Does the FBI Really Even Need Apple’s Help?

The FBI wants to establish the precedent that the government can conscript a technology supplier to break security features they've offered to their users. In particular, the legal order obtained by the FBI (directing Apple to assist the Bureau in accessing San Bernardino shooter Syed Rizwan Farook’s phone) asks Apple to misuse their software update mechanism— a mechanism that every Apple user depends on.

But the FBI’s demand is premised on the notion that the FBI needs Apple’s help, and cannot access the encrypted data on Farook’s phone without Apple’s help. We were curious: is that actually the case? To answer requires looking at technical details of Apple’s encryption system and how it works.

The basic technological situation

The FBI can easily extract the raw data from the phone’s flash memory, but they can’t read it because the information on Farook’s phone is protected by encryption that ultimately depends on a strong key we can call the “unlocking key.” This key is so strong that it would take the FBI longer than the age of the universe to crack it using “brute force” methods (i.e. guessing every possible key)—even with all the computers in the world dedicated to the task.

Of course, iPhone users don’t have to enter the unlocking key itself—a lengthy tangle of random digits—to open their phone. Instead, they just enter a shorter passcode. Passcodes can vary in length, but there’s a strong chance the FBI could brute-force the passcode, which is usually short and memorizeable by humans. The problem for the FBI is that the passcode by itself does not unlock the phone. Instead, the weak passcode is combined with a hard-wired “unique ID” (UID) that is embedded within the phone when it is manufactured. The UID is actually used as an encryption key itself—and like the unlocking key, it is lengthy and cannot be brute-forced. When the passcode is entered it is combined with the hard-wired UID to open the unlocking key, which unlocks the phone’s data. In other words: passcode + UID = unlocking key and access to data.

In short, the phone’s UID is everything. With it, the FBI can get what they’re asking for. Without it, they can’t.

If the FBI could extract the UID key from the phone, they could then take their own external copy of the phone’s data and bring supercomputers to bear on brute-forcing the passcode instead of using a single relatively weak phone processor. They could bypass the guessing-limit functions of Apple’s operating system without requiring Apple to create a whole new insecure operating system for them, and rapidly try combining billions of passcodes with the UID until they successfully unlock the data extracted from the phone. The FBI’s effort to conscript Apple would therefore be unnecessary.

That brings us to the question:

Is it really true that the FBI cannot access the UID key?

Certainly, preventing access to the UID is Apple's stated engineering goal. The company’s Security Guide for iOS 9 states, that the UID (and another key we don’t need to worry about)

are AES 256-bit keys fused…into the application processor…during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed by dedicated AES engines implemented in silicon using the UID…as a key.

The fuses in Apple’s chips are just like the fuses in your home's wiring—electrical connections designed to “blow” when too much current flows through them. Imagine 256 fuses in a row. For each fuse, flip a coin. If it comes up heads, send enough current across the fuse to make it blow. If it comes up tails, leave the fuse alone. This series of blown or not-blown fuses—in minature, inside the chip during Apple’s manufacturing process—constitutes the UID key. Apple says that no one has a record of that UID key for any phone.

While the chip is designed to not expose the UID key via its electrical interfaces, there is actually an array of physical fuses inside of it. Through processes that are already available to commercial and academic users, the FBI could etch off the surface of the chip, and then use a powerful microscope to inspect the silicon inside. If this succeeds in exposing the UID, then the device itself is no longer needed, and the FBI can proceed to crack the unlocking key by brute-forcing the passcode on their own hardware.

It would be extremely surprising if the FBI—or at least the NSA—did not already have the equipment and knowledge to perform this work. We know the FBI has used electron microscopes at least since 2002, for example. Certainly we’re not suggesting an expansion of NSA participation in domestic law enforcement investigations, but surely before any court considers setting such a dangerous precedent it should be certain that there aren’t less destructive alternatives.

It’s possible that the FBI has access to such capabilities but doesn’t want to advertise them because the facts around this case present them with a golden opportunity to establish a powerful new legal precedent—that they can force a technology provider to abuse their software update mechanism at the request of the government. That’s a precedent that will give them a significant new power.

In the end, course, whether or not there is a way for the FBI to get that UID and Farook’s data without Apple, the order should still be overturned for the deeper reasons that our colleague Alex Abdo and others have laid out.

But, before seeking a radical and sweeping dangerous new legal precedent, the FBI should explain why they are unable to extract the UID. Not only journalists but also judges should press the FBI on whether techniques such as those suggested above—or any others—could offer an alternative to the sweeping new power the Bureau is seeking.

Add a comment (4)
Read the Terms of Use

Darren Chaker

This effort to force Apple to create code which doesn't exist to thwart its own security measures will fail and create precedent to protect us all. Support the ACLU, EFF and similar organizations who will be on the front lines of this fight as it will secure our Fourth Amendment rights. Don't believe the hype - this case is about using a tragedy to support discarding privacy for all of us. Once it's established Apple can discard the encryption, then Google is next on the decryption hit list, then desktop encryption, whole disk encryption, and anything else government cannot get into - hence it will force people to use foreign based products and hurt American jobs, competitiveness, etc. Demonizing Apple makes it appear there are lurking terrorists. If we were so concerned about terrorism, there'd be far greater border security, and filtering of people like the San Bernardino attackers who were approved to come to the USA when they should not have been.

Anonymous

Even if they could force them to assist in cracking the phone. Are they expected to do this for free?

RoscoeRules

The search warrant is veiled in the pretext of finding evidence of a crime, which is cloaked in the morally repugnant claim by the FBI that it is for "closure" for the families. They aren't going to prosecute the two dead suspects no matter how much more 'evidence' is recovered. Furthermore, a search warrant requires that all material seized be itemized and that list is returned to the court most expeditiously. Surely the FBI would seek to seal the warrant return for the longest time allowed by law, and once that period expired, and/or THIS particular criminal investigation was no longer active, one would then expect the FBI to notify the court that the sealed list contains sensitive information related to national security so it is now classified, subject to seizure by the government, and therefore cannot be released to the public.

Folks, this is not a search for evidence of a crime for prosecution purposes, it is a sham case for the precedent of gathering intelligence via fraudulent manipulation of our civil courts. Intelligence has not been a basis for our civil court/criminal court 4th A warrant exceptions standards, however, warrants issued by a FISA court are issued for foreign intelligence matters. Will the FBI go there next and apply their slight of hand and allege this incident possibly, could have, might have originated on foreign soil? Do not be surprised...

NavyGuy

Lots of good arguments. The FBI and any other policing agency, spying or investigative agencies are just throwing their weight around and the rest of our government works for enormously wealthy people who are not looking out for anything except to ensure the money keeps coming to them, they will do or say anything that undermines our rights as a free people. The FBI nor any other agency have for many years even before computers have been able to conduct thorough investigations and solved them with dedication and hard work as has been proven in the past, however their demand for security keys is completely without merit or justification. I firmly believe the FBI nor anyone else has a need for these codes, they didn't have that available to them in the past which speaks for itself. THE FBI DOES NOT NEED THIS TYPE OF INFORMATION. FBI MUST BE OR HAVE GOTTEN STUPID AND CAN NOT CONDUCT AN INVESTIGATION WITHOUT A COMPUTER OR MUST HAVE SECURITY CODES TO ACCESS ALL CELL PHONES. Inept government agencies taking orders from their capitalist bosses.
This is just another way to infringe on our privacy and a way to frighten the public into believing that they are protecting us. Americans must stop this from happening. Open your eyes and your ears or we will al become slaves and you won't know it's happening until it is to late. Businessmen cannot run countries, never could and should never be allowed to.

Stay Informed