Not a “Hack”

Last week, Apple publicly announced it would oppose a US court’s order to help the FBI hack into an encrypted iPhone. The details are complicated, and are covered elsewhere. In short, good on Apple.

But there is this great, bizarre statement in a subsequent motion where the government urges the court to force Apple to comply (p. 20):

Not a "hack"

Basically, they take exception when Apple claims:  “The government is asking Apple to hack our own users.” Really, says the government, this is no different than a software update. It’s no big deal. What the FBI requests is not a “hack.”

So now, the technical details of the court’s order: The FBI wants Apple to create a fake version of iOS. That fake operating system should disable the auto-erase security feature the user had enabled, and it should circumvent the phone’s hardware which enforces that security. The fake iOS should also disable the login attempt rate-limiting (another security feature). And the fake iOS should drop the requirement that passwords be entered manually, so the FBI can do some high-speed, automated password cracking. The software should then be cryptographically signed by Apple so the fake iOS won’t get blocked by a security chip designed to block fake upgrades. The fake iOS should then be loaded into RAM, and the phone should be tricked into running that instead of the legitimate iOS on disk (I’m not actually sure how to do that, but it probably involves tampering with a tamper-resistant bootloader).

This, says the government, is not “hacking” an iPhone.

For comparison, here are some things the government has claimed to be “hacking”:

  • Downloading too many files. link
  • Visiting publicly accessible web pages by guessing the URL. link
  • Downloading files by typing commands instead of using a mouse. link
  • Pressing the touch screen buttons on a buggy video poker machine. link
  • Sharing a username and password. link

I don’t even