Slashdot Mirror

← Back to Stories (view on slashdot.org)

How The FBI Might've Opened the San Bernardino Shooter's iPhone 5c (schneier.com)

Posted by EditorDavid on from the how-to-brute-force-a-passcode dept.

"Remember the San Bernardino killer's iPhone, and how the FBI maintained that they couldn't get the encryption key without Apple providing them with a universal backdoor?" Slashdot reader LichtSpektren quotes Bruce Schneier: Many of us computer-security experts said that they were wrong, and there were several possible techniques they could use. One of them was manually removing the flash chip from the phone, extracting the memory, and then running a brute-force attack without worrying about the phone deleting the key. The FBI said it was impossible. We all said they were wrong. Now, Sergei Skorobogatov has proved them wrong.
Sergei's new paper describes "a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9." The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts... Although the process can be improved, it is still a successful proof-of-concept project.

41 of 66 comments (clear)

  1. FBI was foolin' by turkeydance · · Score: 2, Interesting

    they knowed how

    1. Re: FBI was foolin' by johnsmithperson123 · · Score: 1

      Yes. And Apple giving them a backdoor would not only give them a backdoor but not reveal that they could crack the iPhone anyway.

    2. Re:FBI was foolin' by slashrio · · Score: 1

      That denial was part of their contract with Apple.

      --
      "Trump!!", the new Godwin.
  2. Is anyone really surprised? by Jester998 · · Score: 3, Insightful

    Is anyone REALLY surprised that the FBI was wrong? Government doesn't attract top-tier talent. Never has, never will. When your hiring practices, policies, procedures, compensation and benefits are all at the bottom of the barrel, well... that's what you get. The bottom of the barrel.

    1. Re:Is anyone really surprised? by geek · · Score: 1

      Is anyone REALLY surprised that the FBI was wrong? Government doesn't attract top-tier talent. Never has, never will. When your hiring practices, policies, procedures, compensation and benefits are all at the bottom of the barrel, well... that's what you get. The bottom of the barrel.

      I agree on policy and procedure but they have the best benefits and compensation I have ever seen. My aunt ran the Houston office of the FBI for years. She was able to retire at age 50 with a full sic figure a year pension that will last her the rest of her life. Everyone on that side of the family has lived into their 90's so do the math with that.

    2. Re:Is anyone really surprised? by Jester998 · · Score: 1, Insightful

      Your argument is hilarious due to its fallacies.

      Maybe private industry didn't go to the moon because there was no compelling business reason to do so. I guarantee you if the government had said "We will give a 200-year exclusive settlement and mining rights to the first corporation to land on the moon", it would have been done faster and cheaper than the government did it.

      Maybe the government insists on maintaining its monopoly on road infrastructure and won't allow private roads to be built. Or maybe private industry has no interest in doing it, because the costs to generate revenue from it outweigh the revenue.

      Government responds to different incentives than private corporations do, so of course in many cases they do jobs that private industry won't. Being a monopoly or taking on revenue-negative work doesn't mean that the people doing that work are at the top of their field.

    3. Re:Is anyone really surprised? by ShanghaiBill · · Score: 2, Interesting

      Yup, that's why we all remember the 1968 private Moon landing so well, right?

      The moon race was a lavishly funded and otherwise pointless political exercise to show the world that we had bigger dicks than the Soviets. To use it as an example of government efficiency and effectiveness is silly.

      Speaking of Soviet dick size: During WW2, the Soviet Red Army deployed a 2 inch trench mortar, but had difficulty keeping rain out of the barrel. Without explaining the purpose, they asked the Americans to supply thousands of condoms 12 inches long and 2 inches in diameter, which would fit perfectly over the muzzle. So the Americans manufactured the condoms ... and shipped them in boxes marked "medium".

    4. Re:Is anyone really surprised? by jasnw · · Score: 3, Interesting

      There are at least two interpretations for this apparent failure: (1) the Feds are dumb as a box of rocks as you say, or (2) they knew perfectly well how to do this but wanted the courts to establish precedence for ordering manufacturers like Apple to provide access to customers' encrypted storage. Or it could be a little of both. I've worked with the Federal government for over 40 years, and either of these is well within the realm of possibility. I will say, however, that the recent tenor from the FBI and its director about encryption make me believe more in #2 than #1.

    5. Re:Is anyone really surprised? by KozmoStevnNaut · · Score: 4, Insightful

      Calling the moon landing and the space program in general a "pointless political exercise" is pretty ridiculous, when you consider the massive amount of spinoff technologies that we take for granted every single day of our lives.

      --
      Eat the rich.
    6. Re:Is anyone really surprised? by SScorpio · · Score: 1

      Exactly, now I can just Velcro my shoes. And drink this delicious Tang.

    7. Re:Is anyone really surprised? by ShanghaiBill · · Score: 1

      Most of the space-based spin-offs came from the development of communication satellites, not from the moon landings. The first comsat was in 1962, before the moon race even started.

    8. Re:Is anyone really surprised? by Impy+the+Impiuos+Imp · · Score: 1

      This is the largest and most sophisticated of state actors. It is not inconceivable they could comission a secret billion-dollar machine to crack any electronic equipment.

      There was that article a few days back about using doppler and timings of x-rays to read pages of a degenerating book, down through the layers.

      Carefully shaving nanometer layers off a chip at near absolute zero ain't no thing.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    9. Re:Is anyone really surprised? by Impy+the+Impiuos+Imp · · Score: 1

      One need only look to the Internet to see the difference between public and private money.

      Public developed it and kept its heart beating for 25 years as a novelty tool of universities. Then capitalism found a use for it, and several trillion dollars later, here we are.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    10. Re:Is anyone really surprised? by AHuxley · · Score: 1

      Re Government doesn't attract top-tier talent. Never has, never will.
      So the NSA and NRO are all built on the efforts of private sector contractors?
      All we have is what the FBI said in public and wanted to be seen paying for or commenting on and big brand consumer grade encryption.
      The same global consumer grade product lines the NSA has been tracking and reading without effort globally for a while.
      If the FBI lets slip that they have an easy way in, or the NSA helped them, any interesting people still using Apple after PRISM will stop trusting Apple products domestically. FBI inside is not the best branding.
      The other consideration is what will stand up in court for lawyers and the public to see as the origin go a case considering all the other devices waiting at a state, state task force and federal level. That discovery has to be legal and the lawyers might have their own experts ask questions in public. Some defendants will still have some funding to hire experts and a few request a public court trial. The NSA would not way a repeat of some of the IMSI-catcher like questions on their role in big brand decryption during an open domestic court setting.
      The FBI was seeking a USA ready solution that could allow any state or task force get all devices open and such methods be court friendly.
      How that method is working will be seen in future open court cases and the media attention other cases get. If the states start tasking case loads based more on phone related product that will be the confirmation that any such method is public court friendly and ready.
      If the states still ask for more technical assistance in public, the methods are still at the parallel construction level as they always have been.

      --
      Domestic spying is now "Benign Information Gathering"
    11. Re:Is anyone really surprised? by hackwrench · · Score: 1

      Whether or not Tang is a garbage drink, there is such a great diversity of drinks out there that Tang doesn't matter.

    12. Re:Is anyone really surprised? by AchilleTalon · · Score: 1

      How FBI was wrong? At my knowledge they never said what the summary states: 'They need a universal backdoor' in fact, in this very case, they never asked for a backdoor. A backdoor is something you put in place BEFORE, not AFTER. They asked for help from Apple to crack the iPhone.

      That summary is really shitty. It seems written by someone not knowing the difference between his head and his ass. Bypassing the counter limit has nothing to do with cracking the encryption key by brute force attack. The iPhone password is not the encryption key, it is the protection to grant access to the encryption key. It is simply laughable to think the iPhone would have been encrypted with a four byte encryption key if the password would have been the key.

      --
      Achille Talon
      Hop!
    13. Re:Is anyone really surprised? by Gussington · · Score: 1

      Is anyone REALLY surprised that the FBI was wrong? Government doesn't attract top-tier talent. Never has, never will. When your hiring practices, policies, procedures, compensation and benefits are all at the bottom of the barrel, well... that's what you get. The bottom of the barrel.

      Manhattan and Apollo programs seemed to do alright.

    14. Re:Is anyone really surprised? by KozmoStevnNaut · · Score: 1

      And who ran the hugely expensive space program that let those satellites get put into orbit? Exactly.

      --
      Eat the rich.
    15. Re:Is anyone really surprised? by KozmoStevnNaut · · Score: 1

      That's easy for you to say after the fact. And velcro+tang aren't the best examples, they're quite simply concepts.

      But look at the 2016 list of spinoffs: https://spinoff.nasa.gov/Spino...

      Lots of stuff on there that would have been deemed unnecessary or a waste of money by private investors.

      --
      Eat the rich.
    16. Re: Is anyone really surprised? by cthulhu11 · · Score: 1

      Ran the office. So she was upper management ? The FBI tech jobs I've seen required relocation to a shithole and offered pathetic pay.

    17. Re:Is anyone really surprised? by Coren22 · · Score: 1

      Both private inventions that were used by the space program, but not a result of it:

      https://en.wikipedia.org/wiki/...
      https://en.wikipedia.org/wiki/...

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    18. Re:Is anyone really surprised? by Coren22 · · Score: 1

      NASA and the NSA, as well as Bletchley Park.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  3. This is not new information by ravenspear · · Score: 1

    It's been common wisdom for years that with physical access to the device and unlimited time and resources, almost all encryption schemes can be defeated. In many cases this might simply mean using a mechanism to bypass the encryption rather than defeating it through brute force. But the fact is, regardless of what protections they have, devices have to ultimately present the data to the user unencrypted to actually use it. So there is usually always some kind of way in.

    1. Re:This is not new information by postbigbang · · Score: 2

      In a perfect world, what you say is true, but the parent poster has a good point.

      1. Because there's no such thing as a truly random number, one characterizes the number generator and then determine its bias. (See NSA-NIST->RSA foibles)

      2. The decrypting machinery has to be perfect, and not cache the results in some mind-numbing way (see several CVEs)

      3. In the actual case, the capability of resetting the NAND or using proximal bit-flipping techniques to force recounts to null are well-known. Just crowbar the location by stunning it with nearby high/low bits as appropriate, and buh bye state.

      Yes, admittedly, crappy engineering. But zenith/stellar/foolproof engineering doesn't really exist, it's a lofty goal. With a big enough hammer, you can break anything.

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:This is not new information by ravenspear · · Score: 1

      All of the cracking events you read about are done through social engineering and sloppy security practices.

      False. As I stated, many of the attacks involve sophisticated ways to simply bypass the encryption, rather than cracking it directly. These attacks are neither social engineering or because the vendor had sloppy security. Their security would in most cases stop 99.9% of attacks. However a government with essentially unlimited money to throw at it is another story.

      None of them happen because state-of-the-art encryption is cracked. That doesn't happen.

      Also false. I think you need to read some of the recent NSA disclosures. Widespread successful attacks against VPN and SSL are already becoming somewhat commonplace in intelligence. Vendors are having to accelerate the transition to new protocols compared to what the state of things were just a few years ago.

  4. this isn't an external brute force attack by YesIAmAScript · · Score: 4, Informative

    This attack is still done on device. It just clones the NAND back to "0 strikes" after each 6 attempts.

    This attack doesn't extract the memory and doesn't decode externally. It just copies NANDs.

    Why is this significant? Because it means you can't do extraction in parallel, you still have to go through all the codes sequentially on the device.

    It defeats the significant portions of the backoff. It defeats the erase after n failures. It's a very significant attack.

    But no one said this type of attack was impossible. I personally read about variants on this attack while the controversy was going on. I even posited it myself. I believe Apple even addressed it claiming that this attack wasn't possible on later iPhones due to a change in how the failure count is stored.

    --
    http://lkml.org/lkml/2005/8/20/95
    1. Re:this isn't an external brute force attack by ELCouz · · Score: 1

      NAND have limited write cycles... doing a re-write NAND bruteforce attack is not going to last very long!

    2. Re:this isn't an external brute force attack by unixisc · · Score: 1

      Yeah, the limit is 10k cycles PER SECTOR. In other words, they could copy the NAND to one place, try it as much, then when they are done, copy the next NAND to another sector, and lather, rinse, reuse...

    3. Re:this isn't an external brute force attack by tlhIngan · · Score: 1

      NAND have limited write cycles... doing a re-write NAND bruteforce attack is not going to last very long!

      A 4 digit PIN code has around... 10,000 combinations. You get 10 tries before it wipes, but 6 tries before the delay gets long (1 hour). So if you guess 6 tries per flash, you only need to do 1,667 reflashes. Given the nature of the effacable storage flash, this is well under their use limit.

  5. 2,000 years of trying, none have lasted 20 years by raymorris · · Score: 1

    > are essentially unbreakable, even using quantum computers

    The Enigma was "unbreakable", until it was broken.
    DES was unbreakable, until it was broken.
    MD5 was unbreakable, until it was broken.
    RSA was "unbreakable" last year. Not so much this year.

    There are some new algorithms which haven't quite been completely broken just yet. Well, unless the new algorithm is used by someone who -also- allows an older algorithm, im which case the service using the new algorithm is vulnerable to DROWN.

  6. Thats quite impressive. by NuttyBee · · Score: 1

    As someone who can barely see a 0603 SMD device, I find this quite impressive. He was able to remove the flash from the board, get it to function, watch it communicate, and identify the multiple mechanisms used by the chip to communicate and where on the flash it accessed. I always suspected the way the FBI did it was a brute force attack on copies of the chip data.

    Neat!

  7. Re:2,000 years of trying, none have lasted 20 year by ShanghaiBill · · Score: 1

    DES was unbreakable, until it was broken.
    MD5 was unbreakable, until it was broken.
    RSA was "unbreakable" last year. Not so much this year.

    DES was actually designed to be crackable.
    MD5 is not an encryption algorithm.
    RSA has not been considered robustly secure for a long time, and was never considered unbreakable.

    If decryption takes 1e6 times as long as encryption, the algorithm is easily crackable. If it takes 1e12 times as long, it is good enough for casual communications. 1e15 is secure against all but the most determined government sponsored crackers. If the ratio is 1e100 it is uncrackable in the life of the universe (the number of quarks in the universe is ~ 1e80). That ratio has been growing exponentially, far faster than computing hardware has been improving.

  8. Re:2,000 years of trying, none have lasted 20 year by Creepy · · Score: 1

    RSA was tampered with by the NSA to allow for it to be easily cracked. While we'd known there was tampering with it, the extent of that tampering wasn't known until the Snowden leaks. That said, the flaw is only with dual elliptic curve and I don't think anybody uses that anymore. Also the only thing cracked this year was RSA 220, which is 729 bits and the next you'd logically expect to see broken. My secure emails use RSA-1024 (I didn't set that up, all I do is check a checkbox that says "Secure" and the recipient needs to use their key card and PIN to decrypt it - not sure how it works for out of office emails).

    Not a surprise that the US government uses RSA for secure emails but AES (designed in Belgium away from NSA tampering) for both military and confidential secret and top secret encoded data. Confidential data needs to be at least AES-128 encrypted and Secret/Top Secret AES-256 if I recall correctly. We're insulated from that stuff (our software backend handles it), all we need to know is the classification.

  9. Re:Brute Force by unixisc · · Score: 1

    Brute force wouldn't work here, since after 3 tries, the phone would be locked for good. That's why the FBI first approached Apple, and later, went to a third party to get that phone unlocked. But it's interesting whether that would have been possible had Syed Farook had an iPhone 6 or something w/ a more advanced iOS, which would have precluded even that break-in

  10. Re:You could automate reading a flash chip by unixisc · · Score: 1

    That is what I was wondering. Internally, the phone would have a combination of NAND and NOR flash (usually in MCPs). Unsoldering is next to impossible, since we are talking BGA packages, especially since in this case, the flash would have to go back into the phone for the phone to work.

    But like you say, they could read out the contents of the flash w/o turning on the phone, and then run their brute force attack on the phone. Only thing - this was a 5c, and if it used his fingerprints, they'd be out of luck - unless they got a template of his fingerprints to apply on the home button. Incidentally, what if people do choose to use that to get their phones locked? What mechanisms does the FBI have? In this case, the phone user is dead, so his body was available to the FBI to extract his fingerprint, but what in the cases of other criminals who commit crimes, leave their phones behind accidentally and flee, but have protected phones due to their fingerprints being used? The FBI database may or may not have them

  11. Nobody gets it by RubberDogBone · · Score: 1

    Of course they knew all along how to get into the phone, probably five different ways.

    But all the public+media+dog had was speculation and unfortunately a big spotlight on the subject device.

    Normally they work in secret and in the shadows and crack these phones all the time. But this one had everybody watching, and when everyone is watching, you do not get out your best-kept secrets and reveal them in front of the cameras. The agencies didn't want to confirm any of that by suddenly showing up with a cracked phone, thus revealing they had various techniques to do exactly what they wanted. So they tried the front door approach with Apple, and then some other approach where they can make some outside company look like the source and patsy.

    Meanwhile all the much more secret techniques remain secret. Done.

    But all the various bloggers and media people want to know exactly how it was done, which is exactly why they went to some effort to find a disposable way in rather than reveal their secrets. Meh. Who cares. Privacy is an illusion. If for a moment anyone thinks their iPhone is some kind of sacred secret place only they can access, well, they are fools. Nothing is secret.

    --
    Sig for hire.
  12. Obvious from the start by kbg · · Score: 1

    This is exactly what everyone was saying at the time. The FBI didn't really give a damn about what was on the phone. All they wanted was the legal precedent for forcing companies to give up their security.

  13. Re:American needs war! by slashrio · · Score: 1

    Correction: Stein says she is anti-war.

    --
    "Trump!!", the new Godwin.
  14. Or you pull the power after each bad passcode by BcNexus · · Score: 1

    http://blog.mdsec.co.uk/2015/0...

  15. Vindication! by sabbede · · Score: 1

    I tried to explain this to a number of people on other forums and got a surprising amount of pushback. Nice to have someone prove me right.

  16. #joke by JohnMcLane · · Score: 1

    Is this a joke? hahahah "how the FBI opened the iPhone5c? Ohh how... after all, Apple does not help the Feds... AT ALL." Ok... CUT! Nice shot everyone... do you think they will believe it? How numb and dumb and fallen have we become... Brains, what I want you for?