Earlier today we posted a report titled "The Court Rules that Apple must Provide 'Reasonable Technical Assistance' to Unlock a Famous U.S. Terrorist's iPhone." Now an enterprise security firm by the name of 'Trail of Bits' has weighed in on yesterday's request from the court ordering Apple to comply with the a request from the FBI for technical assistance in opening the iPhone owned by one of the deceased terrorists in the San Bernardino attack. While many have argued whether these requests from the FBI are technically feasible, given that the support for strong encryption on iOS devices, Trail of Bits believes that all of the FBI's requests are in fact technically feasible.
The security firm notes that "it is very important to mention that the recovered iPhone is a 5C. The 5C model iPhone lacks TouchID and, therefore, lacks the single most important security feature produced by Apple: the Secure Enclave.
If the San Bernardino gunmen had used an iPhone with the Secure Enclave, then there is little to nothing that Apple or the FBI could have done to guess the passcode. However, since the iPhone 5C lacks a Secure Enclave, nearly all of the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update.
In the end, Dan Guido of Security firm 'Trail of Bits' says that he believes "it is technically feasible for Apple to comply with all of the FBI's requests in this case. On the iPhone 5C, the passcode delay and device erasure are implemented in software and Apple can add support for peripheral devices that facilitate PIN code entry. In order to limit the risk of abuse, Apple can lock the customized version of iOS to only work on the specific recovered iPhone and perform all recovery on their own, without sharing the firmware image with the FBI."
Dan Guido's report covers the technicalities of the FBI's request and the problems that they're currently undergoing and how Apple could easily assist them in this case of opening the iPhone once owned by a terrorist. For those interested in reading the technical workaround, click here.