If it wanted to, Apple could break into the San Bernardino shooter’s iPhone and give the FBI the access to the files it is looking for.
It would take some complicated engineering. But it’s possible, according to Apple security expert Dan Guido.
When Apple sold Syed Farook his iPhone 5C, it turned over the key to Farook too. Farook’s passcode is the only way to uncover the messages and photos stored on the iPhone, and Apple doesn’t have access to his passcode.
The FBI could guess the password, but if it guesses wrong 10 times, all the data on Farook’s phone will be deleted.
The FBI can’t bypass that feature on its own. To do that, it would need to create special firmware, which is a kind of code that controls the iPhone’s operating system.
For the iPhone to recognize the firmware, it would need to contain Apple’s signature. Only Apple knows the iPhone’s signature, according to Guido.
So a magistrate judge asked Apple to build a system to unlock Farook’s phone.
To comply with the order, Apple could build firmware that would tell Farook’s iPhone to allow the FBI to guess as many passcodes as it wants without deleting all the phone’s data.
The FBI would then connect Farook’s iPhone to a computer and install the firmware. It could “brute force” Farook’s phone, hooking it up to a number generator that can guess up to 12 four-digit passcodes a second. At that speed, it would arrive at the correct password in less than 30 minutes. It’s akin to using a crowbar to pry open his door.
So when Tim Cook said “the government is asking Apple to hack our own users,” he wasn’t far off base.
“I believe it is technically feasible for Apple to comply with all of the FBI’s requests in this case,” said Guido.
Why Apple doesn’t want to
A spokesman for Apple did not offer a comment.
Yet Apple says it has good reason not to comply.
Once that kind of code was written, it could be stolen and copied. Albeit unlikely, a hacker could break into the FBI or Apple’s servers and use that code to potentially break open any iPhone 5C.
Though the court order applies only to Farook’s phone — not all iPhones — building a key for one phone is like building a master key for all similar iPhones.
“While the government may argue that its use would be limited to this case, there is no way to guarantee such control,” Tim Cook said in a letter to customers.