Snowden: FBI's Claim It Can't Unlock The San Bernardino iPhone Is 'Bullshit'

An anonymous reader writes: Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI's attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters. The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force. Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: "The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit." Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI's claims in the case are fraudulent. Apple's clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.

We know the FBI *can* unlock it without help

We know the FBI *can* unlock it without help, but we also know that this brings with it a certain level of technical risk that adjusted firmware would not (whereas the firmware would pose a certain level of privacy risk), and an attempt rate that is abysmal at best.

The ACLU report specifically states that they can desolder the storage chip, copy the storage entire, put in a socket (no risk there), plonk the chip in, try, and if it fails - restore the storage to the chip (or a model with equal behavior and characteristics). Several of these steps come with risk, and all of it comes with it the fact that it takes time. A lot of time. Even with a rig that pops the chip out and drops another one in, with chips going on a merry-go-around for reprogramming after N attempts, it's a lot slower than a firmware that would allow an effectively unlimited number of attempts.

Push comes to shove, they can try decapping it and looking straight at the bare metal. But as anybody who does forensic work would know, that's not exactly your go-to method; figuring out the password directly, or figuring out a pre-existing backdoor to bypass protection entirely, would be very much preferable. If disabling the maximum number of attempts is hypothetically an option as long as you can get the manufacturer to agree to do it, hell yes it's on the table.

Re:We know the FBI *can* unlock it without help

[srmalloy]

You can't read the key, but you don't have to. You make an image copy of the NAND flash, without worrying about what cells in the flash belong to what data. Then you make your ten tries, and if the phone wipes the flash memory, you just restore the whole image and do it again. When they get the correct passcode, the phone will unlock, and then the key in the NAND flash will become readable.

Re:15 minutes are up

[Dcnjoe60]

Assuming the FBI is privy to the NSA's capabilities.

This is a terrorism case, so the FBI and the NSA are supposed to cooperate.

Re:All boils down to evidence

[ArchieBunker]

I keep hearing this but what does it matter? The government does whatever it pleases without consequence. The NSA admitted to illegally spying on members of congress. Nobody was fired or even given a letter of reprimand.

so everybody is lying all around

[ooloorie]

I happen to agree with Snowden. And one you recognize that the FBI is lying about being unable to break into the phone, and Tim Cook is lying about the phones being secure the way they are, you end up wondering what their actual motivations are. Might it be that Tim Cook doesn't like his company's products to get a reputation for being not secure, while the FBI likes people using insecure and breakable phones?

(Note that Microsoft has already been forced to give its source code to the Russian security services, and it seems likely that Apple has succumbed to similar pressures.)

Re:15 minutes are up

[Darinbob]

The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only. The fact that both agencies have been trying to expand their reach so that there is functional overlap is evidence that the two agencies are not sharing their secrets with each other so readily.

This is also a domestic terrorism case with no evidence that there is any foreign involvement except for the gut feeling that all terrorism comes from a secret mastermind hidden on a island somewhere off the shore of New Jersey. We know who the shooters were. We know who they called and when, from both the work phone in question and the other phones that were actively used by the shooters. The case is essentially closed, and would be closed if it weren't for politics. The NSA is not going to open its kimono wide to the FBI for a simple case like this one. Cooperation or no, the need to know process is still in effect.

Re:15 minutes are up

[Tom]

The ACLU misses one point:

The FBI does not know if the erase feature is enabled. The court should force them to run through the desoldering routine at least once to figure out if maybe they don't even need Apple to disable this feature.

That they didn't try, that they go to court without being sure, tells the whole story. If this were about breaking into the phone, they would have tried this, in the time that has passed with court cases they would already be sure if they need Apple at all or not, and if it turns out that not, they probably would have already broken into the phone.

ACLU is right, but they still miss just how malicious the FBI is.