Fearing that the government may be able to order it to bypass security features in newer-model phones, Apple has begun working on enhancements that would prevent the company from updating the software of an iPhone without knowing a user’s password, according to individuals familiar with the effort.
These security improvements would make it impossible for Apple to help the government unlock newer iPhones in the manner authorities want the company to do so now. The move would force those authorities to find a new technical solution even if they gain the legal authority to force the company to unlock the phones of suspects.
The move by Apple is another twist in a high-profile battle between Apple and the Justice Department, which last week demanded that the company help unlock the iPhone of Syed Rizwan Farook, one of the killers in the San Bernardino, Calif., shooting rampage.
The enhancements cannot be installed on older model phones, such as the iPhone 5C used by Farook. But engineers are trying to fix a problem on newer models, which have a security feature called Secure Enclave that protects some of the most sensitive data such as the phone’s encryption keys. Currently, the software on the Secure Enclave can be updated without knowing a user’s password.
That, Apple engineers realized, was a vulnerability. Those engineers began thinking about addressing the issue before the San Bernardino attacks, but the fix became a priority more recently, said the individuals familiar with the effort, which was first reported by the New York Times.
Security experts hailed Apple’s move.
“They’ve never thought before that they might be forced by the government to break into its own products and reverse security procedures,” said Jonathan Zdziarski, a security researcher who has proposed about a dozen solutions to the problem to Apple. “Now that they’ve been forced into this mode of thinking, a lot of the security updates in the future will be not just to keep the hackers out, but to keep themselves out until the user authorizes the update.”
News of the technical fix broke on the same day Apple chief executive Tim Cook defended his company’s controversial refusal to help the FBI access the passcode-locked iPhone that belonged to Farook.
Cook said that helping the FBI to bypass the iPhone’s security “could expose people to incredible vulnerabilities.”
“This would be bad for America. It would also set a precedent that I believe many people in America would be offended by,” Cook said during an interview on ABC’s “World News Tonight With David Muir.”
Cook said Apple tried to help the FBI with other technological solutions, offering “significant advice” on how the iPhone might be cracked. But Apple does not want to go as far as the FBI says it now needs – writing software to get around the phone’s security measures. Cook called it “the software equivalent of cancer.”
“What is at stake here is can the government compel Apple to write software that we believe would make hundreds of millions of customers vulnerable around the world, including the U.S., and also trample civil liberties that are the basic foundation of what this country are made of,” Cook said.
Cook said this case was about the future.
FBI Director James B. Comey, in a letter published Sunday, wrote that this case highlights the tension between privacy and safety.
“That tension should not be resolved by corporations that sell stuff for a living,” Comey wrote.
Cook, in his interview, insisted that obeying this one court order would mean opening hundreds of other Apple devices if law enforcement wanted access to them as well.
“It is a slippery slope. I don’t fear one – it is one,” Cook said.
Muir asked Cook whether he has any doubts that opening this iPhone might help prevent a terrorist attack.
“David, some things are hard and some things are right. And some things are both,” Cook said. “And this is one of those things.”
(C) 2016, The Washington Post · Ellen Nakashima, Todd C. Frankel