Apple ordered to disable autowipe on San Bernardino shooter's iPhone

It's not exactly a landmark court decision but one that could set a precedent in the tug of war between the US government and encryption advocates. A federal judge in Riverside, California has just ordered Apple to assist in unlocking the San Bernardino shooter's iPhone to aid in criminal investigation. While the judge isn't exactly telling Apple to break the smartphone's encryption and only disable the "10 tries and wipe" security feature, the consequences of this subtle difference can still send ripples in the fight for security and privacy on devices and services.

The iPhone in question is one of those recovered in the possession of Syed Rizwan Farook and Tashfeen Malik, the infamous couple who showered bullets at a party at the Inland Regional Center last December, leaving 14 dead before they themselves were killed in a shootout with authorities. The iPhone ran on iOS version 9, which meant it used very strong encryption measures. FBI Director James Comey just recently told Congress how, two months into the investigation, they were no closer to getting the encrypted contents of the device, due to the strong security features implemented by Apple.

The topic of encrypted devices has been a rather thorny issue between government agencies like the FBI and tech companies, especially Apple. The federal judge, however, was willing to make a compromise of sorts. Apple doesn't need to disable encryption on the device, which Apple has insisted it cannot technically do anyway. Instead, Apple only needs to disable the security feature that automatically wipes the phones' data after 10 failed attempts at entering the passcode. Industry experts, however, claim that Apple can't do that either. At least not directly. It could, with some difficulty, but that would land it back at square on the encryption backdoor issue.

And even then, there might be little gain in terms of speeding up the investigation. The FBI plans to brute force their way into guessing the passcode on the iPhone once that feature has been disabled, trying millions of possible combinations. Given how the passcode system has been designed, however, that could take months, even years. When setting up the iPhone, a user is prompted to enter a 6-digit passcode, which is then combined with a fixed hardware key right inside the phone's chip. Even if the FBI run the brute force method on a supercomputer to speed things up, they'd still need to get access to the hardware key, which they can only do at the risk of destroying the chip itself.

At the moment, things are at an impasse and Apple has not yet officially commented on the court order. It will most likely stick to its arguments, though, given how fresh the wounds of that crime are, Apple might be pressured to make a compromise as well.

SOURCE: The Washington Post