone has a security flaw. While the data is encrypted, the software controlling the phone is not. This means that someone can create a hacked version of the software and install it on the phone without the consent of the phone's owner and without knowing the encryption key. This is what the FBI ­ and now the court ­ is demanding Apple do: It wants Apple to rewrite the phone's software to make it possible to guess possible passwords quickly and automatically.

The FBI's demands are specific to one phone, which might make its request seem reasonable if you don't consider the technological implications: Authorities have the phone in their lawful possession, and they only need help seeing what's on it in case it can tell them something about how the San Bernardino shooters operated. But the hacked software the court and the FBI wants Apple to provide would be general. It would work on any phone of the same model. It has to.

Make no mistake; this is what a backdoor looks like. This is an existing vulnerability in iPhone security that could be exploited by anyone.

There's nothing preventing the FBI from writing that hacked software itself, aside from budget and manpower issues. There's every reason to believe, in fact, that such hacked software has been written by intelligence organizations around the world. Have the Chinese, for instance, written a hacked Apple operating system that records conversations and automatically forwards them to police? They would need to have stolen Apple's code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.

And while this sort of attack might be limited to state actors today, remember that attacks always get easier. Technology broadly spreads capabilities, and what was hard yesterday becomes easy tomorrow. Today's top-secret NSA programs become tomorrow's PhD theses and the next day's hacker tools. Soon this flaw will be exploitable by cybercriminals to steal your financial data. Everyone with an iPhone is at risk, regardless of what the FBI demands Apple do

What the FBI wants to do would make us less secure, even though it's in the name of keeping us safe from harm. Powerful governments, democratic and totalitarian alike, want access to user data for both law enforcement and social control. We cannot build a backdoor that only works for a particular type of government, or only in the presence of a particular court order.

Either everyone gets security or no one does. Either everyone gets access or no one does. The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court's demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.

This essay previously appeared in the Washington Post

The original essay contained a major error.

I wrote: "This is why Apple fixed this security flaw in 2014. Apple's iOS 8.0 and its phones with an A7 or later processor protect the phone's software as well as the data. If you have a newer iPhone, you are not vulnerable to this attack. You are more secure - from the government of whatever country you're living in, from cybercriminals and from hackers." Also: "We are all more secure now that Apple has closed that vulnerability."

That was based on a misunderstanding of the security changes Apple made in what is known as the "Secure Enclave." It turns out that all iPhones have this security vulnerability: all can have their software updated without knowing the password. The updated code has to be signed with Apple's key, of course, which adds a major difficulty to the attack.

Dan Guido writes:

If the device lacks a Secure Enclave, then a single firmware update to iOS will be sufficient to disable passcode delays and auto erase. If the device does contain a Secure Enclave, then two firmware updates, one to iOS and one to the Secure Enclave, are required to disable these security features. The end result in either case is the same. After modification, the device is able to guess passcodes at the fastest speed the hardware supports.

The recovered iPhone is a model 5C. The iPhone 5C lacks TouchID and, therefore, lacks a Secure Enclave. The Secure Enclave is not a concern. Nearly all of the passcode protections are implemented in software by the iOS operating system and are replaceable by a single firmware update.

EDITED TO ADD (2/22): Lots more on my previous blog post on the topic.

How to set a longer iPhone password and thwart this kind of attack.

Comey on the issue. And a secret memo describes the FBI's broader strategy to weaken security.

Orin Kerr's thoughts: Part 1 and Part 2.

Read the whole story
Share this story
Delete

Refuse to Be Terrorized

1 Comment and 6 Shares

Paul Krugman has written a really good update of my 2006 esssay.

Krugman:

So what can we say about how to respond to terrorism? Before the atrocities in Paris, the West's general response involved a mix of policing, precaution, and military action. All involved difficult tradeoffs: surveillance versus privacy, protection versus freedom of movement, denying terrorists safe havens versus the costs and dangers of waging war abroad. And it was always obvious that sometimes a terrorist attack would slip through.

Paris may have changed that calculus a bit, especially when it comes to Europe's handling of refugees, an agonizing issue that has now gotten even more fraught. And there will have to be a post-mortem on why such an elaborate plot wasn't spotted. But do you remember all the pronouncements that 9/11 would change everything? Well, it didn't -- and neither will this atrocity.

Again, the goal of terrorists is to inspire terror, because that's all they're capable of. And the most important thing our societies can do in response is to refuse to give in to fear.

Me:

But our job is to remain steadfast in the face of terror, to refuse to be terrorized. Our job is to not panic every time two Muslims stand together checking their watches. There are approximately 1 billion Muslims in the world, a large percentage of them not Arab, and about 320 million Arabs in the Middle East, the overwhelming majority of them not terrorists. Our job is to think critically and rationally, and to ignore the cacophony of other interests trying to use terrorism to advance political careers or increase a television show's viewership.

The surest defense against terrorism is to refuse to be terrorized. Our job is to recognize that terrorism is just one of the risks we face, and not a particularly common one at that. And our job is to fight those politicians who use fear as an excuse to take away our liberties and promote security theater that wastes money and doesn't make us any safer.

This crass and irreverent essay was written after January's Paris terrorist attack, but is very relevant right now.

Read the whole story
Share this story
Delete
1 public comment
cdupree
162 days ago
reply
"The surest defense against terrorism is to refuse to be terrorized." !!

Travel Ghost

2 Comments
And a different ghost has replaced me in the bedroom.
Read the whole story
Share this story
Delete
2 public comments
jefron
222 days ago
reply
Giving "spooky at a distance" a whole new meaning
Chicago
pawnstorm
222 days ago
reply
Way to go, bike ghost!
Olympia, WA

Board Game

1 Comment
Yes, it took a lot of work to make the cards and pieces, but it's worth it--the players are way more thorough than the tax prep people ever were.
Read the whole story
Share this story
Delete
1 public comment
pawnstorm
253 days ago
reply
Best one in a long time.
Olympia, WA

Thorn of Emberlain Schedule Shift

1 Comment

Dear readers and fans of the Gentlemen Bastards—

I’ll lay it out as plainly as I can.

With the utmost regret, we have been compelled to move The Thorn of Emberlain from its expected autumn 2015 release date to a 2016 date. I requested an opportunity to write this note so I could emphasize how little this is the fault of anyone but myself. My publishers around the world have, in fact, held the door open for a length of time that is somewhere between heroic and insane. The fault is mine; the severity of my ongoing anxiety attacks has simply made it impossible to turn the manuscript in and commit to the accelerated production process our original release date would have required.

While this is not the outcome we’d hoped for, we have every expectation that this will ultimately do more good than harm. I will continue to try to keep you more closely informed of Thorn’s progress, and I don’t think it will be long before we’ll be able to announce that the manuscript is secure and the production process has begun. We’re very close.

Although I withdrew from several public appearances in early July on account of those same anxiety issues, I am now fairly confident that I’ll be able to maintain the rest of my planned public appearances for 2015, including WorldCon, World Fantasy, and a few others yet to be announced.

Cheers, and many thanks for your continued patience and support.

SL

Read the whole story
Share this story
Delete
1 public comment
pawnstorm
269 days ago
reply
Although I don't really want to have to wait longer for this, it is a) a valid reason for a delay, and b) I'd rather him get better than finish the book.
Olympia, WA
mjmillar
267 days ago
Yea, just hope he is OK...

James Bond lives ... in Canada

1 Share

License ExpiredA funny thing happened in 2015. James Bond came out of copyright... in Canada.  Everywhere else in the world, as far as I know, you still have to deal with the estate of Ian Fleming to clear any new Bond books or movies--but not here.  So, in an incredibly gutsy move, writers Madeline Ashby and David Nickle decided to edit together and publish an anthology of brand new James Bond stories... which they have done.  The anthology is coming from the ballsiest publisher on the planet, Chizine Publications, and is called License Expired:  The Unauthorized James Bond.  You'll be able to buy and read it in November... if you're in Canada.

This is going to be one of the most talked about anthologies of the year.  --Not because it's about Bond, but because the stories are good.  Great, some of them.  I have one, "Mosaic," and I'll make no claims for its quality, but with authors like Charles Stross contributing, and completely new and daring takes on Bond, his exploits and foibles, this is collection is huge fun.  I'm proud to be a part of it.

Read the whole story
Share this story
Delete
Next Page of Stories