7

Making the news rounds now is a story about the courts ordering Apple to disable the automatic deletion of data after 10 failed password guesses.

What I don't understand is, why doesn't the FBI just copy the data from the phone? That way they can have unlimited tried to crack the encryption, or could just "restore" the data to another phone.

I'm not an iPhone user, so I might be missing something obvious here, but I don't understand why the FBI is blocked by this.

  • 9
    perhaps your underlying question is: Is it possible to copy an encrypted iPhone so that the password can be brute-forced? – schroeder Feb 17 '16 at 15:39
  • @M'vy You're second bullet point is a good one. I would think that the government should be able to at least subpoena Apple for the technical data on how each memory cell is read and written. That knowledge must exist within someone at the company to create the firmware in the first place. The FBI could then create their own memory reader and firmware once they have all the technical data that they need. Subpoenas typically require companies to hand over existing information so this shouldn't be too hard of a legal fight for the government. Like you said though, it might be a lot harder to act – user156225 Feb 19 '16 at 23:32
  • @user156225 Ultimately they don't want weaknesses or workarounds involving their security practices. And if one was found that allowed them to read/write to the memory for purposes of breaking security nothing is to prevent them from using such a method on other phones. This is exactly what Apple wants to prevent. So if that knowledge was/is within the company they wouldn't pass that information over. – Bacon Brad Feb 20 '16 at 00:10

3 Answers3

11

When trying to access the content of a hard-drive, you have to use the interface provided by said hard-drive. It usually comes with a firmware.

Currently, it is stated that this firmware will not allow data to be read without providing the correct password and that in case of 10 failed attempts, the data would be deleted.

To circumvent the restriction, you would have to :

  • rewrite the firmware with a less restrictive one, but the current one will not allow being replaced unless the new one is correctly signed with Apple keys
  • dismount the whole disks/ssd cells/whatever and put a new component to read from the storage. This requires very good knowledge on how the data has been written in the first place and eventually information that are store by the firmware in it's own memory (such as cell cycling for example). This operation can sometime be really difficult to perform, costly and might result in the destruction of the media.

Clearly the best way for any agency wanting to perform such hack is to ask for a new firmware, as it is easily replaceable and with no risk. Furthermore, the upgrade gets done by Apple themselves and not the agency.

The question about whether such agency are able to perform the latter solution remains open.

M'vy
  • 13,053
  • 3
  • 48
  • 69
  • I didn't realize the data wipe was done at such a low level! I figured it was at an application, OS or maybe driver level at best. I guess the FBI request makes much more sense, if the storage itself won't let you retrieve data without the PIN. – Ben Feb 17 '16 at 15:51
  • 1
    If it is not done at such a level, the question is void, cause you could dump all the data and work offline. – M'vy Feb 17 '16 at 16:10
  • 4
    @Ben: Sidenote: I don't think the data itself is wiped, but rather the decryption keys. With strong encryption, wiping the keys alone is effectively the same as wiping all of the data, only much quicker and easier (you don't have to write gigabytes of data - only a few kilobytes) – loneboat Feb 17 '16 at 20:59
  • @loneboat, I see, so it's a hardware unit that allows retrieval of sensitive information (decryption keys) with a PIN. I can see why that would be hard to defeat without cooperative firmware! All the jabber in the media about a "new version of iOS" and such was very confusing. I had assumed it was more akin to a website restricting the user to 5 login attempts before lockout, and was wondering why they even bothered with the official login channel when they had physical access to the device. I suppose this is one scenario where physical access doesn't help much, amazingly enough. – Ben Feb 17 '16 at 21:04
  • 2
    @Ben: Yes, crypto "done right" still lets you sleep at night even if the bad guys (or FBI in this case) get your hardware. The issue here is that the encryption keys are protected by a 4-digit PIN (basically a "mini-password"), which is easy to brute-force. In order to counter this, Apple wipes the stored encryption keys after some X failed attempts. What law enforcement is requesting is a new firmware which allows infinite attempts. They have also asked for some facility to run through the brute force quickly (rather than paying some FBI intern $15/hr to hammer through all 10k possibilities) – loneboat Feb 17 '16 at 22:13
  • 2
    In a properly designed system "rewrite the firmware with a less restrictive one" does not allow to circumvent the restriction even if you do have a new one correctly signed with Apple keys - since the old firmware can (and, AFAIK in the particular case of iPhone, does) require to either authenticate properly or irrevocably delete the encryption keys before writing the new firmware. Also, physically dismembering data storage and reading it will only reveal encrypted data, in order to retrieve the encryption keys you'd have to physically analyze the CPU/'HSM'/etc chip which is trickier. – Peteris Feb 18 '16 at 00:07
  • Wait, this is a firmware issue? Do you have a source that says that is the layer being talked about? I hadn't heard that anywhere. To me, it would seem preferable for Apple to develop one of the latter solutions--after all, you can stick a piece of hardware in a vault somewhere and worry less about someone stealing it – Frank Mar 01 '16 at 18:35
  • I'm no apple expert, but I expect hardware to be involved in this, otherwise it makes no sense since the key would be recoverable and brute forced. – M'vy Mar 02 '16 at 08:45
  • Would it matter whether the firmware upgrade got done by apple or someone else? I would imagine a sophisticated attacker like the FBI could just copy that firmware and install it on other devices (as it would be signed by apple themselves anyway), what would be the issue afterwards? – Gamer2015 Jul 18 '21 at 19:59
  • Is it not possible to extract details that are stored on the firmware itself, like the cell cycling, anyway? Everything that is necessary for the decryption process has to be stored in a place where it is not encrypted. As far as I know it is not yet possible to hide data in the executable itself, what are the issues here? Is it just hard to read the firmware itself or is it the decompilation of the firmware that's the issue? – Gamer2015 Jul 18 '21 at 20:04
  • This is likely to be dependent on the implementation of the firmware, and I am certainly not aware of what it is. – M'vy Jul 19 '21 at 10:57
1

Regardless of the firmware, it should be possible to read the bits on a drive so that you can image it with an external device to measure magnetism on standard hard drive or the charge of the NANDs on an SSD. It would be time consuming but yield an image of the the encrypted drive that would not be subject to the auto-erase function of the Apple firmware. You could then go about brute-forcing it, which is no small or short task. The real issue here is timeliness. I am sure the resources of the US government are very capable of cracking that phone. It may already have done so, but the weeks to months it may take are too long (at least in its eyes) if it is trying to stop an imminent threat.

JoePete
  • 11
  • 1
  • The US (or anyone) cannot crack the phone if you only have the encrypted data. The encryption is AES 256, so it is not possible to decrypt without the keys. It would take billions of supercomputers billions of years. – TTT Feb 20 '16 at 02:52
  • 1
    @TTT If it were a properly generated (i.e. random) AES key, I would agree. But (I'm guessing) this key is some sort of hash of a 4-digit PIN. As long as you know the procedure by which PINs are mapped to keys (which Apple should), I'd think it would be trivial to brute-force the key. – Frank Mar 01 '16 at 18:44
  • 2
    @Frank - I agree with you- once you are properly setup to be able to brute force the pin (not the way the FBI is asking Apple to do), then it would be trivial- perhaps only taking a few seconds. But to get setup to do that they would need to extract the device ID, which is not trivial, though some suggest it's technically possible. See the updates to this question for details: http://security.stackexchange.com/questions/114897/apples-open-letter-they-cant-or-wont-backdoor-ios This answer though seems to be suggesting that the AES encryption can be cracked, rather than extracting the device ID. – TTT Mar 01 '16 at 19:59
  • Also, my first comment is slightly misleading in that billions of supercomputers and billions of years won't cut it. There isn't enough energy in the known universe to brute force AES-256. – TTT Mar 01 '16 at 20:01
0

I'd suggest following this guide published by BlackHat https://www.blackhat.com/docs/us-14/materials/us-14-Oh-Reverse-Engineering-Flash-Memory-For-Fun-And-Benefit-WP.pdf

Remove the flash ssd chip and copy data as described above article. Once all flashed data is safely stored. Build a replacement hardware connection that behaves similar to flash ssd chip except it access your copy... if helpful maybe no-op the write although I can imagine that may cause issues but worth an attempt. No matter we have copy of the encrypted data to restore from. I'm not an Computer Engineer but I think you could use a Field Programmable Gate Array for purpose of quickly creating our emulated flash ssd chip. https://en.wikipedia.org/wiki/Field-programmable_gate_array

As I understand it using the same iPhone would be key as there is a UID burned into the CPU which is used with the user's passcode to create the encryption key. As I understand you can't read the UID only the CPU can use it so using the original phone is key. So with our special flash ssd emulator and copy of the data we can keep trying repeatedly without worrying about the data being wiped as we can just restore it repeatedly. Given that the user most likely used a 4 digit pin brute forcing is probably likely. Good reason to use a strong password. :)

Probably want to work out the mechanics of this on a test iPhone to ensure our cracking process works. There might be other updatable storage which might clue the device into our tampering. So just repeat same process with that storage hardware item. I think it is all pretty doable when you have possession of the hardware (iPhone). Possession makes defeating the security more likely according to Information Warfare a graduate course I took online from Iowa State. There maybe some reason why what I've outlined won't work but that doesn't mean that the next hurdle can't be overcome once understood.

I'd really be curious to know if Apple has gone the extra mile and paid computer engineers and security experts (other than ones developing the security) to try to crack their phone. Often desire for new features are way important to companies like Apple than security. I've never worked for Apple but my experience as a developer has given me above opinion. I wish I was allowed more time to focus on security of code I've worked on. :) It can be as rewarding as developing user features.