No, they demonstrated that the FBI should ask the Israeli firms instead with the dead terrorist incident a few years back. They aren’t exactly motivated to give out the signing keys or put in a back door (They probably have one already), this would be a PR nightmare if they gave up a secret code, not only would they have told everyone about said code but they would have given it to the government. Now they say that there is no such code and if they are truthful then there is no possible way to bypass the lock, only ways to reduce the effort needed.

In any case, the task is theoretically impossible to do as the data is all encrypted on most devices today, Apple seems to do this by default though. However the passcode can still be broken due to low entropy if you can read the raw data into a server and crack it without the failed passcode attempts erasing the data. There are easier ways in than asking Apple, merely analyzing the grease marks can narrow down the code possibilities and there are firms and hackers who spend tons of resources finding flaws down to the way the keys are generated in hardware and then finding ways to exploit it.

Here’s one way for the US government to open any phone without the help of the parent company or a firm with a zero day exploit of some kind. The data may be encrypted with a secure key but that key is far too long to remember and type so we store it in the SOC or in another reserved memory location such as a second flash chip, crypto processor, or EEPROM. A passcode decrypts the key which decrypts the phone. The next step is to extract the encrypted key somehow either by reading the chip, malware, or a stolen/broken signing key to release an update to the OS making it dump the raw encrpyted key. Then allow a small amount of time on one of thousands of servers the government owns to try all 10000 keys for 4 digit passcodes or 1000000 codes for 6 digit passcodes. This seems big but it’s actually fairly easy at this point for a hacker and far cheaper for a government with tons of NSA servers sitting around, 1000000 tries is not that big for a GPU these days and since the raw data is in the server there is no need to deal with that pesky millisecond delay in the hardware. This can only by mitigated by using a password of unknown length and make sure its a long one as that entropy dwarfs a 6 digit passcode. Removing the chip would be hard if it’s made right, but then that would destroy all data upon the battery being replaced too so I’m not too sure if it’s going to self destruct upon power down and removal, one could attach passive probes on the data lines and listen to the traffic as one enters a single passcode and the data is read and processed, hopefully passing through the probed points, still easier to steal/break (or buy form a firm) a copy of the signing key and make an OS update that dumps the raw data and key into the server.

 

Advertisements