GovtOS vs iOS - the Fuzz Hackability Simulator

The FBI is asking Apple to create an operating system (GovtOS) that would allow them to brute-force the passcode entry of the San Bernadino phone.

A brute-force attack is simply trying every possible combination until the correct passcode is found. On standard iOS there are measures to protect against this approach in the form of progressive delays after entering incorrect guesses. On GovtOS, the delays would be removed and there would be no limit to the number of guesses. Assuming a 4 digit numeric passcode (by far the most common setting), there are 10,000 possible combinations. Try your luck at unlocking both OS's below. If you're lucky enough to unlock iOS, send us the passcode and we'll send you a Fuzz shirt (while supplies last).

iOS

[[correct]]

Enter Passcode

[[n]]
Delete

You've been locked out for
[[locked / 60000]] minutes

You got it!
Email hello@fuzzproductions.com with the passcode and get a FUZZ sweatshirt.

Output:

Target:

Bad attempts: [[badattempts]]

GovtOS

Enter Passcode

[[n]]
Delete

You got it!
Email hello@fuzzproductions.com with the passcode and get a FUZZ t-shirt.

Output:

Target:

Bad attempts: [[badattempts]]

Notes

  • It takes 80ms to evaluate the passcode input. The simulation exaggerates that delay.
  • Additionally, iOS imposes escalating delays in response to bad passcode input. GovtOS does not.
  • Because the cryptographic algorithm takes a hardware device ID as a parameter, the FBI wouldn't actually be able to crack the phone in a virtual setting like the one we've presented above.
  • Would this operating system allow the FBI to crack newer devices? No. The iPhone 5s and all devices since come with a processor on the A7 & A8 chips called the Secure Enclave (read more).
  • The Secure Enclave runs its own operating system which is responsible for all cryptographic operations. This operating system may not be altered.
  • GovtOS, which removes the security protocols from iOS, would have no effect, as these security protocols are built directly into the Secure Enclave on newer devices.