The Government’s Bad Move: Ordering Apple to Hack iPhone Security

| Analysis

A Federal Judge has ordered Apple to create a security weakness in iOS so FBI agents can launch a brute force attack on the passcode from an iPhone used by one of last year's San Bernardino shooters. The FBI says their scheme would be a one-off thing, but Apple says it'll open a hole that greatly reduces the security and privacy protections built into our iOS devices, and he's right.

A Federal court says Apple has to make a hackable version of iOS for the FBIA Federal court says Apple has to make a hackable version of iOS for the FBI

Syed Rizwan Farook and Tashfeen Malik opened fire during a San Bernardino County Department of Public Health party on December 2, 2015, killing 14 people and injuring 22 more. They were tracked down later that day by FBI agents and killed in a shootout, who then recovered their iPhones.

The FBI asked Apple to give them access to the encrypted data on one of the iPhones, which isn't possible because the security system built into the device was designed so Apple can't do exactly what the FBI was asking. The FBI characterized Apple's response as declining to voluntarily provide access to the device and took their fight to Federal Court in a move to force the company to do the impossible.

What the FBI has asked for now, and the court agreed, is for Apple to put together a special version of iOS that bypasses the built-in data wipe feature users can enable (and presumably the domestic terrorists in this case did), and turn off the failed login attempt delay. That gives the FBI the ability to use a brute force attack to find the iPhone's passcode without risk of losing the data it contains.

The way the FBI plans to accomplish this was detailed in the court order:

Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI.

The FBI's assertion that they want Apple to introduce a security hole in just one iPhone sounds nice, but the reality is once the security-weakened version of iOS is created, the door is open for serious abuse. It also opens a door where other governments could demand Apple unlock iPhones for them, or had over the FBI-mandated iOS for their own use.

Next up: Apple fights back

Popular TMO Stories



This particular court order will ultimately be decided in the Supreme Court. It will likely be decided in favor of the government. Our rights are for a “reasonable” expectation of privacy. There is no right protecting our privacy in breaking the law or when a search warrant is issued by the courts when evidence is presented to justify the search.

There are also a few other facts involved:
1. The phone is not the property of the suspected criminals. What say does the owner have in this dispute?
2. The suspects are now dead. The evidence against them is overwhelming. Any desired search warrant or subpoena is likely to be granted in the search of the criminal activity.
3. Is it actually impossible for Apple to insure that compliance with this court order is a one off unlock? The fact that the government will come back again and again with warrants will not likely persuade the Justices. It is expected that this will happen as it already is the legal practice in these matters.

I generally side with Apple in this matter; but they haven’t convinced me that obeying this court must result in everyone’s iPhone becoming an open book.


“.. but they haven’t convinced me that obeying this court must result in everyone’s iPhone becoming an open book.”

The FBI haven’t convinced me—given their sordid past—as to why they can be trusted with this. 

I think the Fifth Amendment prohibits government from taking private property for public use without “just compensation”.  Apple could put together a cost estimate for the work to be done.  I think a $1 billion dollar bill may dissuade the FBI.


I was under the impression that the iOS is “locked down” in such a way that it isn’t possible to “install” an iOS update without first unlocking the iDevice ?


I’m agree with furbies here.  At first glance, it shouldn’t be technically possible for anyone, not even Apple itself, to force an update on a locked phone.  If it can be done, then that itself is a glaring security hole.

Part of Apple’s security promise is that not even Apple can get at your data without your permission.  If Apple can force a locked phone to update, then that is no longer true.


Based on Tim Cook’s response it seems that the FBI knows exactly how Apple can help them. His response also indicates that what they are asking for can be done. Their request is for a program with an official signature that bypasses ten attempt erase security function. Thus Aplle wouldn’t be unlocking the phone and wouldn’t be creating a program that can operate in the wild because it requires the signature. That is why I posed the question of a one off being possible. If it is, then Apple will lose this fight.


You guys have to be kidding. For Apple and other tech companies to do business in China and Middle East they turn over their codes and everything is available for the government to spy with.

However, you guys are whining because the government is asking for help to figure out who helped the terrorists? 

Are people this lost with common sense?


“one off thing” my ass; until the next time the Govt. wants us to do THEIR job again. I hope Apple refuses the court order but I’m not optimistic. This clearly has NOT been the Land of the Free for decades if ever. Of course their is no right to privacy per sé in our constitution so there you go. Seems to me if there are only 10k possibilities for the 4 digit sign-on that Watson should be able to crunch that in minutes. Sheesh.


They are using San Bernardino killings as a trojan to win the privacy battle. Just like the Patriot Act was shoved down out throats in a time of fear, they are now turning the latest “terrorist” attack to take away more of our rights. The time has come to draw the line and say no!!!

PS Security/encryption is a cat & mouse game, a cat with unlimited resources always wins. In this case I bet the government has a method to crack an iPhone inside the NSA/CIA but walking through the front door using intimidation and fear keeps those tools secret.


Wish there was an edit option grin ,  out should be our.

The benefit of keeping it secret, everyone has a false sense of security and privacy, they use the iPhone freely to do whatever, then the government has all their secrets in one place. Kinda like a “honey pot” for terrorists/criminals.

Lee Dronick

Any information about a terrorist ring on that iPhone is probably stale by now, ya would need to get it within 48 hours. Yes there may be some useful stuff as to locations and times, but the people have moved on.


Given my understanding of the request and technology, I do not agree with Apple on this one. The government has the right to a search if they have a warrant. I disagree with building back doors into the OS because then hackers can find them too. I disagree with bulk phone data collection because that is without a warrant. But providing a “master key” that must be loaded into the RAM of a device physically in the FBI’s possession for which a warrant exists seems fair.

Note that I already assumed the FBI/CIA/NSA built their own version of this years ago. Is it possible that they in fact have not? Maybe the hardware won’t run it without it being signed but couldn’t they modify the hardware, also in their possession, to skip the signature check? Yes it would be hard, but I don’t think it is impossible.

The danger is if the “master key” copy of iOS leaks, since then anyone who steals an iPhone could load this software on and crack the passcodes. Apple’s refusal to make this version of iOS just makes it harder for such a leak to happen, and we would hope the FBI wouldn’t let this leak out anyway, but does not make it any less possible that someone else could build software like this.

Also, I don’t agree that the government can force Apple to build this. Make the FBI write it themselves, then maybe Apple just code-signs it for them so it works.


Please sign

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account