Senior FBI forensic examiner Stephen R. Flatley spoke at the International Conference on Cyber Security yesterday, and during the talk he discussed Apple and the FBI’s differing opinions on the topic of smartphone encryption. According to Motherboard, Flatley described the company as “jerks” and “evil geniuses” for creating iOS device encryption that is so powerful as to prevent Apple itself from entering users’ iPhones.
Flatley said that recent updates to Apple device encryption have made password guesses slower, by increasing hash iterations from 10 thousand to 10 million, “making his and his colleagues’ investigative work harder.” This extended brute force crack time from a few days to two months, leading to Flatley stating that Apple is “pretty good at evil genius stuff.” No detailed context was given regarding his “jerks” comment.
That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.
“Your crack time just went from two days to two months,” Flatley said. “At what point is it just trying to one up things and at what point is it to thwart law enforcement?” he added. “Apple is pretty good at evil genius stuff.”
Flatley’s comments come nearly two years after the Apple-FBI dispute began, when a federal judge ordered Apple to help the FBI enter the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. The FBI said it wanted Apple’s help to enter just Farook’s iPhone 5c, but Apple explained that the software it was asked to create could become a “master key” and be able to get information from any iPhone or iPad.
For this reason, Apple denied the request and CEO Tim Cook penned an open letter describing the potential for setting a “dangerous precedent” if the company did go along with the order. The battle eventually ended a few months later after the government discovered an alternative way of entering Farook’s iPhone 5c, reportedly with the help of Israeli firm Cellebrite.
Flately mentioned Cellebrite as well during the security conference, describing the firm as “another evil genius” that counters Apple’s encryption and can help the FBI when it needs to enter a smartphone. The forensic examiner was described as not clearly stating Cellebrite’s name, but “facetiously coughing” at the same time to somewhat obscure the comment.
Although the Apple-FBI dispute has ended, debates over smartphone encryption have remained ongoing the past few years. In October 2017, a report came out stating that the FBI was unable to retrieve data from 6,900 mobile devices it had attempted to gain access to over the previous 11 months. That number accounted for half of the total devices the FBI tried to get into, and FBI Director Christopher Wray described the FBI’s inability to retrieve information from these devices as a “huge, huge problem.”
At the end of the case in 2016, Apple issued a statement explaining that the company will continue to assist the FBI when it can, but not at the expense of the data protection, security, and privacy of its customers: “Apple believes deeply that people in the United States and around the world deserve data protection, security, and privacy. Sacrificing one for the other only puts people and countries at greater risk.”
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Discuss this article in our forums