FBI successfully hacked iPhone and they wont disclose how it got data from seized San Bernardino shooters iPhone.
The iPhone has been at the center of a bitter dispute between Apple and the Federal Bureau of Investigation. But that legal battle—in which a judge last month had ordered Apple to write code to assist the authorities in unlocking the phone—came to a seemingly abrupt halt late Monday when the government said it “successfully accessed the data” on the phone without Apple’s assistance.
As Apple has issued a statement, saying the company is committed to continuing its fight for civil liberties and collective security and privacy.
The full statement (via Verge) from Apple reads:
From the beginning, we objected to the FBI’s demand that Apple builds a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.
We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.
Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.
This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion.
At the time, Apple said it did not know any way to gain iPhone’s access but hoped that the Feds would share with them any information of loopholes that might come to light in the iPhone.
Although the technique the FBI used to crack the iPhone is not disclosed and likely will not be any time soon, several experts suspect it involved NAND Mirroring.
Nand Mirroring is a technique used to copy the contents of the phone’s NAND memory chip and flash a fresh copy back onto the chip when the max number of attempts is exceeded. It is believed that Israeli firm Cellebrite was potentially working for the US government to unlock iPhone.
However, there are more than one theory on to how FBI hacked iPhone.
1) NAND Mirroring
This involves fiddling with hardware, but it’s not nearly as destructive as other options. Forensics expert Jonathan Zdziarski has a great description on his blog:
Most of the tech experts I’ve heard from believe the same as I do – that NAND mirroring is likely being used to some degree to brute force the pin on the device. This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip. This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, they’re trying different pin combinations. It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.
2) Hacking Microprocessor
One way the FBI could extract the data it wants from the iPhone is manually taking the phone apart and using something like a focused ion beam to access its UID key on the phone’s microprocessor. The UID is critical for brute-forcing the phone’s password, since the unlock code is enmeshed in the identifier data. This is a method Edward Snowden suggested at a recent talk.
3) NSA unlocked iPhone
The FBI hasn’t directly answered an obvious question during this fight: Why didn’t it just ask the NSA? FBI Director James Comey told Congress the NSA was not helping.
There’s a good reason why the FBI might not ask the NSA: It is advantageous to the FBI to set a legal precedent here by forcing Apple to cooperate. If the FBI had won this fight, it would’ve had a strong precedent for conscripting tech companies to assist in dismantling their security in the future. That said—what if the NSA did help?
4) CSI Cyber did it
I mean by all means they are quite impressive in tele. So why not?
By far, NAND Mirroring is the best scenario because this method would allow the FBI to try an infinite number of guesses for the passcode. It also doesn’t risk permanently destroying the phone.
The Justice Department suggested it would keep seeking unorthodox means of getting information, including through the courts when needed.
“It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails,” Justice Department spokeswoman Melanie Newman said.
“We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors.”
Won’t they need to disclose the method in court to use the data or any evidence derived from it? And shouldn’t the method leave the original chip intact so it can be independently verified? Otherwise they can basically say whatever they want and that’s it.