Go to Top

Apple, the FBI and the San Bernardino shooters: why the FBI needs Apple’s help

Data encryption: Who should have access?

Every technology manufacturer approaches encryption in a different way. They all have their own methods and algorithms for encrypting data on their devices. One of the most reputable companies for encrypted data is Apple. In recent news, Apple has been ordered by the FBI to develop new tools to disable security features to allow the agency to have access to the iPhone from one of the San Bernardino shooters. We are here not to weigh-in on the legal or ethical implications of the request or Apple’s refusal to do, but instead to explore the technical aspects which are under debate.

Auto-erase function

Starting with the iPhone 4S, Apple beefed up their encryption method making it highly secure. With this new method of encryption, you only have 10 attempts at entering your password before the phone permanently erases your data if the auto-erase feature is enabled.

When using an iOS 9 (current operating system of the iPhone 6) device, the specific process if you forget your password is slightly more forgiving, but equally as effective. First, you have six attempts to enter the password. After your sixth attempt, you will receive a prompt stating that your phone is disabled for one minute and you cannot attempt another password until that minute is up. After seven attempts, it is a five minute period, eight attempts is a 15 minute waiting period and nine is one hour.

You might ask: “Why the waiting periods?” Well, anyone with a small child has probably had the experience of them picking up a cell phone while mum or dad wasn’t looking and trying to unlock it. Those waiting periods are, hopefully, enough time for the child to realise the phone isn’t working for them anymore. Also, I know if I forget my password, I sometimes lose count of how many different ones I have entered, so it is a nice warning feature for anyone struggling to get into their own phone.

If you fail to enter your correct password after 10 attempts, iOS 9 permanently wipes your data and not even Apple can retrieve it.

Why the FBI need help from Apple

Reports have suggested that the FBI wish to use a brute force attack to gain access to one of the San Bernardino shooter’s iPhone. However, the auto-erase functionality would result in the phone’s data being permanently deleted after only 10 attempts. It is this security feature that the FBI wants Apple to attempt to bypass by creating a new version of iOS via a court order.

Today’s mobile security

In today’s world, all manufacturers of mobile devices have security measures in place to assist in protecting their customer’s data.  Whether it is the ability to lock the device with a password or a password-protected encryption, all mobile devices have their own variation of security. Corporations and individuals often take those security features into account when purchasing these types of devices.

Questions to ponder

Given the news and the technical information above, it leaves me to ponder a few things?

  1. Who should have access to your data?
  2. If the device is owned by a company, who owns the data on it?
  3. How far should a manufacturer of a mobile device go to protect your data?

Tell us what you think in the comment section below.

2 Responses to "Apple, the FBI and the San Bernardino shooters: why the FBI needs Apple’s help"

  • Dave Toomey
    26 February 2016 - 8:31 am

    Paramount, no one should have access as even people in security nagencies are corrupt and can use these powers to their profit by steel in,snooping etc etc. Terrorism is used as an entry point to sway people publics opinion for the hierarchy to snoop at you communications. The agencies have enough technology to know if people are up to know good and should use they gur feeling to neutralise these threats.

    • Sam
      26 February 2016 - 10:19 am

      Hi Dave,

      Firstly, this opinion is mine personally, not Kroll Ontrack’s, so please keep that in mind.

      I think it is a difficult one, as it is a mass murder investigation that Apple is technically impeding, however, if they don’t impede then they risk putting the security of millions of people at risk. If they do help the FBI, then they are effectively creating a master key to pick one lock.

      I think in a pre-Snowden world the court of public opinion would have been heavily in the favour of the FBI, however, since we’ve learnt the scope of what US agencies are capable of and were/are doing then we’ve realised we all need to be much more aware of our own privacy. In this new environment we find ourselves in, it’s my belief that they cannot be trusted with such a master key, even if it does mean bring justice to the families of the 14 people that were tragically lost that day. Think about this: what happens if a cyber criminal gang get a hold of this master key, and then what may be stolen or they be blackmailed into doing if their private data falls into the wrong hands.

      Ok, now putting my Kroll Ontrack hat back on – the above article is meant to simply cast some light on exactly what the security feature is that the FBI has asked Apple to overcome. It is not intended to take any side in the debate from a company’s perspective.