Apple May Be Forced to Hand Over Entire iOS Source Code to FBI
The US Justice Department has a “cheaper” alternative that would exempt Apple from the “unduly burdensome” assistance the court and the FBI wants from the company based on the All Writs Act. You may recall from earlier reports that the FBI wants Apple to develop software (Apple calls it GovtOS and claims it would weaken the security of iOS) in order to get risk-free access to the iPhone used by one of the San Bernardino shooters (via the Guardian).
In its formal rebuttal to Apple, the DOJ wrote that the “FBI cannot itself modify the software” on the seized iPhone. To do that, it needs the source code and Apple’s private electronic signature.
“The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”
That’s a rather interesting alternative, because it would give the FBI the ability to write a version of iOS which could modify Syed Farook’s iPhone. But things don’t stop there: With this in hand, the FBI could release software updates that look like real software releases from Apple and perform man-in-the-middle attacks on targeted devices by intercepting the net connection of the device.
The filing cited a precedent set by Lavabit: The FBI attempted to force Lavabit’s owner, Ladar Levison, to hand over the encryption key for his email service so they could monitor emails sent by NSA leaker Edward Snowden. The service abruptly shut down after the owner announced his refusal to become “complicit in crimes against the American people.” Levison was sanctioned for contempt of court as a result.