FBI Cracks Pensacola Shooter’s iPhone, Still Mad at Apple

Originally published at: https://tidbits.com/2020/05/19/fbi-cracks-pensacola-shooters-iphone-still-mad-at-apple/

The FBI has cracked the iPhone at the center of the Pensacola naval base shooting case, but the agency still slammed Apple’s stance on encryption. This time, Apple didn’t pull any punches in its rebuttal.

You can buy master skeleton physical keys online that can do things like unlock apartment building access systems, mailboxes, phone company vaults, subway control systems, parking gate systems, etc. Those keys are all supposed to be protected and not provided to unauthorized individuals. Yet it’s trivial to obtain those keys.

A digital backdoor key is no different. If there is a digital master key it can be stolen. The Bit9 Parity security tool had it’s master keys stolen and they were used to hack customers because the keys signed malware so it would be trusted when normally it would be blocked by the Bit9 Parity tool. Symantec had similar issues and many many other so called security companies.

I really do not believe that Apple or the FBI would be capable of securing master keys. After all, there were civilian contractors working at the FBI running FISA NSA database queries without the appropriate warrants. Thousands of queries were run to the point that someone at the NSA noticed it and raised the issue with McMaster who put a stop to it. These unauthorized queries are terrifying, you enter an SSN, a phone number, an address, a cell phones IMEI, license plates, etc. and you get extremely detailed trace routing information as well as recorded phone calls, email, browsing, etc. They can’t even ensure these systems are not abused.

The beauty of the Apple Secure Enclave is the write only black box. It has a factory generated unique identifier as well as holding all the private keys. You calculate or supply the public key for the public / private key pair to the Secure Enclave and it basically responds with YEA or NAY if it matches a private key inside the chip. But there is no way to read those private keys within the chip. You can reset the chip which throws away all the private keys but you cannot extract them. Not even Apple can gain access.

The FBI wants either a custom workaround or a master public/private key that would allow them to unlock the device. The problem is that master key can be stolen or leaked and that would defeat the entire purpose. DVD & BluRay encryption copy protection schemes were defeated because the keys were leaked and the hardware devices would all have to be replaced to use a new key.


Of course, judging by the photos of the phone, the terrorist had already “cracked” it with a 9mm! :laughing: