FBI Looks Into Unlocking Minnesota Mall Stabber's iPhone

An anonymous reader quotes a report from CNET: The Minnesota man suspected of stabbing 10 people in a mall before police fatally shot him left behind his iPhone. Now, FBI agents are looking into unlocking his iPhone as part of the investigation. The FBI says Dahir Adan, 20, attacked several shoppers on September 17 in a frenzy, asking his victims if they were Muslim before he stabbed them. ISIS claimed responsibility for attack shortly after. FBI director James Comey told the House Judiciary Committee his agency is reviewing Adan's electronic devices -- but is having issues getting into his iPhone. The device remains locked, as agents are "exploring technical and legal options," Minneapolis FBI spokesman Jeff Van Nest said. He declined to specify what model the iPhone was.

The new line for the Johnnie Cochran's out there

[LeftCoastThinker]

The new line for the Johnnie Cochran's of the world: "If you can't unlock, you must acquit." The reality is that police do have a right, with a court order to search everything related to you, especially if you commit multiple attempted murders. The public has a vested interest in knowing if you had any co-conspirators among other things. That said I am all for strong encryption on all electronics. I think the best solution is some middle ground. I don't know where that middle ground is. The reality is that we the people need to start by requiring the federal government to treat our computers, email and cell phones with the same level of respect for privacy as is given to the US mail (i.e. its a felony to tamper/interfere/gain unauthorized access). Once that is established we can have a conversation about giving access with court order to some or all of these items.

Re:The new line for the Johnnie Cochran's out ther

[DaHat]

What about physical access to device. Should the device contain the decryption key, so that it could be decrypted if the flash chip is removed?

The device always contains a decryption key... it's just a matter of how hard it is to get to... and it may not actually be located in flash memory.

Disassembly that might take a tech an hour or two?

Disassembly yes, retrieval, no.

What do you know about focused ion beam hacking? http://semiengineering.com/eve...

Short version: A reverse engineer can take a dozen or two chips of the same kind, slowly grind them down layer by later, selecting the best example of each level, then continue the process. Once you've gone through all of the layers you can actually construct a pretty accurate design of the internals. From there, you can use a FIB and some probes to actually get access to the inner workings of the chip.

Chip designers for years have to various extents attempted to take steps to prevent this. The one advantage they have is doing so is very difficult & expensive... but a successful hack can more than pay for itself.

I ask not for government but for other third parties. If you die should your spouse gave legal right to access your phone and encrypted storages?

Which is a fair point. If your loved one goes missing and leaves their phone behind, unlocking it to find out who they were recently talking with may be difficult if not impossible. If someone dies, your window to use their finger to unlock the device is quite short.

This is only a wider version of a long standing problem... as I don't know many people who make it a point to stash a BitLocker/TrueCrypt/etc keys to a safe spot that will be discoverable upon their disappearance or death, but secure enough that an angry spouse or law enforcement agent wouldn't be able to uncover.