Article Lead Image

John McAfee’s plan to hack the iPhone for the FBI might not be crazy

What a time to be alive.

 

Aaron Sankin

Tech

Posted on Feb 18, 2016   Updated on May 27, 2021, 4:54 am CDT

Anti-virus company founder, extremely long-shot presidential candidate, and hard-partying eccentric John McAfee has an offer for the federal government.

Earlier this week, the Department of Justice ordered Apple to create a software package that would allow government officials to unlock an iPhone belonging to one of the terrorists who carried out the San Bernardino shooting. Apple CEO Tim Cook labeled it a “backdoor” that would weaken the security of every iPhone in existence. Cook vowed to fight against the federal government’s demand, creating a legal standoff.

Into the fray rides McAfee with an op-ed in Business Insider where he offers to hack Apple, give the government what it needs to access this specific smartphone, but ensure that U.S. officials don’t retain access to a universal backdoor that can be used to crack any of the company’s mobile devices.

“No matter how you slice this pie, if the government succeeds in getting this back door, it will eventually get a back door into all encryption, and our world, as we know it, is over,” McAfee wrote. “In spite of the FBI’s claim that it would protect the back door, we all know that’s impossible. There are bad apples everywhere, and there only needs to be in the US government. Then a few million dollars, some beautiful women (or men), and a yacht trip to the Caribbean might be all it takes for our enemies to have full access to our secrets.”

Asserting that—since his team of skilled coders and social engineers are far superior to those in government employ because, “the FBI will not hire anyone with a 24-inch purple Mohawk, 10-gauge ear piercings, a tattooed face, who demands to smoke weed while working and won’t work for less than a half-million dollars a year”—he could get access to the phone without Apple’s participation. McAfee pledged that, if he failed in this quest, he would eat his own shoe on Neil Cavuto’s Fox News show.

“So here is my offer to the FBI,” McAfee continued. “I will, for free, decrypt the information on the San Bernardino phone, with my team. We will primarily use social engineering and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a back door in their product, which will be the beginning of the end of America.”

The government is specifically asking Apple to install a software package on the phone that would override a feature that wipes the device of information after 10 incorrect guesses of the phone’s passcode. If that feature, an optional one that the San Bernardino shooter had activated, was disabled, law enforcement officials could guess passwords until the cows come home—a technique aptly called bruteforcing.

While Apple has unlocked iPhones for the feds 70 times before balking at this particular instance, what’s at stake here is fundamentally different. Instead of simply asking Apple to provide them with the data from a single phone, the FBI specifically asked the company to develop a tool to “bypass or disable the auto-erase function” that the government could use to do the bruteforce attack itself.

Apple’s concern is that, once the tool is in government hands, law enforcement officials could use it whenever they pleased or, as a worst-case scenario, it would fall into the hands of non-governmental hackers.

Will Strafach, the founder of the mobile security firm Sudo Security Group, asserts that what McAfee is proposing is technically possible. “Apple has made things very tricky to do this from userland, but this can be worked around by using either an iBoot exploit, a specialized hardware rig (only for 32-bit devices such as iPhone 5c!), or a more creative avenue (example: if the device can be tricked into reverting to inactivated state,” he wrote in an email to the Daily Dot.

Strafach doesn’t think the crux of the fight between Apple and the government is over technical issues because the device in question is an older model and therefore could be vulnerable to previously disclosed exploits. “This is very clearly about Apple not being the one’s to create a record of assisting with the decryption,” he insisted. “If this is not about precedent to the FBI, and really is about this one unit, I don’t see why [the government] would not take up John on his offer, or even pay a third party firm.”

“But it’s abundantly clear that the data on this one phone is not what’s important to the FBI,” he added. Strafach noted, however, that it’s unclear how social engineering could conceivably play a role in unlocking the phone and called that part of the claim strange.

McAfee worked as a computer programmer for NASA before founding his eponymous anti-virus software company in the late 1980s. He resigned from the company in 1994 and cut all ties soon thereafter. That firm was bought by Intel in 2010 and removed McAfee’s name from its cybersecurity product in 2014.

McAfee has launched a number of business ventures since the mid-1990s, most recently a tech incubator called Future Tense Central, but he is best known for his erratic behavior, including being sought in Belize as a “person of interest” in a murder case, as well as being arrested for a DUI and gun possession in Tennessee.

Last year, he announced he was running for president with the Libertarian Party on a platform emphasizing cybersecurity.

Representatives from Apple did not respond to request for comment. 

Update 9:27am CT: The story has been updated to include Strafach’s comments about the feasibility of social engineering.

Illustration via Max Fleishman

Share this article
*First Published: Feb 18, 2016, 10:49 pm CST