The San Bernardino terrorist suspect Syed Rizwan Farook used an iPhone 5c, which is now in the possession of the FBI. The iPhone is locked. The FBI wants Apple to help unlock it, presumably so they can glean additional evidence or information about other possible attacks. Apple has declined, and appears to ready to defy a court order. Its response is due February 26. So what’s the technology they’re fighting over?
The code to unlock the phone is known only to Farook, who is dead, and any confidants he may have shared it with. Even if he were alive, it would probably be difficult to get him to reveal it.
But phones are typically locked with a very simple personal identification number (PIN) of only four to six digits. That means, at most, there are a million possible PIN values. It’s straightforward to write a computer program that would methodically walk through all these possible values, trying each in turn until the correct one is found. Indeed, there even are products on the market that will do just this. Given that modern computers can execute over one billion instructions every second, even a conservative estimate says testing all one million PIN possibilities would take only about a second.
Ways to Ward Off Attack
One way to defend against this kind of break-in attempt is to do something drastic after multiple failures. For example, Apple deletes all data on the iPhone after 10 incorrect unlocking attempts in succession, if the user has turned on this feature. We don’t know if this defense is activated on Farook’s phone—but the FBI doesn’t want to gamble that it isn’t, turn out to be wrong, and watch the phone be wiped clean after 10 incorrect guesses.
