A group of three news outlets, including Gannett, the Associated Press and Vice Media, filed a lawsuit today against the FBI on grounds relating to the bureau’s decision to keep its method of hacking into San Bernardino shooter Syed Farook’s iPhone a secret. The news organizations are looking for more information about how exactly the FBI entered the iPhone, what “outside party” helped with the process, and how much the government paid for it (via USA Today).
Gannett, the AP, and Vice Media have each sought details on the hack under the Freedom of Information Act, but the FBI denied the requests, arguing that “revealing the records would imperil its enforcement efforts.” Now the organizations are teaming up and asking the court to force the FBI to release the requested information.
While the security drama swirls, University of Cambridge researcher Sergei Skorobogatov has released proof countering the FBI’s claim that it couldn’t get into Farook’s iPhone without Apple’s help. In his report (via Engadget), Skorobagatov detailed his process in bypassing the passcode retry counter of an iPhone 5c running iOS 9, which he said “does not require any expensive and sophisticated equipment.”
This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol. The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts. This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5c.
After removing the NAND from the iPhone — which requires “a temperature above 300 ºC…due to heavy heat sinking of the main PCB” — he created a backup of it and placed it onto a custom-built, special test board. To continue the NAND mirroring process, following a successful creation and verification of the backup copy, the original chip is placed back into the iPhone 5c, where the researcher entered six passcode attempts, and then power cycled the device. In total, the process takes 90 seconds each time, meaning the true password could feasibly be discovered in “less than two days.”
Once the phone is powered up and the screen is slid the passcode can be entered six times until the delay of one minute is introduced again. Then the process of mirroring from backup can be repeated again and again until the correct passcode is found. On average each cycle of mirroring for six passcode attempts takes 90 seconds. Hence, a full scan of all possible 4-digit passcodes will take about 40 hours or less than two days.
The fight between Apple and the FBI began earlier in the year when Apple refused to help the government unlock Farook’s iPhone 5c under the belief that it could set a fearful precedent for security and privacy moving forward. The FBI didn’t know what could potentially be on the device, but believed that any information gathered from it would potentially help move the case of the San Bernardino shooting forward in meaningful ways.
Although that particular case is over, FBI director James Comey said that he expects litigation over the encryption of mobile devices to continue, as encryption is “essential tradecraft” of terrorist organizations like ISIS. Technology and security have intersected more and more as smartphones grow more popular, with Comey also stating that WhatsApp’s new end-to-end encryption was already “affecting the criminal work [of the FBI] in huge ways.”
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Discuss this article in our forums