The issue is the precedent that is made. Once they create the special firmware, even if it is locked to one device, they have stated that law enforcement have already told them they have hundreds more devices they want unlocked. They would have a much easier time going to court and compelling Apple to resign the existing special firmware they made to work on these other hundreds of devices. Apple could no longer argue they had to create something to fulfill the warrant, since it was already created.

From what I can tell the UDID lock is not actually secure enough and is not designed to be a critical path around the encryption algorithm.

An earlier comment with more technical detail: https://news.ycombinator.com/item?id=11141499

UDID lock is good enough for tying development builds to specific devices but is not an unbreakable guarantee the software cannot be run on another device.

No, I proposed 3 different ways of hacking the UDID in that comment. 1) disrupting the read of ECID in transit, 2) re-writing ECID by hacking the BPP, 3) a SHA1 hash collision. Any one of the 3 will do.

Even then you cannot "flash anything" to the phone. But you can flash a build signed by Apple which hard-codes a UDID check.

Only certain parts of the hardware responsible for key storage and verification are architected to be resilient against physical and electronic attack, but the entire phone is not.

For example changing the WiFi or Bluetooth MAC is not locked down and effects the UDID. Because the UDID was never intended to be a way to bypass the device encryption it was not designed with anywhere near the same level of care and sophistication as handling the encryption key itself.

...and they give it to the FBI who then changes that ID as they please? Remove signing altogether? Its the fear of a blank check that drives this issue.

No – iOS is signed, and changing the ID would invalidate the signature.

Taking the private key from Apple with a warrant, national security letter, subpoena, or other methods is much easier than creating a custom version of iOS.

It is foolish to assume that the FBI would stop at this special version of iOS, especially given how they have been arguing and fighting to break encryption for over two decades.

edit, on icebraining's interpretation:

That's exactly right - once the difficult part about targeting an individual phone is finished, it's easy to take the iOS signing key and target any device you want.

I think it's meant taking the key used to signed that custom version of iOS. That is, if the FBI can force Apple to write the custom version, they can also coerce the key from them to sign their own copies, preventing your suggested blocking mechanism.

This is what I understood, at least, from the parent's post.

And can Apple guarantee that the ID can't be changed inside the device? If they can't it makes a lot of sense for Apple to refuse creating such a tool.

The ID can be easily changed. A quick Google search will easily confirm this.

The question is can you change one devices ID to exactly match another. This might require hacking the BPP or finding a SHA1 hash collision, both of which are absolutely possible but not necessarily trivial.

Pretty much, as far as I'm aware; the device ID cannot be changed. Bear in mind that this entire discussion is applicable only to older iPhones, in any case.