Apple’s defiance of a court order last week to help the FBI unlock a suspected terrorist’s iPhone sets up what promises to be a long legal confrontation between the company and the U.S. Justice Department. In the meantime Apple is showing signs that it will further raise the stakes, dropping hints that it wants to create devices and services that are even more difficult to break into. Apple and FBI representatives both get to air their sides of the conflict when they testify before Congress on Tuesday about the need to balance security and privacy.
Currently, any task of breaking into Apple phones as requested by the FBI could potentially be accomplished by hackers, which is why Apple brass wants to create devices that even the company cannot access without user permission. Law enforcement investigating a mass shooting at a December 2, 2015, holiday party in San Bernardino, Calif., that killed 14 people and injured 22 wants Apple to disable instructions written into the iPhone’s software that delay passcode guesses and could delete data after a certain number of failed attempts.
If Apple were to write those instructions directly into the iPhone’s processor, the company would be unable to change them later on, says Charlie Miller, a researcher whose past work has analyzed Apple iOS security. This has both positives and negatives, of course. Apple technicians would be unable to comply with court orders to modify customers’ devices, potentially avoiding another situation similar to the one they are in now. If the company mistakenly wrote flawed code at the chip level, however, it would be much harder to correct, he adds.
Programmers write a smartphone’s instructions into its hardware and software as well as its firmware—a type of software that provides instructions for how the device communicates and is typically stored in the device’s read-only memory (ROM). Software can be changed relatively easily via remote updates like the ones smartphone users receive regularly reminding them to download the latest version of an app or operating system. The specific threat of law enforcement or government having your phone and trying to compel a company to bypass its security protections “really has to be addressed at the hardware level,” says Justin Cappos, an assistant professor of computer science and engineering at New York University. “That way, Apple can say to the U.S. government or to governments in Iran, China and elsewhere that they can have a person’s phone but [the company] cannot provide access to the data on that phone.”
Kudos to Apple. To read more, click here.