One of the FBI’s Major Claims in the iPhone Case Is Fraudulent

TL;DR: "they're asking the public to grant them significant new powers that could put all of our communications infrastructure at risk, and to trust them to not misuse these powers. But they're deliberately misleading the public (and the judiciary) to try to gain these powers. This is not how a trustworthy agency operates. We should not be fooled."

I have to say, whoever at the FBI decided this was the right case to push their new doctrine, could have done his&#x2F;her homework a bit better. Technically speaking, this is the last iPhone you can actually crack <i>without</i> assistance from Apple. They are making it harder for themselves. They only have to wait for another major incident, retrieve (or plant, why not) an iPhone 6 from the scene, and do it again, this time <i>for real</i>.<p>Unless they are trying to pre-empt something else (like the recently-touted shift to &quot;devices even we can&#x27;t access&quot; from Tim Cook, which may or may not be simple advertising), they just picked the wrong time to stir this particular pot.

Heck, the FBI could also disable writes to the chip, or simply interpose some logic that pretends to write, but actually doesn&#x27;t (a non-write-through cache :-) ).<p>That is, if the secrets in question are on that NAND chip.

Interesting technique, but it doesn&#x27;t remove the long interval between permitted passcode attempts - an equally important problem for brute-forcing.<p>So the FBI would most likely still require Apple&#x27;s assistance in this.

Apple said that could sync the data if the AppleID password wasn&#x27;t changed. Can Apple just revert the AppleID account on their servers to a backup with the old password hash (or however it is stored)? Why wouldn&#x27;t this work? Has something on the phone changed because of the password change or is Apple unwilling or unable to revert the AppleID account?

It seems like there are several articles and security experts out there explaining how to recover data from a locked iPhone as if it were a cakewalk but where is one example of a complete soup-to-nuts case study on unlocking the same model phone as the San Bernardino shooter?<p>If you want the American public to believe the FBI is making fraudulent claims, show demonstrable proof that it can actually be done instead of all the talk and theories.

The device is evidence, so all of you saying they can just start desoldering things and such need to think about that. What is the first thing a defense attorney would say if the data were to be used in a criminal trial? That&#x27;s right, &quot;the FBI replaced the memory chip on the phone with one they wrote their own copy of the data to.&quot; That is only after they potentially permanently damage the device and data.

I think this makes the FBI look dumb, but I don&#x27;t think this really helps them either.<p>If the NSA did this for espionage it&#x27;s one thing, but I&#x27;m curious as to whether substantially modifying the iPhone in this way would stand up in court.... How would the police assert that they preserved evidence after doing this?<p>I was involved in a drawn out case challenged the validity of data recovered from backup at great. That was easy to assert with normal IT people, and yet it took weeks to litigate. Couldn&#x27;t imagine how this would go.

I wonder if the FBI has checked for any ways to circumvent the passcode screen using software bugs.<p>Edit: Not sure why I got downvoted. I can currently circumvent my keyboard passcode with a number of steps, and I&#x27;m on iOS 9. Steps to try for yourself:<p>Edit: Ok I&#x27;ve been tricked. The steps below are unnecessary as the first step actually unlocks your iPhone in the background. ¯\_(ツ)_&#x2F;¯ The fact remains though that these bugs have existed in the past and may exist on the device the FBI wants to unlock.<p>1. Invoke Siri, &quot;what time is it?&quot;<p>2. Press the time&#x2F;clock that is shown<p>3. Tap the + icon.<p>4. Type some arbitrarily long string into the search box. Highlight that text and copy it.<p>5. Tap on the search box. There should be a share option if your device is capable. Tap the share option.<p>6. Share to messages.<p>7. Press the home button.<p>Congrats, you&#x27;re more effective than the FBI.

This reminds me of the republican congressman from Cali, Issa, telling the FBI in very technical terms (inserting in between that he could be completely wrong) the exact same thing mentioned in this article. I&#x27;m unsure if the author was inspired by congressman Issa or if he came to it by his own accord.<p>More over, what&#x27;s more fascinating is, some people may say it&#x27;s privacy v security and the fight for terror. But what has emerged from the last few weeks is multiple reason why the FBI should not win in court, regardless of your perspective of terror. It&#x27;s been very clear from day 1 that the intentions of the FBI are vicious and non-genuine, and with every passing day, more people are finding out.

I wouldn&#x27;t be so sure the FBI knows this. Apple certainly does -- if they told the FBI, why didn&#x27;t they also put that in their letter?

Seems like a pretty articulate explanation of what is going on here. Of course I realize that my confirmation bias will cause me to see articles more in line with my way of thinking as &#x27;right&#x27; but I&#x27;ve also worked with NAND flash devices and believe that the chip[1] they use in the phone does not have any sort of protections on the NAND flash itself, you should be able to just drop it into a test fixture and read it out.<p>[1] <a href="http:&#x2F;&#x2F;toshiba.semicon-storage.com&#x2F;info&#x2F;docget.jsp?did=15002&amp;prodName=TH58NVG4S0FTA20" rel="nofollow">http:&#x2F;&#x2F;toshiba.semicon-storage.com&#x2F;info&#x2F;docget.jsp?did=15002...</a>

Anyone else a little surprised that apples security feature here is so easy to sidestep? I&#x27;d have thought, in the least, that any such keys were stored in the main processor without external read&#x2F;write capabilities.

From the sound of various blogs, articles, etc., it sounding like the FBI doesn&#x27;t have anyone who has technical expertise in this area (or if they do, those persons are being kept buried). While the court case is important to the FBI (and very wrong to the public), the technical details of breaking into an iPhone should not have been an issue for them.<p>I&#x27;m starting to think no one is driving the clown car in their technical division.

&gt; If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it.<p>Sounds like a better hack would be to interpose the flash memory interface with a RAM cache that simulates writes without modifying the original flash data. Then they can hammer away at brute forcing it without the delay of reburning the flash.

The ACLU is not wrong, they are right in the <i>technical</i> sense.<p>But I very much doubt you would practically manage to remove that NAND chip and replace it very often on that umpteen layer ultra thin board. Instead, remove it once and stick it in a test fixture, then try brute forcing it.

Sorry about the slight OT, but what truth is there in this statement I was presented with?<p>&gt;Even if an iPhone is locked, all of that encrypted data can technically be read easily so long as the phone had at least been unlocked once since the time it was booted up.<p>Obviously I think it&#x27;s a nonsense, but I have no way of disproving it (even though the burden of proof is on the claimer, naturally).<p>Edit: OK I found this <a href="http:&#x2F;&#x2F;www.darthnull.org&#x2F;2014&#x2F;10&#x2F;06&#x2F;ios-encryption" rel="nofollow">http:&#x2F;&#x2F;www.darthnull.org&#x2F;2014&#x2F;10&#x2F;06&#x2F;ios-encryption</a> so never mind, I guess...

This attack was already widely discussed here, last week: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11199093" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11199093</a>

Maybe their exists experts that can get this right every time but there are significant risks to damaging a chip desoldering and resoldering. It&#x27;s not just removing a through hole capacitor.

Never attribute to malice that which can be attributed to stupidity. Some engineer probably told upper management they couldn&#x27;t decrypt the phone because the software would erase all data. Maybe because they didn&#x27;t know, or didn&#x27;t want to, but still this has blown out of proportion.<p>To be clear I don&#x27;t think apple should compromise the phone, just that this is not a long con by the FBI to compromise all phones.

the most frustrating part of this whole thing is the multi-headed response by various agency chieftains. fbi says one thing. nsa says another. former generals say another.<p>am i crazy to want the president step up and say: &quot;our position as a government is: x&quot;? there&#x27;s no&#x2F;no way this has escaped his notice. isn&#x27;t that part of the job description of &quot;leader of the free world?&quot;

Relevant grant from the Department of Homeland Security from 2011: <a href="https:&#x2F;&#x2F;www.sbir.gov&#x2F;sbirsearch&#x2F;detail&#x2F;361729" rel="nofollow">https:&#x2F;&#x2F;www.sbir.gov&#x2F;sbirsearch&#x2F;detail&#x2F;361729</a><p>I&#x27;m surprised someone at Uni hasn&#x27;t made demonstrating this exact attack a class project.

What strikes me as odd in all those analysis is that they all assume that the FBI is not expecting that weakened security will mean that there will be far more difficult to address crime -- i.e. far more on their plate.

I don&#x27;t know why this case is getting so much attention when it&#x27;s readily apparently the FBI could just get everything off the phone with a cellebrite &amp; call it a day.

&gt; Why the FBI can easily work around “auto-erase”<p>If it&#x27;s so easy, then the ACLU should have no problem demonstrating it with an actual iPhone 5c.

How practical is it to remove-restore-replace the NAND chip every 10 tries if you have to search through millions of combinations?

so john mcaffee was right?

This is really annoying. I wrote a blog post last week making this exact same point, posted it here, and it promptly got flagged to death, most likely by the same people who were commenting that I was &quot;absolutely, totally wrong&quot;.<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11199093" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11199093</a><p>Nice to be vindicated though.

Obligatory ACLU and EFF donate links, &quot;Freedom isn&#x27;t free&quot;:<p><a href="https:&#x2F;&#x2F;action.aclu.org&#x2F;secure&#x2F;become-freedom-fighter-join-aclu" rel="nofollow">https:&#x2F;&#x2F;action.aclu.org&#x2F;secure&#x2F;become-freedom-fighter-join-a...</a><p><a href="https:&#x2F;&#x2F;supporters.eff.org&#x2F;donate" rel="nofollow">https:&#x2F;&#x2F;supporters.eff.org&#x2F;donate</a>

This article seems wrong to me. I don&#x27;t know a ton about the iPhone&#x27;s specific implementation. That said, I was under the impression that these systems all worked similarly to the PC&#x27;s TPM. Essentially, the encryption key is stored in a chip that acts as a black box. That chip is manufactured in such a way that makes it extremely difficult to extract data from. You can&#x27;t simply copy it. You&#x27;d have to take it apart, inspect it with a microscope, and hope you don&#x27;t destroy the data in the process.<p>The OS should set the security level initially. The TPM would enforce it. You can&#x27;t modify the OS to make an attempt without it counting against the initially configured limit.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Trusted_Platform_Module" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Trusted_Platform_Module</a>

With 14 million combinations just in a 4 character alphanumeric(upper&#x2F;lower&#x2F;numbers) password, I would think they would start to encounter flash reliability issues re-writing this &quot;Effaceable Storage&quot; long before the password could be broken.<p>This would also slow down their attack considerably.<p>I disagree that the claim is fraudulent.

<i>&quot;The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.&quot;</i><p>Right. They <i>could</i> do this, and risk destroying the device, or they could ask Apple to do the easy, reliable thing, and just install a build on this phone that allows brute-force attacks.<p>Given that Apple has a long history of complying with these kinds of requests for valid search warrants, and that this situation is about as clear as it gets when it comes to justifiable uses of government investigatory powers, it&#x27;s obvious why they&#x27;re taking the latter approach, and not the former.<p>There&#x27;s a legitimate privacy debate in this case, but this isn&#x27;t it.<p>Edit: I&#x27;m just stating facts here, folks. Downvoting me won&#x27;t change those facts, or make the government change its tactic.