Category Archives: Cyber War

Now China Deployed Fighter Jets to Disputed Islands

Posted on by

EXCLUSIVE: China sends fighter jets to contested island in South China Sea

FNC: EXCLUSIVE: In a move likely to further increase already volatile tensions in the South China Sea, China has deployed fighter jets to a contested island in the South China Sea, the same island where China deployed surface-to-air missiles last week, two U.S. officials tell Fox News.

The dramatic escalation comes minutes before Secretary of State John Kerry was to host his Chinese counterpart, Foreign Minister Wang Yi, at the State Department.

Chinese Shenyang J-11s (“Flanker”) and  Xian JH-7s (“Flounder”) have been seen by U.S. intelligence on Woody Island in the past few days, the same island where Fox News reported exclusively last week that China had sent two batteries of HQ-9 surface-to-air missiles while President Obama was hosting 10 Southeast Asian leaders in Palm Springs.

Wang was supposed to visit the Pentagon Tuesday, but the visit was canceled. It was not immediately clear which side canceled the visit. Pentagon press secretary Peter Cook said a “scheduling conflict” prevented the meeting, when asked by Fox News at Tuesday’s press briefing.

When asked about the earlier Fox News story in Beijing, Wang said the deployment of the missiles was for “defensive purposes.”

Woody Island is the largest island in the Paracel chain of islands in the South China Sea.  It lies 250 miles southeast of a major Chinese submarine base on Hainan Island. China has claimed Woody Island since the 1950s, but it is contested by Taiwan and Vietnam.

Ahead of Wang’s visit to Washington, a spokeswoman likened China’s military buildup on Woody Island to the U.S. Navy’s in Hawaii.

“There is no difference between China’s deployment of necessary national defense facilities on its own territory and the defense installation by the U.S. in Hawaii,” Foreign Ministry spokeswoman Hua Chunying said Monday.

More than $5 trillion of worth of natural resources and goods transit the South China Sea each year.

Earlier Tuesday, the head of the U.S. military’s Pacific Command said China is “clearly militarizing” the South China Sea, in testimony before the Senate Armed Services Committee.

“You’d have to believe in a flat Earth to believe otherwise,” Admiral Harry Harris said.

China has sent fighter jets to Woody Island before. In November, Chinese state media published images showing J-11 fighter jets on the island, but this was the first deployment of fighter jets since the Chinese sent commercial airliners to test the runway at one of its artificial islands in the South China Sea.

The Pentagon sailed a guided-missile destroyer past a contested island in the South China Sea as a result.  Late last year, the U.S. military conducted a flight of B-52 bombers and another warship to conduct a “freedom of navigation” exercise.

The Chinese have protested the moves and vowed “consequences.”

On Monday, new civilian satellite imagery from CSIS showed a possible high frequency radar installation being constructed in late January.

The imagery shows radar installations on China’s artificial islands in the Spratley Island chain of reefs-Gaven, Hughes, Johnson South, and primarily on Cuarteron reefs—the outermost island in the South China Sea.

*** 

FNC: China apparently has been building radar facilities on some of the artificial islands it constructed in the South China Sea in a move to bolster its military power in the region, according to a report released Tuesday by a U.S.-based think tank.

The Center for Strategic and International Studies (CSIS) says the radars on the outposts of Gaven, Hughes, Johnson South and Cuarteron reefs in the disputed Spratly Islands “speak to a long-term anti-access strategy by China—one that would see it establish effective control over the sea and airspace throughout the South China Sea.”

The report was released one week after Fox News reported that China had deployed an advanced surface-to-air missile system as well as a radar system on Woody Island, part of the Paracel Island chain located north of the Spratlys.

The release of the report also coincides with the first day of a three-day visit to the U.S. by Chinese Foreign Minister Wang Yi, during which the issue of competing South China Sea claims is expected to be discussed, as well as North Korea’s latest nuclear test.

OPM Top Person Donna Seymour Resigns

Posted on by

Chaffetz Responds to Retirement of OPM CIO Donna Seymour

Oversight Committee: WASHINGTON, D.C.—This afternoon, House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-UT) issued the following statement upon learning of the retirement of U.S. Office of Personnel Management (OPM) Chief Information Officer (CIO) Donna Seymour:

“Ms. Seymour’s retirement is good news and an important turning point for OPM. While I am disappointed Ms. Seymour will no longer appear before our Committee this week to answer to the American people, her retirement is necessary and long overdue. On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data. The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency.” 

 Background: 

Chairman Chaffetz has publicly expressed the need for Ms. Seymour’s removal on the following occasions:

Chaffetz to OPM: Remove Donna Seymour (12/10/2015)

Chaffetz Responds to Nomination of Beth Cobert as OPM Director (11/10/2015)

Chaffetz Renews Call for Removal of OPM CIO Donna Seymour (08/06/2015)

Chaffetz Statement on Latest OPM Data Breach Revelation (07/09/2015)

GOP Lawmakers to President Obama: Remove OPM Director Archuleta and CIO Donna Seymour (06/26/2015)

Related:

The Breach We Could Have Avoided (09/30/2015)

Fingerprints of Additional 4.5 Million Individuals Stolen in OPM Breach, Chaffetz Responds (09/23/2015)

Chaffetz Statement on OPM Infrastructure Improvement Plan (09/14/2015)

OPM Data Breach: Part II Hearing (06/24/2015)

OPM: Data Breach Hearing (06/16/2015)

*** For reference and background on Office of Personnel Management

Second OPM Hack Revealed: Even Worse Than The First

from the the-federal-government,-ladies-and-gentlemen dept

TechDirt: Oh great. So after we learned late yesterday that the hack of all sorts of data from the federal government’s Office of Personnel Management (OPM) was likely much worse than originally believed — including leaking all Social Security numbers unencrypted — and that the so-called cybersecurity “experts” within the government weren’t even the ones who discovered the hack, things are looking even worse. That’s because, late today, it was revealed that there was likely a separate hack, also by Chinese state actors, accessing even more sensitive information:

The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.

In a statement, the White House said that on June 8, investigators concluded there was “a high degree of confidence that … systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated.”

“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” said Joel Brenner, a former top U.S. counterintelligence official. “That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”

And yet… this is the same federal government telling us that it wants more access to everyone else’s data to “protect” us from “cybersecurity threats” — and that encryption is bad? Yikes.

Putin Exploiting Open Skies Treaty

Posted on by

In this fresh era of Putin’s aggression in Syria, Europe, Ukraine and the Baltics, it seems no one is willing to force a stop of Russia in any part of the globe. What is especially disturbing is the Open Skies Treaty and Putin has been exploiting this agreement, to what end, no one seems to explain his objectives.

The U.S. State Department has a twisted mission of diplomacy when it intersects with operational security and future threat risks having particular emphasis on Iran, North Korea and Russia.

The Treaty on Open Skies establishes a regime of unarmed aerial observation flights over the territories of its signatories. The Treaty is designed to enhance mutual understanding and confidence by giving all participants, regardless of size, a direct role in gathering information through aerial imaging on military forces and activities of concern to them. Open Skies is one of the most wide-ranging international arms control efforts to date to promote openness and transparency in military forces and activities.

Russia wants to fly over U.S. with advanced digital camera

WASHINGTON (AP) — Russia will ask permission on Monday to start flying surveillance planes equipped with high-powered digital cameras amid warnings from U.S. intelligence and military officials that such overflights help Moscow collect intelligence on the United States.

Russia and the United States are signatories to the Open Skies Treaty, which allows unarmed observation flights over the entire territory of all 34 member nations to foster transparency about military activity and help monitor arms control and other agreements. Senior intelligence and military officials, however, worry that Russia is taking advantage of technological advances to violate the spirit of the treaty.

Russia will formally ask the Open Skies Consultative Commission, based in Vienna, to be allowed to fly an aircraft equipped with high-tech sensors over the United States, according to a senior congressional staffer, who spoke on condition of anonymity because the staff member wasn’t authorized to discuss the issue publicly.

The request will put the Obama administration in the position of having to decide whether to let Russia use the high-powered equipment on its surveillance planes at a time when Moscow, according to the latest State Department compliance report, is failing to meet all its obligations under the treaty. And it comes at one of the most tension-filled times in U.S.-Russia relations since the end of the Cold War, with the two countries at odds over Russian activity in Ukraine and Syria.

“The treaty has become a critical component of Russia’s intelligence collection capability directed at the United States,” Adm. Cecil D. Haney, commander of the U.S. Strategic Command, wrote in a letter earlier this year to Rep. Mike Rogers, R-Ala., chairman of a House subcommittee on strategic forces.

“In addition to overflying military installations, Russian Open Skies flights can overfly and collect on Department of Defense and national security or national critical infrastructure,” Haney said. “The vulnerability exposed by exploitation of this data and costs of mitigation are increasingly difficult to characterize.”

A State Department official said Sunday that treaty nations had not yet received notice of the Russian request, but that certification of the Russian plane with a “digital electro-optical sensor” could not occur until this summer because the treaty requires a 120-day advance notification. The official spoke on condition of anonymity because he wasn’t authorized to discuss the issue publicly.

The official also said that the treaty, which was entered into force in 2002, establishes procedures for certifying digital sensors to confirm that they are compliant with treaty requirements. The official said all signatories to the treaty agree that “transition from film cameras to digital sensors is required for the long-term viability of the treaty.”

In December, Rose Gottemoeller, undersecretary of state for arms control and international security, sought to temper concerns about Russian overflights, saying that what Moscow gains from the observation flights is “incremental” to what they collect through other means.

“One of the advantages of the Open Skies Treaty is that information – imagery – that is taken is shared openly among all the treaty parties,” she said at a joint hearing of the House Foreign Affairs and Armed Services committees in December. “So one of the advantages with the Open Skies Treaty is that we know exactly what the Russians are imaging, because they must share the imagery with us.”

Still, military and intelligence officials have expressed serious concern.

“The open skies construct was designed for a different era,” Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, told lawmakers when asked about the Russian overflights during a congressional hearing. “I’m very concerned about how it’s applied today.”

Robert Work, deputy secretary of defense, told Congress: “We think that they’re going beyond the original intent of the treaty and we continue to look at this very, very closely.”

Steve Rademaker, former assistant secretary of state for the bureau of arms control and the bureau of international security and nonproliferation, told Congress at a hearing on security cooperation in Europe in October that Russia complies with the Open Skies Treaty, but has “adopted a number of measures that are inconsistent with the spirt” of the accord.

The treaty, for instance, obligates each member to make all of its territory available for aerial observation, yet Russia has imposed restrictions on surveillance over Moscow and Chechnya and near Abkhazia and South Ossetia, he said. Russian restrictions also make it hard to conduct observation in the Kaliningrad enclave, said Rademaker, who believes Russia is “selectively implementing” the treaty “in a way that suits its interests.”

Obama Secret Talks, World is Normalized with DPRK

Posted on by

Upon Obama’s departure from  the Oval Office in January 2017, there will be no more rogue nations or enemies of America and the West.

Next up after Iran and Cuba is North Korea. (shhhh, but I predicted this)

TheHill: The White House had signaled to the Kim Jung Un regime that it is willing to cut a deal similar to that brokered with Iran to curtail its nuclear program in exchange for sanctions relief.

But North Korea has expedited its plans to develop a nuclear bomb, which it sees as a valuable bargaining chip in eventual peace negotiations.

A long-range rocket launched by North Korea earlier this month triggered additional international sanctions, including a law signed Thursday by President Obama imposing steeper penalties.

Un, who took power at the end of 2011, has demanded additional conditions for a treaty with South Korea, 63 years after the Korean War ended with an armistice.

Obama Administration Secretly Approached North Korea About Diplomatic Talks Days Before Its Latest Nuclear Test: WSJ

Days before North Korea’s Jan. 6 nuclear test, the Obama administration clandestinely agreed to talks that would have formally ended the Korean War, the Wall Street Journal reported Sunday.

As part of the offer, reported to have been made at a U.N. meeting, the U.S. dropped its longstanding prerequisite that North Korea first make efforts to reduce its nuclear arsenal, instead calling for the military dictatorship to make its nuclear weapons program part of the talks. But the test ended those discussions.

North Korea began 2016 on a belligerent footing, even considering the unpredictable pariah state’s history. In addition to the January nuclear test, North Korea launched a rocket earlier this month, resulting in swift pushback from Japan and South Korea, which closed a joint industrial park that provided North Korea with valuable hard currency.

The most recent offer to North Korea was one of several overtures extended by the Obama administration, insiders told the Journal, which happened at the same time the administration was working on an ultimately successful diplomatic outreach to Iran. North Korea first tested a nuclear weapon in 2006, and its nuclear capabilities were confirmed in 2009. North and South Korea have technically been at war ever since the “hot” phase of the Korean War ended in 1953, but the North’s recent nuclear developments have increased the urgency to ultimately resolve the dispute diplomatically.

In addition to its unsanctioned nuclear activity, the North Korean regime is also alleged to operate a system of concentration camps where political prisoners are worked and starved to death. The U.N. released a 2014 report that suggested the regime’s security chiefs and leader Kim Jong Un should be prosecuted for crimes against humanity.

*** Note there is nothing about Unit 121, North Korea’s hacking division. Known since at least 2007.

CNet: North Korea’s Reconnaissance General Bureau (RGB) is in charge of both traditional and cyber operations, and is known for sending agents abroad for training in cyberwarfare. The RGB reportedly oversees six bureaus that specialize in operations, reconnaissance, technology, and cyber matters — and two of which have been identified as the No. 91 Office and Unit 121. The two bureaus in question comprise of intelligence operations and are based in China.

The RGB also reportedly oversees state-run espionage businesses located in 30 to 40 countries, often hosted in unsuspecting places such as cafes. Members of this espionage network reportedly “send more than $100 million in cash per year to the regime and provide cover for spies,” the report says.

In addition, the country’s Worker’s Party oversees a faction of ethnic North Koreans living in Japan. Established in 1955, the group — dubbed the Chosen Soren — refuse to assimilate in to Japanese culture and live in the country in order to covertly raise funds via weapons trafficking, drug trafficking, and other black market activities. The group also gathers intelligence for the country and attempts to procure advanced technologies.

Despite aging infrastructure and power supply problems, North Korea reportedly was able to gain access to 33 of 80 South Korean military wireless communication networks in 2004, and an attack on the US State Department believed to be approved by North Korean officials coincided with US-North Korea talks over nuclear missile testing in the same time period. In addition, a month later, South Korea claimed that Unit 121 was responsible for hacking into South Korean and US defense department networks.

 

Apple vs. FBI, Try the iCloud or iTunes

Posted on by

In all fairness, General Michael Hayden, former head of the NSA actually disagrees with FBI Director James Comey and sides with Apple. The reason is fascinating.

Apple’s formal statement is here.

Zetter – Wired:

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.

Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one?

But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of the court’s decision say this is no different than the controversial backdoor the FBI has been trying to force Apple and other companies to build into their software—except in this case, it’s an after-market backdoor to be used selectively on phones the government is investigating.

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically introduced security features in 2014 to ensure that it would not be able to unlock customer phones and decrypt the data on them; but it turns out it overlooked a loophole in those security features that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apply to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

What Kind of Phone Are We Talking About?

The phone in question is an iPhone 5c running the iOS9 version of Apple’s software. The phone is owned by the San Bernardino Department of Public Health, which gave it to Syed Rizwan Farook, the shooter suspect, to use for work.

What Is the Issue?

Farook created a password to lock his phone, and due to security features built into the software on his device, the FBI can’t unlock the phone and access the data on it using the method it wants to use—a bruteforce password-guessing technique wherein they enter different passcodes repeatedly until they guess the right one—without running the risk that the device will lock them out permanently.

How Would It Do That?

Apple’s operating system uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. As cryptographer Matthew Green explains in a blog post, the user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes and if the result is the correct passcode, the device and data are unlocked.

To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. The number of password tries allowed before this happens is unclear. Apple says on its web site that the data becomes inaccessible after six failed password attempts. The government’s motion to the court (.pdf) says it happens after 10 failed guesses.

The government says it does not know for certain if Farook’s device has the auto-erase feature enabled, but notes in its motion that San Bernardino County gave the device to Farook with it enabled, and the most recent backup of data from his phone to iCloud “showed the function turned on.”

A reasonable person might ask why, if the phone was backing data up to iCloud the government can just get everything it needs from iCloud instead of breaking into the phone. The government did obtain some data backed up to iCloud from the phone, but authorities allege in their court document that he may have disabled iCloud backups at some point. They obtained data backed up to iCloud a month before the shootings, but none closer to the date of the shooting when they say he is most likely to have used the phone to coordinate the attack.

Is This Auto-Erase the Only Security Protection Apple Has in Place?

No. In addition to the auto-erase function, there’s another protection against brute force attacks: time delays. Each time a password is entered on the phone, it takes about 80 milliseconds for the system to process that password and determine if it’s correct. This helps prevent someone from quickly entering a new password to try again, because they can only guess a password every 80 milliseconds. This might not seem like a lot of time, but according to Dan Guido, CEO of Trail of Bits, a company that does extensive consulting on iOS security, it can be prohibitively long depending on the length of the password.

“In terms of cracking passwords, you usually want to crack or attempt to crack hundreds or thousands of them per second. And with 80 milliseconds, you really can only crack eight or nine per second. That’s incredibly slow,” he said in a call to reporters this week.

With a four-digit passcode, he says, there are only about 10,000 different combinations a password-cracker has to try. But with a simple six-digit passcode, there are about one million different combinations a password cracker would have to try to guess the correct one—Apple says would take more than five-and-a-half-years to try all combinations of a six-character alpha-numeric password. The iOS9 software, which appears to be the software on the San Bernardino phone, asks you to create a six-digit password by default, though you can change this requirement to four digits if you want a shorter one.

Later models of phones use a different chip than the iPhone 5c and have what’s called a “secure enclave” that adds even more time delays to the password-guessing process. Guido describes the secure enclave as a “separate computer inside the iPhone that brokers access to encryption keys” increasing the security of those keys.

With the secure enclave, after each wrong password guess, the amount of time you have to wait before trying another password grows with each try; by the ninth failed password you have to wait an hour before you can enter a tenth password. The government mentioned this in its motion to the court, as if the San Bernardino phone has this added delay. But the iPhone 5c does not have secure enclave on it, so the delay would really only be the usual 80 milliseconds in this case.

Why None of This Is an Issue With Older iPhones

With older versions of Apple’s phone operating system—that is, phones using software prior to iOS8—Apple has the ability to bypass the user’s passcode to unlock the device. It has done so in dozens of cases over the years, pursuant to a court order. But beginning with iOS8, Apple changed this so that it can no longer bypass the user’s passcode.

According to the motion filed by the government in the San Bernardino case, the phone in question is using a later version of Apple’s operating system—which appears to be iOS9. We’re basing this on a statement in the motion that reads: “While Apple has publicized that it has written the software differently with respect to iPhones such as the SUBJECT DEVICE with operating system (“iOS”)9, Apple yet retains the capacity to provide the assistance sought herein that may enable the government to access the SUBJECT DEVICE pursuant to the search warrant.”

The government is referring to the changes that Apple initially made with iOS8, that exist in iOS9 as well. Apple released iOS9 in September 2015, three months before the San Bernardino attacks occurred, so it’s very possible this is indeed the version installed on the San Bernardino phone.

After today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from.

What Does the Government Want?

A lot of people have misconstrued the government’s request and believe it asked the court to order Apple to unlock the phone, as Apple has done in many cases before. But as noted, the particular operating system installed on this phone does not allow Apple to bypass the passcode and unlock the phone. So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Note that even after Apple does all of this, the phone will still be locked, unless the government’s bruteforcing operation works to guess the password. And if Farook kept the iOS9 default requirement for a six-character password, and chose a complex alpha-numeric combination for his password, the FBI might never be able to crack it even with everything it has asked Apple to do.

Apple CEO Tim Cook described the government’s request as “asking Apple to hack our own users and undermine decades of security advancements that protect our customers—including tens of millions of American citizens—from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

What Exactly Is the Loophole You Said the Government Is Exploiting?

The loophole is the fact that Apple even has the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

How Doable Is All of This?

Guido says the government’s request is completely doable and reasonable.

“They have to make a couple of modifications. They have to make it so that the operating system boots inside of a RAM disk…[and] they need to delete a bunch of code—there’s a lot of code that protects the passcode that they just need to trash,” he said.

Making it possible for the government to test passwords with a script instead of typing them in would take a little more effort he says. “[T]hat would require a little bit of extra development time, but again totally possible. Apple can load a new kernel driver that allows you to plug something in over the Thunderbolt port… It wouldn’t be trivial but it wouldn’t be massive.”

Could This Same Technique Be Used to Undermine Newer, More Secure Phones?

There has been some debate online about whether Apple would be able to do this for later phones that have newer chips and the secure enclave. It’s an important question because these are the phones that most users will have in the next one or two years as they replace their old phones. Though the secure enclave has additional security features, Guido says that Apple could indeed also write crippled firmware for the secure enclave that achieves exactly what the FBI is asking for in the San Bernardino case.

“It is absolutely within the realm of possibility for Apple themselves to tamper with a lot of the functionality of the secure enclave. They can’t read the secure private keys out of it, but they can eliminate things like the passcode delay,” he said. “That means the solution that they might implement for the 5c would not port over directly to the 5s, the 6 or the 6s, but they could create a separate solution for [these] that includes basically crippled firmware for the secure enclave.”

If Apple eliminates the added time delays that the secure enclave introduces, then such phones would only have the standard 80-millisecond delay that older phones have.

“It requires more work to do so with the secure enclave. You have to develop more software; you have to test it a lot better,” he said. “There may be some other considerations that Apple has to work around. [But] as far as I can tell, if you issue a software update to the secure enclave, you can eliminate the passcode delay and you can eliminate the other device-erase [security feature]. And once both of those are gone, you can query for passcodes as fast as 80 milliseconds per request.”

What Hope Is There for Your Privacy?

You can create a strong alpha-numeric password for your device that would make bruteforcing it essentially infeasible for the FBI or anyone else. “If you have letters and numbers and it’s six, seven or eight digits long, then the potential combinations there are really too large for anyone to bruteforce,” Guido said.

And What Can Apple Do Going Forward?

Guido says Apple could and should make changes to its system so that what the FBI is asking it to do can’t be done in future models. “There are changes that Apple can make to the secure enclave to further secure their phones,” he said. “For instance, they may be able to require some kind of user confirmation, before that firmware gets updated, by entering their PIN code … or they could burn the secure enclave into the chip as read-only memory and lose the ability to update it [entirely].”

These would prevent Apple in the future from having the ability to either upload crippled firmware to the device without the phone owner’s approval or from uploading new firmware to the secure enclave at all.

“There’s a couple of different options that they have; I think all of them, though, are going to require either a new major version of iOS or new chips on the actual phones,” Guido said. “But for the moment, what you have to fall back on is that it takes 80 milliseconds to try every single password guess. And if you have a complex enough password then you’re safe.”

Is the Ability to Upload Crippled Firmware a Vulnerability Apple Should Have Foreseen?

Guido says no.

“It wasn’t until very recently that companies had to consider: What does it look like if we attack our own customers? What does it look like if we strip out and remove the security mitigations we put in specifically to protect customers?”

He adds: “Apple did all the right things to make sure the iPhone is safe from remote intruders, or people trying to break into the iPhone.… But certainly after today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from. And that’s quite a big shift.” (Great job on this Kim)