Snowden: FBI's Claim It Can't Unlock The San Bernardino iPhone Is 'Bullshit'

An anonymous reader writes: Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI's attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters. The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force. Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: "The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit." Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI's claims in the case are fraudulent. Apple's clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.

We know the FBI *can* unlock it without help

We know the FBI *can* unlock it without help, but we also know that this brings with it a certain level of technical risk that adjusted firmware would not (whereas the firmware would pose a certain level of privacy risk), and an attempt rate that is abysmal at best.

The ACLU report specifically states that they can desolder the storage chip, copy the storage entire, put in a socket (no risk there), plonk the chip in, try, and if it fails - restore the storage to the chip (or a model with equal behavior and characteristics). Several of these steps come with risk, and all of it comes with it the fact that it takes time. A lot of time. Even with a rig that pops the chip out and drops another one in, with chips going on a merry-go-around for reprogramming after N attempts, it's a lot slower than a firmware that would allow an effectively unlimited number of attempts.

Push comes to shove, they can try decapping it and looking straight at the bare metal. But as anybody who does forensic work would know, that's not exactly your go-to method; figuring out the password directly, or figuring out a pre-existing backdoor to bypass protection entirely, would be very much preferable. If disabling the maximum number of attempts is hypothetically an option as long as you can get the manufacturer to agree to do it, hell yes it's on the table.

Re:We know the FBI *can* unlock it without help

RIIIGGHHHTT...because there is 0 expense to Apple in creating new firmware for this purpose either directly or through harm to their business. Not to mention the risk to our fundamental rights..
.
No one doubted that Al Capone deserved to be in prison. Actual investigation & developing evidence to prove the case against him was taking too long & came at considerable expense, we should have just planted evidence on him to allow us to prosecute him without all the icky issues of due process.

The FBI TODAY has the ability to bypass the '10 try limit' using easily available tools & technology (especially for a government agency with their budget) with very little risk to the integrity of the data (*)...they are claiming they can't do that...that's an outright lie (though of course in their filing in court its phrased in such a way as to avoid charges of falsification of evidence/perjury).

(*) Note that it can reasonably be argued that the FBI should copy the firmware AND the contents of the NAND prior to Apple pushing any firmware update or otherwise attempting to break in to the device specifically because of the low but real risk that the firmware or data may be corrupted while attempting to unlock the phone even assuming that Apple is forced to provide a firmware update.

Re:We know the FBI *can* unlock it without help

[shawn2772]

You didn't RTFA. The key that gets wiped is stored in flash. So you back up the flash, make your attempts, then restore the flash and try some more. Repeat until success.

Re:We know the FBI *can* unlock it without help

[srmalloy]

You can't read the key, but you don't have to. You make an image copy of the NAND flash, without worrying about what cells in the flash belong to what data. Then you make your ten tries, and if the phone wipes the flash memory, you just restore the whole image and do it again. When they get the correct passcode, the phone will unlock, and then the key in the NAND flash will become readable.

Re:why snowden?

[hey!]

Because people will listen to him, because he's Snowden.

I've been saying the same thing for months: the key is stored (albeit encrypted itself) in flash, so all you need to do is to back up the flash chip and you've got as many goes as you need, which with a four digit PIN chosen by humans isn't that many. But even though you can point this out the relevant details in Apple's documentation, people just refuse to believe that the government can get into an iPhone without Apple's help.

That actually kinds of mystifies me. Why would anyone believe that a government that (in part at least) created Stuxnet would be stymied by an iPhone? Whatever the reason, Snowden's imprimatur seems to help them get over it.

Re:15 minutes are up

[AmiMoJo]

What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?

We can read.

This isn't really coming from Snowden, he just happened to be a high profile person who tweeted about it. His statement is based on legal filings by the ACLU and others who point out methods that the FBI could use to crack the PIN code on their own.

For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers. The link is right in the summary.