Experts: The FBI’s iPhone-unlocking plan for Apple is risky.

http://phys.org/news/2016-02-experts-fbi-iphone-unlocking-apple-risky.html

Experts: The FBI’s iPhone-unlocking plan for Apple is risky.

In its battle with Apple over an extremist’s iPhone, the FBI says neither the company nor anyone else has anything to fear. Although they want to compel assistance from Apple to unlock a phone used by San Bernardino mass shooter Syed Farook, officials say the techniques they propose are limited in scope and pose no risk to the privacy of other iPhone users. Security experts say it’s not so simple. “It’s a very dangerous proposition to claim that this capability could not be re-used,” said Will Ackerly, chief technology officer at Virtru, a computer security firm he co-founded after working 8 years at the National Security Agency. Federal prosecutors have asked a court to force Apple to produce special software that would help the FBI guess the passcode to an iPhone found in Farook’s car. Federal officials say Apple will be free to destroy that software once the iPhone is open to investigators. Apple argues it’s unrealistic to think that governments, both in the U.S. and overseas, won’t ask to use the same program again in other cases. Ackerly and other experts echoed that concern. And on technical grounds, experts say, it may simply be impossible to keep the program from falling into the wrong hands. True, some experts say Apple CEO Tim Cook is exaggerating when he says the government wants the company to create a “backdoor” into otherwise secure information held on iPhones. It might be closer to say the government wants to require Apple to help pick the lock to the front door. Even that approach, however, could still pose broader dangers. Essentially, the FBI wants Apple to write a program that disables some iPhone security features so that federal computer experts could guess the phone’s passcode by “brute force.” Unlocking the phone with the passcode automatically decodes encrypted files. In particular, the FBI wants to disable a “self-destruct” mechanism that could render the phone unreadable after 10 bad guesses, as well as an enforced delay of up to an hour between incorrect passcode attempts. U.S. officials say their precautions would prevent anyone else—governments and criminal hackers included—from re-using that bypass software on other phones. First, the government says Apple can design the program to work only when it recognizes Farook’s iPhone, by checking the unique identifying code assigned to each device Apple makes. The iPhone won’t respond if the program doesn’t contain a cryptographic signature that verifies the software was created by Apple, the government said in its court filing. Authorities say the program can be loaded onto the iPhone’s temporary memory, so it will disappear once the iPhone is turned off.

source