Hacking

FBI Would Rather Crack Terrorist’s iPhone Itself

On the eve of a court showdown with Apple over unlocking the iPhone of one of the San Bernardino shooters, the FBI put its case on pause Monday to pursue an attack method that could allow it to crack the phone without Apple’s assistance.

After reviewing the FBI’s request for postponement of oral arguments in the case, a U.S. District Court in California ruled that good cause had been shown by the government for the delay and ordered it to file a status report with the court on April 5.

While the FBI has been saying for weeks that it could not compromise the password on the phone used by Syed Rizwan Farook without Apple’s assistance, that apparently has changed, giving rise to speculation about how the agency may defeat the phone’s security.

Debug Attack

The FBI wanted Apple to write software to change the policy on the phone that limits the number of wrong password entries to 10. That policy also erases all data on the phone after 10 wrong attempts.

“You can always attack the phone while it’s running. There are hundreds of people in the world, if not more, who can do that,” said Rod Schultz, vice president of product at Rubicon Labs.

“They can attach a debugger to the device, and modify the instructions that are doing the policy check,” he told TechNewsWorld.

The password also could be recovered through a technique known as NAND mirroring, which requires making a copy of the phone’s memory. Then, after 10 wrong password guesses erased the phone’s contents, the memory would be reloaded into the phone and the FBI could take 10 more tries at cracking it. That process would be repeated — there are a possible 10,000 combinations for a four-digit password — until the password was discovered.

“It’s complicated and it’s slow, which is why the FBI didn’t want to do it,” said Chet Wisniewski, a security advisor with Sophos.

Skepticism Over FBI Move

A riskier approach would be to slice open the chip inside the phone. Then an electron microscope could be used to find the encryption key for the phone.

“It’s been done with simpler devices,” Wisniewski told TechNewsWorld, “but it’s never been done with a iPhone because it’s extremely complicated.”

Since the methods for accessing data on a locked iPhone have been known for some time and have even been demonstrated at hacker conferences like Black Hat, the FBI’s sudden discovery of a method has been greeted with doubt in some circles.

“Those of us who are watching both the technology arguments and the legal arguments are somewhat skeptical of the claim that the FBI suddenly discovered they could get into the phone,” said Mike Godwin, general counsel and director of innovation policy at the R Street Institute.

The FBI may have had other motives for requesting the delay, he suggested.

“The legal arguments that Apple produced were quite strong,” Godwin told TechNewsWorld. “I think the FBI was worried it was going to lose based on the legal arguments.”

Cutting Losses

By delaying oral arguments in the case, the FBI could be doing damage control on a situation that otherwise could hurt it down the road.

“If you’re going to lose a legal argument, and you have a way out of losing that argument that will set a precedent against your agency for a long time, maybe you’ll seize upon it,” Godwin said.

If the FBI has found a novel way to crack an iPhone, should they tell Apple about it?

The government may have no choice but to reveal its methods, not only to Apple but to the world, noted Philip Lieberman, CEO of Lieberman Software.

“The method of cracking into the phone will be disclosed as part of the legal process to allow the information to be entered as evidence,” he told TechNewsWorld. “The provenance of the device, its data, and its access will be part of the court record.”

Public Policy Question

Even if the FBI should crack Farook’s phone without Apple’s assistance, the issue of what to do about high-tech companies protecting their customers’ data with strong encryption that can’t be penetrated by law enforcement agencies isn’t going to go away.

“The government can mandate people create weaknesses in their key management and the policies around their keys, but no sane technology company is going to follow that if they don’t have to,” Rubicon’s Schultz said.

Customers will seek the strongest encryption without regard for government mandates, he added.

“It’s possible that the strongest encryption may come from another country, because they’ll take advantage of a U.S. policy choice to intentionally weaken encryption,” Schultz pointed out.

As for Apple, its public stance is that the issue must be settled outside the courts.

“Tim Cook has never said Apple will never cooperate with the FBI,” observed R Street’s Godwin.

“What he’s said is that if you’re going to require our company to assist and create technology for the FBI, then that is a public policy discussion that needs to happen,” he explained. “It needs to happen in public and not in a courtroom or judge’s chambers.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

Technewsworld Channels