The issue with Uncle Sam’s Apple
- In Mathematics, Science & Technology
- 11:58 PM, Mar 06, 2016
- Bhanu Gouda
You might have heard the story of that boy who refused to let his own dad into the home while his mom was talking the bath. The boy simply refused to let his own dad in. Why? Because his mom told him. That boy was just doing his duty. Like that duty bound boy, there is a piece of silicon inside the iPhone, made by Apple, it will not let unauthorized guests to access the information on the silicon. The piece of silicon is called Secure Enclave coprocessor.
This Secure Enclave is different than the main processor aka “The main Chip” of the iPhone. This little side kick processor’s sole job involves implementing security by using Touch ID and the 4 /6 digit pin used for unlocking the phone. If anyone wants to break into the iPhone they will have to break through this processor first. Just like the main processor, this little one has a mind of its own. It acts like that main door of a castle full of secret maps to a treasury. A correct key will open the door. If a wrong key is inserted several times then those maps gets destroyed. If the castle is burned or bombed then the maps burn too. One cannot find treasure without those maps. And one cannot get into the castle without negotiating with the main door. Tricky isn’t it?
While the processor is missing in iPhone 5C, the security is protecting the iPhone of the dead terrorist Syed Rizwan Farook who killed 14 people in San Bernardino, California USA. His wife Tashfeen Malik posted on Facebook supporting terrorist group ISIS/ISIL.Even Farook’s father said his son had relations with the terrorist group. There is valuable information in that phone which the FBI found in the car the terrorist used. They tried to access the files and failed. The security mechanism used by Apple was too good for them.
Apple’s approach of marrying software and hardware made the iPhone impenetrable by hackers. Their hardware identification is a key component in implementing their security. Normally when hardware components go bad we replace them. The shattered glass screen is a perfect example. They often break and a corner mobile shop will fix it. However with the introduction of the Touch ID, their fingerprint sensor things got tricky. If the fingerprint sensor goes bad, we cannot expect a third party seller provided touch sensor to work with the phone. The original Touch ID was part of the security, a third party one is not. The phone will not unlock.
Apple’s Touch ID was introduced in 2014. It changed the way security works with the iPhone. The Touch ID sensor detects the fingerprints of the user. The sensor takes a scan of the finger. A mathematical formula based on the lines of the finger, the ridges of the finger from the scan creates a key. The key is then stored into that Secure Enclave coprocessor. Remember it is not the scan of the finger, it’s the key based on a formula, which is stored on the phone. When the owner of the phone scans the button, the processor compares the new key generated to the stored one. If they match then the phone unlocks.
While Touch ID is easier to use than a pin code, if the device registers 5 wrong fingerprint to unlock the phone or the phone is unlocked for more than 48 hours then PIN code is the only way. However there is a catch with using pin codes with brute-force attempts. The software slows down the time to use between bad pin attempts.
Source: - Apple Security Guide
It takes 5 ½ years to try all the alphanumeric combinations of a six digit passcode. Rather than work nicely with Apple early in this case, the FBI tried to unlock the phone by using software that brute force pin combinations. There is another option of self-erase data if 10 wrong pins were used. It could probably that the FBI might have used ten wrong pin codes. Failed at the unlock efforts the FBI resorted to the court. Thanks to a 200 plus year old law, they had a judge issue an order to Apple to help the FBI. The demand is to create tool that can help get data without being deleted for failed pin attempts. Apple refused to cooperate citing privacy is important to them. the iPhone 5C was not a private phone of the terrorist, it was given by the county. Which complicated the legal things further.
Why is Apple refusing to cooperate?
Privacy of the user is the most important aspect in mobile eco system. Blackberry practically ran its entire business on single selling point “uncrackable encryption”. Google goes to the end of the world to encrypt its email data. Apple stepped up the game by mixing the hardware and software. As the mobile phones continue to swallow credit cards they are becoming the main point of interaction with the banking systems. They need to be protected with highest level of encryption. The consumers stick to the mobile eco system if it protects their privacy. It is just not Apple which is making their phones un-hackable. Samsung released a modified Android system called Knox, which will give additional protection to the customers on top of what Google provides with the Android system. Any mobile maker fail to protect the privacy of the consumers will lose the market. Imagine someone reading our emails, watching our photos and withdrawing money from our bank. Giving backdoor access to the phone is not an easy task. Further Apple does not want to make duplicate keys. Why? Once the keys are made, it is tough to track them.
Where does the issue lead to?
This issue opens a can of worms for Apple, Lawyers, other stakeholders in the mobile business and every country Apple does business with. A legal entity doing business in any part of the world has to abide by the laws of the land. Terrorist activities happened in the past and will continue to happen in the future. 50 years back crime investigators were rushing to collect the postal communication, personal diaries of the perpetrator.
Currently that information is available in personal computers or mobile phones. Email messaging and social media posting will reveal more about the contacts the terrorists made. It will be common in the coming years for all the countries to request such information from companies involved in mobile business.
Solution
If Apple can do it for FBI because the incident happened on American soil, they are obliged to do the same for India or China. Such cases normally sway public opinion in one way or other. Currently most American people are supporting Apple for standing up to the privacy of the users. However we are conveniently forgetting that more than our privacy our safety is important. An agreeable international framework to acquire sensitive information from electronic devices will help solve such tricky things.
When the choice is between privacy and safety, Safety always wins. With a proper framework involving countries beyond America, Privacy can be protected as long as the Safety of the people is not at risk.
Comments