Apple is resisting a federal judge’s order that it write new software code to help the FBI break into the iPhone used by one of the attackers who killed 14 people in San Bernardino, Calif., in December 2015. In its court brief, Apple claims the order violates the company’s First and Fifth Amendment rights and oversteps the federal All Writs Act, and that complying with it would “inflict significant harm—to civil liberties, society, and national security.”
The standoff between Apple and the FBI is at the center of the escalating battle between technology companies that are encrypting data in order to protect customers’ privacy and security and the US government, which says it needs the ability to access encrypted data to keep America safe.
BU Research sat down with Sharon Goldberg, a Boston University associate professor of computer science and faculty fellow at the Rafik B. Hariri Institute for Computing and Computational Science & Engineering, to discuss her views on how the case relates to security and the growing debate over encryption.
BU Research: The FBI says it is essential for its investigation to have access to the data on the shooter’s iPhone. As an expert on network security and data, what do you think?
Goldberg: Well, the headlines say, “Apple refuses to unlock terrorist phone.” That sounds really bad if you assume that the information needed for this investigation is only available on the shooter’s phone and can’t be obtained in any other way.
But it’s important to remember that the information we see on our phones is not just stored on our phones. For example, every phone call we make—who we call, how long we spoke, how often we called them, at what time we called them—is stored by the phone company. You can see this information in your phone bill every month. Your phone also has a GPS, and some cell phone providers use it to very accurately track your location.
Your Gmail is stored on Google’s servers. Yahoo mail is on Yahoo servers. Facebook messages are stored on Facebook’s servers. None of that information is encrypted—Google, Yahoo, and Facebook can and do share that information in response to a search warrant.
Even iMessage, the iPhone text messaging application that encrypts the individual messages sent from one person to another, reveals “metadata”—who is talking to who, when are they talking, and how frequently. All this information is incredibly revealing.
What about the FBI’s argument that with technology companies’ use of encryption for iPhones and other devices, as well as for internet connectivity, law enforcement officials can’t gather the information they need for surveillance and security—that we’re “going dark”?
The Berkman Center for Internet & Society at Harvard recently issued a report analyzing this issue. The report found that we’re at the opposite of “going dark.” With people spending more and more time on the internet, the opportunities for collecting information about people are increasing all the time. This increasing use of encryption is a natural response to the unprecedented amount of information we are putting online every day. Encryption helps prevent malicious actors from getting our banking information, stealing our identity, gaining access to our health records, reading our tax returns, and eavesdropping on our communications.
The internet is so, so insecure. If you feel you’re “going dark,” that you can’t do surveillance with the vast amount of information out there, and the vast number of security vulnerabilities out there, then you’re doing something wrong.
So this case is about Apple being asked to break the encryption on the shooter’s phone, right?
Not exactly. What Apple is being asked to do is engineer a new vulnerability into the iPhone. The FBI wants Apple to write a new piece of software that defeats the security features of the iPhone. But the existence of this piece of software would create a large number of security risks for Apple and its users.
What kind of security risks?
The way the iPhone works right now is that to unlock the phone, you have to manually enter a four- or six-digit passcode. If you enter the passcode incorrectly some number of times—you get 10 guesses—then you’re locked out of the phone, you can’t ever get in.
The FBI wants Apple to write new software that will allow them to very quickly input as many password guesses as they want. You can correctly guess a four-digit passcode in just 10,000 guesses—that’s how many combinations of digits there are. Ten thousand is a tiny number for a computer, so given this new software, the FBI should be able to unlock the shooter’s phone.
The FBI says this software will only need to run on the specific phone the court order is referring to. Probably this can be done by writing the code so that it only runs on a phone with a specific hardware identification number—that of the shooter’s phone.
This new software will be loaded onto the shooter’s phone using the “software update” mechanism that iPhone users are so familiar with. However, for an iPhone to accept a software update, the software needs to be cryptographically signed by Apple. So Apple is being asked to write and cryptographically sign software that will allow the FBI to unlock the shooter’s phone.
What’s a cryptographic signature?
Think of it like this: In ancient Egypt, the pharaoh would write a letter and then use his signet ring to stamp a wax seal on it. That meant that everything enclosed inside the wax seal—everything inside that letter—was written by the pharaoh, and only by him. That makes the pharaoh’s signet ring an incredibly valuable object. Anyone holding the signet ring could issue decrees in the name of the pharaoh.
A cryptographic signature is sort of the digital equivalent. The software being signed is like the decree from the pharaoh, the cryptographic signature on the software is like the wax seal, and the cryptographic signing key is like the pharaoh’s signet ring.
By cryptographically signing the software, Apple is certifying that it’s written by Apple and only by Apple. Even changing a single line in the code would stop the signature from validating.
Shouldn’t these two steps—that the code checks for the hardware identification number of a specific phone, and that the code is cryptographically signed by Apple—ensure that the code can’t be used on any phone other than the shooter’s?
Ideally, yes. But in reality, things could be very different.
For one thing, an attacker might be able to tamper with the hardware identification number on an innocent user’s iPhone, changing it so that it matches that of the shooter’s phone. This hardware attack would allow the code written for the shooter’s phone to run on another user’s iPhone.
For another, there could be a bug that allows the code to run even if the signature does not validate. Someone can use a bug like this to change the code so that it runs on another phone. This might sound far-fetched, but this exact bug has happened in code written by Apple. It’s called the “goto fail” bug and it broke the cryptographic code used by iPhones for network communications.
There could also be a weakness in the algorithm used to create the cryptographic signature. Then the signature would validate even if the code were changed. Again, someone could exploit this to change the code so that it runs on another phone. This exact bug has also occurred in the past. Attackers were able to load Flame malware as a signed Microsoft Windows update—just like what the FBI is asking Apple to do—because they broke the security of the algorithm used to compute cryptographic signatures on Windows software updates.
Security engineering is really hard. People make mistakes. This is why we have software updates in the first place—to fix these mistakes. So by signing a new piece of software that defeats the iPhone’s passcode security, Apple is creating a whole new set of vulnerabilities that attackers could exploit to attack innocent users.
But wouldn’t this code only be seen and used by Apple and the FBI? How could attackers get their hands on it?
There’s a really nice blog post by Jonathan Zdziarski, an expert in forensics, who says that if this new software Apple is being asked to write is a tool that’s going to be used in forensics, for it to be admissible in court, it must be validated by many independent parties and provided to the defense. And, as we know by now, the more people who have access to sensitive information, the more likely it is to be breached.
Are there other vulnerabilities that would be introduced, especially each time Apple might be forced to comply with such a court order in the future?
Apple would probably need to write and sign a device-specific piece of code in response to every court order.
This means that Apple’s code-signing key would have to be used frequently. That key is extremely valuable. It’s like the pharaoh’s signet ring. If the signing key is stolen or compromised, an attacker would be able to load malicious software onto any Apple phone. The attacker could then make the phone do anything it wanted: turn on the microphone and eavesdrop on conversations, track the user’s movements with its GPS, activate the camera and secretly film the user, and so on.
That’s why Apple likely has extremely robust processes to protect its signing key. The few times a year that software updates are added to iOS, the software is signed through what is likely a very slow and painstaking process that involves a very small number of authorized people at Apple.
Now, imagine the signing key was used multiple times a month to sign device-specific code for forensic purposes, like the FBI is asking for here. This process would need to be run more frequently and involve more people, and so it becomes a massive attack surface for perhaps the most valuable piece of cryptographic material that Apple has—its code-signing key.
A lot of people say that it’s worth some of the security risks you’ve raised for the FBI to get access to information that could help it catch terrorists and other criminals. What do you think about the tradeoffs?
I think that our efforts to secure the internet are nowhere near where they need to be, and this would be a step backward at a time when we need to improve cybersecurity, not weaken it. This would weaken everyone’s security in hopes of making it easier to trap a few bad actors. But if I were a bad actor, why would I use a product that I know has extra features written in to help law enforcement? I would just go buy some other product, made elsewhere in the world, that I know the FBI can’t hack into.