In response to a discussion on Twitter the other day as well as our prior post on Apple’s iOS backdoor, David “@darthnull” Schuetz … yeah the BlueToad-gate guy … has written up a great post describing his point of view that most of what’s been in the news lately is pure and total FUD. Although he can’t offer a concrete conclusion, his best educated guess is that Apple most likely uses a signed external drive to gain access to the unencrypted contents of the phone (unfortunately mostly everything these days) and then bruteforces the passcode/word to obtain access to everything else.
David is a super-smart guy when it comes to iOS security so I won’t even pretend to understand half the stuff he’s talking about … but color it how you want, I’m still calling backdoor. Now this isn’t a backdoor for law enforcement per se … but just some internal mechanism that Apple has for fully decrypting iOS contents without the passcode/word.
Just like the perennial discussion on location-based services and Apple’s ability to track you, the question of accessing an iOS device’s data when the device is locked seems to come up every few months. This time around, the discussion was inspired by a CNET article, with the sensational title “Apple deluged by police demands to decrypt iPhones.”
The article seemed to be built around a single paragraph in a blurry copy of a search warrant affidavit from ATF, which stated that the writer “contacted Apple” and was told by “an employee […] who is part of their Apple Litigation Group” that Apple “has the capabilities to bypass the security software” on the iPhone.
That’s it. That’s all we know. An ATF agent reports having talked to a single person at Apple, who told him that they can “bypass the security software” on iOS devices. And from that tenuous hold, the Twitters exploded with “See! I TOLD you Apple had a back door!” and other related Fear, Uncertainty, and Doom.
But is any of it warranted? What could Apple really be doing, and is that any different from what we already know? Let’s review what we know, and don’t know, about iOS security, passcodes, and encryption.
Do you think there’s an Apple-only accessible backdoor in iOS? Let us know in the comments below. Today’s post pic is from CNN.com. See ya!