The U.S. Department of Justice strategically dropped its lawsuit against Apple Computer to gain access to data on the iPhone of the San Bernardino terrorists, but the FBI will never give up its quest to obtain manufacturer agreements for software “backdoors.”
Breitbart News on March 22 broke the technical strategy that although iPhone has encryption for its passwords, the FBI knew or should have known there was a technique of disassembling the device and then copying and reinstalling iPhone’s “NAND” flash memory every 9 times the FBI uses a “brute force attack” to try to guess the right letter and number combination to open an encrypted iPhone.
But such efforts take significant time and resources, because Apple intentionally encrypts data in such a way that a brute force attacker is limited to one passcode try every 80 milliseconds, according to Apple. That limits the FBI or any other powerful hacker to making just 12.5 passcode guesses per second.
Apple’s default six-digit passcode has about 1 million possible passcode combinations. At 12.5 guess per second, it would require about 80,000 seconds, 1,333 minutes, or 22 hours to try all of the passcode combinations to access the data.
There are downloadable apps for iPhone that add more passcode digits to make brute force attacks more resource intensive. Seven-digit passcodes will take up to 9.2 days, eight-digits up to three months, nine-digits up to 2.5 years, 10-digits up to 25 years, 11-digits up to 253 years, 12-digits up to 2,536 years, and 13-digits up to 25,367 years.
Because there are tens of thousands of criminals, it does not matter if the FBI “can” gain access to the data on an iPhone. It matters how many thousands of technicians they would have to hire and how long it would take for brute force attacks to make the guesses on all those iPhones.
An issue that complicated the FBI’s law enforcement “need” in this particular case is the terrorists’ iPhone password was reportedly accidentally reset by the San Bernardino Health Department soon after the government took possession of the device on December 2. Although the action supposedly caused the information the government was seeking to be inaccessible, the FBI has denied the reset was significant.
But the Justice Department on March 25 said it had been approached by an unidentified “third party” about a possible method to get into the iPhone.
The FBI has since filed court papers acknowledging it “successfully accessed the data stored” on the iPhone 5C used by Syed Rizwan Farook, who died with his wife during the attack in San Bernardino, California, according to Reuters. The FBI has not stated what they retrieved from the iPhone and the name of the “third-party” has not been leaked.
Apple cites its refusal to write a new software backdoor to make it much quicker for the FBI to break into the terrorist’s cell phone as a victory. The most recent Reuters/Ipsos poll reveals that the public currently agrees with Apple’s privacy concerns over the FBI’s law enforcement need, by 46 percent to 35 percent. Meanwhile, Apple wants the FBI to reveal how it achieved the successful hack.
But it is a question of “when, not of “if,” there will be another terrorist attack on U.S. soil. When that happens, public sentiment may swing dramatically in favor of the FBI. The Justice Department could then file another emergency demand on Apple for a backdoor at a time of high public support.