{"id":13684,"date":"2016-02-25T11:02:03","date_gmt":"2016-02-25T16:02:03","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=13684"},"modified":"2018-05-31T21:30:01","modified_gmt":"2018-06-01T01:30:01","slug":"apple-working-on-removing-ios-backdoor","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/02\/25\/apple-working-on-removing-ios-backdoor\/","title":{"rendered":"Apple Working on Removing iOS Backdoor"},"content":{"rendered":"<p><a href=\"http:\/\/www.nytimes.com\/2016\/02\/25\/technology\/apple-is-said-to-be-working-on-an-iphone-even-it-cant-hack.html\">Matt Apuzzo and Katie Benner<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=11171131\">comments<\/a>):<\/p>\n<blockquote cite=\"http:\/\/www.nytimes.com\/2016\/02\/25\/technology\/apple-is-said-to-be-working-on-an-iphone-even-it-cant-hack.html\"><p>Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.<\/p><\/blockquote>\n\n<p><a href=\"http:\/\/daringfireball.net\/linked\/2016\/02\/24\/iphone-impregnability\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"http:\/\/daringfireball.net\/linked\/2016\/02\/24\/iphone-impregnability\"><p>The way the iPhone works today, when put into recovery mode you can restore the operating system without entering the device passcode. The only restriction is that the version of iOS to be installed must be properly signed by Apple.<\/p>\n<p>[&#8230;]<\/p>\n<p>I think what Apple is leaking here is that they&rsquo;re going to change this (perhaps as soon as this year&rsquo;s new iPhone 7), so that you can&rsquo;t install a new version of iOS, even in recovery mode, without entering the device&rsquo;s passcode. (I think they will also do the same for firmware updates to the code that executes on the Secure Enclave &mdash; it will require a passcode lock.)<\/p>\n<p>If you do a full restore, you can install a new version of the OS without the passcode, but this wipes the data.<\/p><\/blockquote>\n\n<p>It&rsquo;s understandable that Tim Cook wants the conversation to be about the FBI asking Apple to <em>build<\/em> a backdoor. But I think a more accurate description is that the backdoor already exists. Apple today <em>could<\/em> update the OS to remove security protections, without wiping the data. The dispute with the FBI is that Apple doesn&rsquo;t want to <em>use<\/em> the backdoor. And now it is working to <em>remove<\/em> it.<\/p>\n\n<p>Previously: <a href=\"http:\/\/mjtsai.com\/blog\/2016\/02\/17\/fbi-asks-apple-for-secure-golden-key\/\">FBI Asks Apple for Secure Golden Key<\/a>.<\/p>\n\n<p>Update (2016-02-29): <a href=\"http:\/\/arstechnica.com\/security\/2016\/02\/most-software-already-has-a-golden-key-backdoor-its-called-auto-update\/\">Leif Ryge<\/a> (via <a href=\"https:\/\/twitter.com\/alexisgallagher\/status\/704356075005284352\">Alexis Gallagher<\/a>):<\/p>\n<blockquote cite=\"http:\/\/arstechnica.com\/security\/2016\/02\/most-software-already-has-a-golden-key-backdoor-its-called-auto-update\/\"><p>So when Apple says the FBI is trying to &ldquo;force us to build a backdoor into our products,&rdquo; what they are really saying is that the FBI is trying to force them to use a backdoor which already exists in their products. (The fact that the FBI is also asking them to write new software is not as relevant, because they could pay somebody else to do that. The thing that Apple can provide which nobody else can is the signature.)<\/p><p>Is it reasonable to describe these single points of failure as backdoors? I think many people might argue that industry-standard systems for ensuring software update authenticity do not qualify as backdoors, perhaps because their existence is not secret or hidden in any way. But in the present Apple case where they are themselves using the word &ldquo;backdoor,&rdquo; abusing their cryptographic single point of failure is precisely what the FBI is demanding.<\/p><\/blockquote>\n\n<p>Update (2016-03-03): <a href=\"https:\/\/twitter.com\/alexisgallagher\/status\/705433943718260736\">Alexis Gallagher<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/alexisgallagher\/status\/705433943718260736\"><p>Part of Apple&rsquo;s defense rests on the fact that they don&rsquo;t have the passcode, and the FBI is ordering them to create new software. [&#8230;] What happens to Apple&rsquo;s legal position if the FBI &ldquo;only&rdquo; orders Apple to hand over the signing keys (poor man&rsquo;s passcode)?<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Matt Apuzzo and Katie Benner (comments): Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts. John [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-06-01T01:30:02Z","apple_news_api_id":"fecdc755-78dc-47ad-98d1-ef051bf556e7","apple_news_api_modified_at":"2018-06-01T01:30:03Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/A_s3HVXjcR62Y0e8FG_VW5w","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1347,31,85,355,1679,48],"class_list":["post-13684","post","type-post","status-publish","format-standard","hentry","category-technology","tag-federal-bureau-of-investigation-fbi","tag-ios","tag-iphone","tag-privacy","tag-secure-enclave","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=13684"}],"version-history":[{"count":3,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13684\/revisions"}],"predecessor-version":[{"id":13747,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13684\/revisions\/13747"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=13684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=13684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=13684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}