Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Government Iphone Privacy Security United States Apple

How The FBI Might've Opened the San Bernardino Shooter's iPhone 5c (schneier.com) 66

"Remember the San Bernardino killer's iPhone, and how the FBI maintained that they couldn't get the encryption key without Apple providing them with a universal backdoor?" Slashdot reader LichtSpektren quotes Bruce Schneier: Many of us computer-security experts said that they were wrong, and there were several possible techniques they could use. One of them was manually removing the flash chip from the phone, extracting the memory, and then running a brute-force attack without worrying about the phone deleting the key. The FBI said it was impossible. We all said they were wrong. Now, Sergei Skorobogatov has proved them wrong.
Sergei's new paper describes "a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9." The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts... Although the process can be improved, it is still a successful proof-of-concept project.
This discussion has been archived. No new comments can be posted.

How The FBI Might've Opened the San Bernardino Shooter's iPhone 5c

Comments Filter:
  • FBI was foolin' (Score:3, Interesting)

    by turkeydance ( 1266624 ) on Saturday September 17, 2016 @11:44AM (#52907727)
    they knowed how
  • by Jester998 ( 156179 ) on Saturday September 17, 2016 @12:10PM (#52907823) Homepage

    Is anyone REALLY surprised that the FBI was wrong? Government doesn't attract top-tier talent. Never has, never will. When your hiring practices, policies, procedures, compensation and benefits are all at the bottom of the barrel, well... that's what you get. The bottom of the barrel.

    • by geek ( 5680 )

      Is anyone REALLY surprised that the FBI was wrong? Government doesn't attract top-tier talent. Never has, never will. When your hiring practices, policies, procedures, compensation and benefits are all at the bottom of the barrel, well... that's what you get. The bottom of the barrel.

      I agree on policy and procedure but they have the best benefits and compensation I have ever seen. My aunt ran the Houston office of the FBI for years. She was able to retire at age 50 with a full sic figure a year pension that will last her the rest of her life. Everyone on that side of the family has lived into their 90's so do the math with that.

    • by jasnw ( 1913892 ) on Saturday September 17, 2016 @01:14PM (#52907995)
      There are at least two interpretations for this apparent failure: (1) the Feds are dumb as a box of rocks as you say, or (2) they knew perfectly well how to do this but wanted the courts to establish precedence for ordering manufacturers like Apple to provide access to customers' encrypted storage. Or it could be a little of both. I've worked with the Federal government for over 40 years, and either of these is well within the realm of possibility. I will say, however, that the recent tenor from the FBI and its director about encryption make me believe more in #2 than #1.
    • by AHuxley ( 892839 )
      Re Government doesn't attract top-tier talent. Never has, never will.
      So the NSA and NRO are all built on the efforts of private sector contractors?
      All we have is what the FBI said in public and wanted to be seen paying for or commenting on and big brand consumer grade encryption.
      The same global consumer grade product lines the NSA has been tracking and reading without effort globally for a while.
      If the FBI lets slip that they have an easy way in, or the NSA helped them, any interesting people still usi
    • How FBI was wrong? At my knowledge they never said what the summary states: 'They need a universal backdoor' in fact, in this very case, they never asked for a backdoor. A backdoor is something you put in place BEFORE, not AFTER. They asked for help from Apple to crack the iPhone.

      That summary is really shitty. It seems written by someone not knowing the difference between his head and his ass. Bypassing the counter limit has nothing to do with cracking the encryption key by brute force attack. The iPhone pa

    • Is anyone REALLY surprised that the FBI was wrong? Government doesn't attract top-tier talent. Never has, never will. When your hiring practices, policies, procedures, compensation and benefits are all at the bottom of the barrel, well... that's what you get. The bottom of the barrel.

      Manhattan and Apollo programs seemed to do alright.

  • It's been common wisdom for years that with physical access to the device and unlimited time and resources, almost all encryption schemes can be defeated. In many cases this might simply mean using a mechanism to bypass the encryption rather than defeating it through brute force. But the fact is, regardless of what protections they have, devices have to ultimately present the data to the user unencrypted to actually use it. So there is usually always some kind of way in.

    • It's been common wisdom for years that with physical access to the device and unlimited time and resources, almost all encryption schemes can be defeated.

      That is an utterly meaningless statement. Time are resources are NEVER "unlimited", because eventually, you will have to face the heat death of the universe.

      Meanwhile, back to reality: Cryptography has been advancing way faster than cryptanalysis, and there are publicly available encryption algorithms that are essentially unbreakable, even using quantum computers. All of the cracking events you read about are done through social engineering and sloppy security practices. None of them happen because stat

      • In a perfect world, what you say is true, but the parent poster has a good point.

        1. Because there's no such thing as a truly random number, one characterizes the number generator and then determine its bias. (See NSA-NIST->RSA foibles)

        2. The decrypting machinery has to be perfect, and not cache the results in some mind-numbing way (see several CVEs)

        3. In the actual case, the capability of resetting the NAND or using proximal bit-flipping techniques to force recounts to null are well-known. Just crowbar t

      • > are essentially unbreakable, even using quantum computers

        The Enigma was "unbreakable", until it was broken.
        DES was unbreakable, until it was broken.
        MD5 was unbreakable, until it was broken.
        RSA was "unbreakable" last year. Not so much this year.

        There are some new algorithms which haven't quite been completely broken just yet. Well, unless the new algorithm is used by someone who -also- allows an older algorithm, im which case the service using the new algorithm is vulnerable to DROWN.

        • DES was unbreakable, until it was broken.
          MD5 was unbreakable, until it was broken.
          RSA was "unbreakable" last year. Not so much this year.

          DES was actually designed to be crackable.
          MD5 is not an encryption algorithm.
          RSA has not been considered robustly secure for a long time, and was never considered unbreakable.

          If decryption takes 1e6 times as long as encryption, the algorithm is easily crackable. If it takes 1e12 times as long, it is good enough for casual communications. 1e15 is secure against all but the most determined government sponsored crackers. If the ratio is 1e100 it is uncrackable in the life of the universe (the number of quark

          • by Creepy ( 93888 )

            RSA was tampered with by the NSA to allow for it to be easily cracked [reuters.com]. While we'd known there was tampering with it, the extent of that tampering wasn't known until the Snowden leaks. That said, the flaw is only with dual elliptic curve and I don't think anybody uses that anymore. Also the only thing cracked this year was RSA 220 [wikipedia.org], which is 729 bits and the next you'd logically expect to see broken. My secure emails use RSA-1024 (I didn't set that up, all I do is check a checkbox that says "Secure" and the r

      • All of the cracking events you read about are done through social engineering and sloppy security practices.

        False. As I stated, many of the attacks involve sophisticated ways to simply bypass the encryption, rather than cracking it directly. These attacks are neither social engineering or because the vendor had sloppy security. Their security would in most cases stop 99.9% of attacks. However a government with essentially unlimited money to throw at it is another story.

        None of them happen because state-of-the-art encryption is cracked. That doesn't happen.

        Also false. I think you need to read some of the recent NSA disclosures. Widespread successful attacks against VPN and SSL are already becoming so

  • by YesIAmAScript ( 886271 ) on Saturday September 17, 2016 @01:11PM (#52907983)

    This attack is still done on device. It just clones the NAND back to "0 strikes" after each 6 attempts.

    This attack doesn't extract the memory and doesn't decode externally. It just copies NANDs.

    Why is this significant? Because it means you can't do extraction in parallel, you still have to go through all the codes sequentially on the device.

    It defeats the significant portions of the backoff. It defeats the erase after n failures. It's a very significant attack.

    But no one said this type of attack was impossible. I personally read about variants on this attack while the controversy was going on. I even posited it myself. I believe Apple even addressed it claiming that this attack wasn't possible on later iPhones due to a change in how the failure count is stored.

    • by ELCouz ( 1338259 )
      NAND have limited write cycles... doing a re-write NAND bruteforce attack is not going to last very long!
      • Yeah, the limit is 10k cycles PER SECTOR. In other words, they could copy the NAND to one place, try it as much, then when they are done, copy the next NAND to another sector, and lather, rinse, reuse...
      • by tlhIngan ( 30335 )

        NAND have limited write cycles... doing a re-write NAND bruteforce attack is not going to last very long!

        A 4 digit PIN code has around... 10,000 combinations. You get 10 tries before it wipes, but 6 tries before the delay gets long (1 hour). So if you guess 6 tries per flash, you only need to do 1,667 reflashes. Given the nature of the effacable storage flash, this is well under their use limit.

  • As someone who can barely see a 0603 SMD device, I find this quite impressive. He was able to remove the flash from the board, get it to function, watch it communicate, and identify the multiple mechanisms used by the chip to communicate and where on the flash it accessed. I always suspected the way the FBI did it was a brute force attack on copies of the chip data.

    Neat!

  • Of course they knew all along how to get into the phone, probably five different ways.

    But all the public+media+dog had was speculation and unfortunately a big spotlight on the subject device.

    Normally they work in secret and in the shadows and crack these phones all the time. But this one had everybody watching, and when everyone is watching, you do not get out your best-kept secrets and reveal them in front of the cameras. The agencies didn't want to confirm any of that by suddenly showing up with a crack

  • This is exactly what everyone was saying at the time. The FBI didn't really give a damn about what was on the phone. All they wanted was the legal precedent for forcing companies to give up their security.

  • You need to stop using the word "open" to refer to the act of unlocking a mobile device.

    You don't "open" a smartphone.

    There isn't a lid that you remove to gain access to it.

    You unlock it.

  • I tried to explain this to a number of people on other forums and got a surprising amount of pushback. Nice to have someone prove me right.
  • Is this a joke? hahahah "how the FBI opened the iPhone5c? Ohh how... after all, Apple does not help the Feds... AT ALL." Ok... CUT! Nice shot everyone... do you think they will believe it? How numb and dumb and fallen have we become... Brains, what I want you for?

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...