Originally Posted by Ataturk
So based on what I've read it sounds like Apple's encryption is not secure in and of itself, but it just relies on the complexity of their proprietary software/hardware, and on their refusal to cooperate in bypassing it.
If that's the case they're probably going to lose and lose hard here. But it doesn't undermine encryption -- real encryption. Apple's products are only done this way to let people use short passwords.
I disagree. I'd say this means Apple's encryption is pretty dang secure. With most consumer levels of security, physical access trumps all. If you have the device in hand, it is only a matter of time before they are in--especially with FBI/NSA types.
The fact that they are getting a court order on Apple means they *can't* do it themselves.
Basically, they think it is likely possible to break in (via brute force though, not actually breaking the encryption) but they need a few things. First and foremost, they need Apple's own encryption key that they use to sign the updates. Without Apple providing that (or the FBI cracking it), the phone will not accept the update. Maybe there would be some other exploit that would allow them to inject unsigned code, but that might also run the risk of bricking the device, so it is a no-go here.
Second, they need Apple's expertise and access to the source code and testing facilities. If you want to do this without bricking the device--you need an update that works flawlessly because you only get one shot.
The only real flaw I am seeing in Apple's security right now...is that it doesn't require authentication to install an update. I understand there might be a need to enter a recovery process on a damaged phone, but it seems to me that when placed in encrypted mode, if you can't provide the password, the phone should be wiped before installing any sort of software update.