Declan McCullagh: ‘Apple Deluged by Police Demands to Decrypt iPhones’

Declan McCullagh, reporting for CNet:

The ATF’s Maynard said in an affidavit for the Kentucky case that Apple “has the capabilities to bypass the security software” and “download the contents of the phone to an external memory device.” Chang, the Apple legal specialist, told him that “once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive” and delivered to the ATF.

It’s not clear whether that means Apple has created a backdoor for police — which has been the topic of speculation in the past — whether the company has custom hardware that’s faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET.

I saw this report the other day and it confused me. My understanding is that the entire contents of an iPhone with a passcode (or pass phrase) are encrypted. If Apple can somehow decrypt the contents, then there’s a backdoor, and the possibility exists that someone else will discover the backdoor. (Let alone the problem of Apple being able to do it.)

Charlie Miller, who knows way more about this stuff than I do (and probably as much as anyone outside Apple), is also confused. His theory:

Apple probably uses a signed ramdisk and then brute forces from there.

In which case it’s not really a backdoor, it’s that Apple can more efficiently run through all possible passcodes than law enforcement agencies can. But I take it this means Apple can circumvent the setting that deletes the encryption keys after 10 failed passcode attempts, because they’re not doing the passcode attempts on the device itself.

Update: Quinn Mahoney tweets:

No, a signed ramdisk means the brute force is done on-device. The 10 attempt limit is enforced by iOS, ramdisk bypasses that.

Tuesday, 14 May 2013