0

I am interested in the recent Apple case where FBI wants to get access, but they say it's not technically possible other than creating a new OS (or I guess just modifying the existing one). More details of Apple response is here.

What I do not understand is how is it not possible to brute-force the password? If you type it in the screen, then there is a limited number of attempts, right. But the password has to be stored somewhere for verification (even if it's KDF or something). Can't FBI extract the hash from the hard drive and start their brute-force? I guess their colleagues from NSA can help them with that and if password is not too good, it won't take too long.

Ilya Chernomordik
  • 2,257
  • 1
  • 22
  • 36
  • http://crypto.stackexchange.com/q/32886/991 ​ ​ –  Feb 23 '16 at 12:05
  • See http://security.stackexchange.com/a/115274/89876 for a detailed explanation of how the encryption works - the question title is slightly different, but the answer covers the points you raise. – Matthew Feb 23 '16 at 12:11
  • [This question](http://security.stackexchange.com/q/115044/49075) is also relevant. ​ ​ –  Feb 23 '16 at 12:31
  • I still did not quite understand the answer to the question, even though there is lots of good info: FBI wants Apple to make software that will remove 10 tries limitation. Now why won't they just directly connect to the hardware and run whatever software they want (with as many tries as they want)? – Ilya Chernomordik Feb 23 '16 at 13:12
  • @IlyaChernomordik It's impossible to comment or answer how a specific company or organization is thinking. The only people who know the answer to "Why doesn't Organization X do Y" is Organization X. – RoraΖ Feb 23 '16 at 14:20
  • Well I was actually asking about why FBI can't do it :) – Ilya Chernomordik Feb 23 '16 at 14:40

1 Answers1

1

It can or some theorize it can. Let me explain you first what ntp is ntp is a protocol which deals with time and in fact this is how phones/computers know what time it is. Theoretically you can spoof the ntp packets changing the time of the phone. And possibly the phone every time it authenticates to an access point (wifi) It updates the time

So by spoofing ntp responses and deauting the phone from the AP, in theory you can move time allowing you to have infinte attempts. since you can do two attempts move the time a bit and then try again since the phone resets the recorded tries after a certain amount of time has passed

And it works I have done this on an windows phone but I can't tell for the iPhone Stay safe

Storm Kavlie
  • 111
  • 5
  • Well, I see you can try to spoof the time, but why do you need that at all? Can't you connect to the hardware that runs the decryption and start brute-forcing it instead of relying on IOS to do it? – Ilya Chernomordik Feb 23 '16 at 13:50
  • You can't since the code is stored in the silicon. And you can't access the code without going trough the proper steps and API calls –  Storm Kavlie Feb 23 '16 at 13:52
  • Presumably, it would take the possible OS change to switch the delay from the phone's own timer to ntp, since my brief skimming didn't spot any reference to the FBI wanting Apple to spoof ntp. ​ (I also didn't see any reference to ntp being relevant, but am just assuming you're right about that.) ​ ​ ​ ​ –  Feb 23 '16 at 14:08
  • @IlyaChernomordik : ​ The "hardware that runs the decryption" is what imposes the delays. ​ ​ ​ ​ –  Feb 23 '16 at 14:10
  • Ok, the delays are imposed by hardware, but the wipe-out is the software right? Even with delays it won't take too long for few digit pin – Ilya Chernomordik Feb 23 '16 at 14:12
  • I am not speaking about how FBI wants to do it. Just an possible way to do it. Ntp is just for moving the time so nothing to strange I don't know for the iPhone but windows phone updates it's time every time it is connected to a new wlan which makes it vulnerable to this kind of bruteforce –  Storm Kavlie Feb 23 '16 at 14:48