Those Secure Enclaves may not be so secure if the FBI has its way.
In a series of off-the-record conversations with reporters, Apple is taking pains to correct a misunderstanding.
Newer iPhones are harder to crack than the iPhone 5C in the San Bernardino case. But they are not, according to Apple, uncrackable.
Secrets stored in the so-called Secure Enclave in newer models (iPhone 5S and later) could be pried out by brute force, Apple says, if the company were forced to comply with the same three demands the FBI has made in San Bernardino. They are:
- Disable the built-in 10-tries-and-wipe feature
- Remove software-enforced passcode delays (1 minute after 5 attempts, etc.)
- Create the ability to enter PINs electronically, at computer speed, rather than the speed of thumbs
In essence, the FBI is asking Apple to remove the measures its engineers built into the iPhone's hardware and software to protect against just such a brute force attack. And because hardware is ultimately controlled by software, anything, in theory, is doable.
It wouldn't require iOS to be rewritten from the ground up, as some have claimed. But the job would be what software engineers like to call "nontrivial." And it would have to be done by Apple, against its will, at the demand of a government.
The fact that it could be done at all changes the technological underpinnings of what has become a national referendum on the role of strong cryptography in a free society.
"This fact also changes the political calculation," wrote Stratechery's Ben Thompson Thursday after word of Apple's [fortune-stock symbol="aapl"] briefings reached Twitter. "Yes, the optics for this particular case are terrible, but if the precedent would be directly applicable [to the new iPhones] then it's hard to see what else Apple could do."