iPhone Encryption Explained: Why Apple Cannot Unlock the Phone
Written by Karolis Liucveikis on
There is much reporting in the news this week about the American government’s court order to force Apple to decrypt iPhone 5 belonging to the San Bernardino Islamic terrorists. The journalists report that Apple says that the iPhone is impossible to crack because Apple does not know the encryption key and that entering an incorrect passcode 11 times will cause the phone to wipe the data. But the journalists do not go into any detail why the device cannot be decrypted. So we do that here. In sum, the iPhone cannot be decrypted because iOS generates a random number used as the cryptographic key when the machine is first turned on and after it has been manufactured and the housing close up. Apple does not back the key up to iTunes of the Apple cloud. So Apple does not know that. So, what the FBI wants is that Apple writes and compiles a modified version of iOS onto the device to allow the FBI to brute force attack the code to unlock the phone without erasing the data. But if you read the technical details, that would seem to be impossible as any tampering with the device, such a replacing the operating system with another or even removing the storage, would erase the encryption keys on the device thus defeating the ability to read the encrypted memory. (A smartphone like the iPhone has no magnetic storage. It’s all solid state storage also called flash storage. So you can think of the whole device as have no storage. It is all memory.)
Apple’s encryption software is so comprehensive and hacker-proof that it even eliminates the ability of a program or hardware to read stale memory. In solid state storage, each memory cell has a limited timespan before that silicon die wears out. So Apple makes sure that worn out memory is zeroed out before it is marked as off limits by the operating system.
How IOS Encryption Works
The iPhone is unlocked either with a passcode or fingerprint. A fingerprint of course translated to a number too. If the passcode is only, say, 6 digits then there are 1 million possibilities. That is not many to guess with a brute force attack. But the algorithm that reads the passcode runs progressively slower each time that someone enters a passcode. In that case it should take years to brute force the password. So it is not clear how the FBI plans to defeated that part either.
The iPhone is protected from tampering using various techniques. These would seem to prevent the most common way of trying to unlock a device which is to open it up and attach wires like the ordinary cell phone repairmen does when trying to fix the same.
When the Apple device boots up it checks the Apple root certificate, which is burned into the firmware of the machine and certificate. Any installed software must be signed with a key whose certificate chain approval points to the Apple root certificate authority. You cannot fake those since they are bought from a 3rd party, i.e., not Apple, whose purpose is independent verification (Otherwise a criminal could create their own certificate.).
This boot up process verifies that the operating system has not been tampered with. Further if the memory is removed it cannot be read. That has lead to some criticism of Apple saying that 3rd party companies cannot repair the devices thus requiring consumers to pay more money to go to Apple.
The memory and filesystem is encrypted using the AES cryptographic algorithm. Even memory is encrypted to the extent that is possible (Memory is where encryption does not work since data needs to be decrypted to read.).
In the past the FBI would ship phones to Apple’s headquarters for decryption. It is not clear how Apple did that. Either they knew they saved a copy of key - which since it was printed on the hardware earlier and not randomly generated they could have known it - or they had some kind of backdoor and connected a cable to the device to attack it. But one least one part of the algorithm is based on a key that is burned into the firmware. So at that time they key could be read from the hardware. But as we said now it is randomly generated.
▼ Show Discussion