Slashdot Mirror
McAfee Says He Lied About iPhone Hacking Method To Get Public Attention
blottsie writes: McAfee, who founded of one of the first companies to offer antivirus software, claimed on CNN and Russia Today, as well as in a Business Insider column, that he could bypass the advanced encryption protecting the phone without Apple's help. But he lied in these interviews, he said in an interview with the Daily Dot, to "get a shitload of public attention."
he's trying to bring attention to the issue, that the FBI is trying to fool everyone into thinking they cannot crack an iphone.
“That video, on my YouTube account, it has 700,000 views. My point is to bring to the American public the problem that the FBI is trying to [fool] the American public. How am I going to do that, by just going off and saying it? No one is going to listen to that crap.
“So I come up with something sensational,” he continued. “Now, what I did not lie about was my ability to crack the iPhone." ...
Later in the interview, McAfee described his method, which involves “decapping” the phone’s processor and acquiring the device’s unique identifier (UID), that may allow someone to brute force the phone’s password
he's not wrong either. a grad student explained this in a blog post from October 2014.
Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency)
excerpt from the post:
If Apple did their job properly, however, the UID (device encryption key) is completely inaccessible to software and is locked up in some kind of on-die hardware security module (HSM). This means that even if Eve is able to execute arbitrary code on the device while it is locked, she must bruteforce the passcode on the device itself - a very slow and time-consuming process.
In this case, an attacker may still be able to execute an invasive physical attack. By depackaging the SoC, etching or polishing down to the polysilicon layer, and looking at the surface of the die with an electron microscope the fuse bits can be located and read directly off the surface of the silicon.
Since the key is physically burned into the IC, once power is removed from the phone there's no practical way for any kind of self-destruct to erase it. Although this would require a reasonably well-equipped attacker, I'm pretty confident based on my previous experience that I could do it myself, with equipment available to me at school, if I had a couple of phones to destructively analyze and a few tens of thousands of dollars to spend on lab time. This is pocket change for an intelligence agency.
Once the UID is extracted, and the encrypted disk contents dumped from the flash chips, an offline bruteforce using GPUs, FPGAs, or ASICs could be used to recover the key in a fairly short time.
Anons need not reply. Questions end with a question mark.
On the newest iPhones (A7 processor and newer), the Secure Enclave enforces the rules. This is a coprocessor chip with code baked in during manufacture and is implicitly trusted. It also has the AES-256 algorithm and key that protects the storage. The key is locked in the silicon with no way to extract it; the chip manufacturer doesn't keep it and Apple never has it. In order to access the encrypted storage, the request must pass through the SE. The class keys that are used are derived from the baked-in key and the passcode. 10 invalid passcode attempts and the chip will erase the encryption keys.
For a much better description, read this: https://www.apple.com/business... starting from page 10.
For the San Bernadino killers' iPhones, they have older iPhones where this is logic part of the iOS software. Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do. Had the murderers been using an iPhone 6 (or maybe even the iPhone 5S) not even Apple would be able to break them. The only options I see there might be physically dissecting the chip and somehow reading the bits from the flash storage in the chip. That's been done on the older, unsophisticated chips like those found in credit cards, but I've never heard of a researcher able to read data from the nanometer-scale chips in use in the Apple CPUs. Maybe the NSA has someone in house who could do that, but we civilians have no way of knowing what goes on in those labs.
John