Apple vs the DoJ: Is Your Smartphone Secure?

/0 Comments/in /by

In the wake of the San Bernardino attacks this December, the Department of Justice took the unusual step of publicly filing legal action against Apple. Typically, when the federal government wants to gather evidence on criminals and terrorists, it will use secret courts to compel companies such as Apple, Facebook, and Google to release private data. In this particular case, the attacker had a government-issued cell phone for his day job, and the federal government intended to force Apple to create software that would help unlock the phone.

Does this mean that Apple can actually hack your phone? Not exactly.

Several years ago, Apple took steps to protect customer privacy by removing their own ability to unlock and decrypt the iPhone. Encrypted data can’t be accessed without a certain key, and it is protected by the combination of your PIN and a secret number unique to each device.

Any 4 digit PIN consists of 1 out of 10,000 different combinations. If a criminal had nothing better to do with his time, they could sit at the phone and try every single combination, and after a few days, they would unlock the phone. Fortunately, there several security measures in place on the iPhone to prevent this from happening. After several bad attempts to guess a PIN, it forces the attacker to wait several seconds to between each retry, followed by several minutes, and eventually an hour between each attempt. Also, if certain setting are enabled, an iPhone could permanently lock after 10 attempts.

iphone

The Department of Justice wanted a special version of iPhone firmware that would remove these security features and allow brute force attempts to guess the PIN. The iPhone will only recognize firmware cryptographically signed by Apple, and that’s why the Department of Justice required Apple’s assistance… once they obtained a special version of iPhone firmware, they would be able to upload the firmware through the iPhone’s pre-boot repair mode.

After Apple decided to fight back for several weeks, the Department of Justice asked the courts to drop the suit and will likely try this again when the public is paying less attention. In the meantime, they claim that a foreign security firm had found a way to crack the phone without Apple’s help, and in the end, no useful information was found on the terrorist’s phone.

RWA supports several Mobile Device Management services, including Microsoft Intune. Protect company data with Remote Wipe, restrict access to company data, and ensure that the latest security patches are installed on personally-owned or corporate-owned phones. Contact RWA today for more information.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *