Even with the cooperation of Apple to help extract data from an iPhone used by one of the participants in December's deadly shooting rampage in San Bernardino, California, the "brute force" unlocking of the device could take years—perhaps a decade—a Johns Hopkins University expert says.
On Tuesday, a federal judge ordered Apple to help the FBI break into the phone by providing "reasonable technical assistance," specifically by creating software that can disable a security feature that erases the iPhone's data after 10 unsuccessful attempts to unlock it.
Matthew Green, an assistant professor of computer science and a cryptography expert, told The Washington Post that if the FBI is able to bypass the phone's auto-delete feature, then it could theoretically crack the phone's six-digit numeric passcode in about 22 hours. But that assumes the passcode uses only numbers.
"Once there's numbers and letters, that's when things get interesting," Green told The Post. "It might take 10 years to crack a strong password on the phone, which means they might be stuck till 2026."
A more immediate hurdle is the standoff between the FBI and Apple, which has thus far refused to comply with the court's order to help unlock the phone used by Syed Rizwan Farook, one of two shooters involved in the attack that left 14 people dead.
"We have great respect for the professionals at the FBI, and we believe their intentions are good," Apple CEO Tim Cook wrote in an open letter Tuesday. "Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."
Cook said Apple was "challenging the FBI's demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications. While we believe the FBI's intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect."
More, including a comment from Green, from science and technology website Motherboard:
If Apple is both able and, more importantly, willing to pull this off, what does it mean for the rest of us? The iPhone's security features are some of the most common, and most essential, forms of encryption for many, many people at this point. If Apple creates an exploit that makes it possible to brute force a phone's unlock screen, it's possible law enforcement will commonly ask for this type of thing in the future. And if such an exploit ever made it out into the wild, well, then hackers might be able to use it, too.
"Once they develop this firmware, you could reuse it on lots of phones," Green said. "I assume it's a test case."
Posted in Science+Technology
Tagged encryption, matthew green, law enforcement, cybersecurity, data mining, privacy