Apple must help Feds unlock San Bernardino killer's iPhone – judge Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to one of the San Bernardino shooters in California. US magistrate Sheri Pym says Cupertino has to find a way to supply software that prevents the phone from automatically annihilating its user data when too many password attempts have …
http://www.apple.com/customer-letter/
The fact the FBI are trying to leverage a very old statute is what makes this scary. It opens the door for them to get access to any device they want. It's not a "this will be used on only this guy, trust us!" It's a build a master key to unlock any phone so we can use it when we like, there's no mention of needed an actual search warrant to do it either.
Technically I'd say it could be done.
There are virtual machines for operating systems on PC's & servers are there none for phones ?
Copy the entire phone into a virtual machine, which should be possible with even powering it up using diagnostic hardware.
Then brute force the vm phone, when it locks make a new vm from backup continue with brute force, repeat until vm is unlocked.
Or does Apple not have a virtual environment for testing new phones ?
Whether it should be done is another question
This really relies on where the code for those 10 password attempts are stored, importantly, where the CMP# zero (attempts left), JPZ #xxxx / ARM Branch instruction is executed, causing the wipe routine to be executed.
Trouble is, often this code is decoded 'in-line', the code before, acts as the decryption values for the code ahead - linked to interrupt timing routines, based on the number of machine cycles to execute a particular instruction. Modifying anything, acts as a tamper switch, altering the processing timings of the code, rendering the code ahead useless. The code ahead also often deletes/scrambles the code behind.
Simply, its the equivalent of the Wallace and Gromit penguin scene, where Gromit lifts a piece of the rail track from behind to lay out in front of the train (he's sitting on), so the train (code in this case) continues to run.
It sounds like a hardware test rig might be possible to image the data off the device 'in-situ' then copy this frozen data back each time a password is attempted to the hardware rig assembly, to allow multiple tries, but I don't see how Apple is under any obligation to offer a hardware test-rig to help decode its own product, or likely to co-operate.
I'd probably think laterally on this one and 'ask' Samsung to do it. I'm sure Samsung has a test-rig somewhere where they have reverse engineered every aspect of the iPhone and its code.
Why should Apple need to get involved in this one?
Why not let the FBI figure it out themselves?
I know I had an initial, emotional reaction to their citing of the San Bernardino case. My cynical side tells me this was a ploy to gain sympathy. My brain kicked back in & I remembered reading about the suspects. They sounded deliberate, careful and secretive. Not the types to have done something incriminating on a work phone.
Does the FBI really need this capability now? How do they apply it going forward?
"It’s technically possible for Apple to hack a device’s PIN, wipe, and other functions. Question is can they be legally forced to hack," said iOS security expert Jonathan Ździarski.
"Theory: either NSA/CIA dragnet and cryptanalysis capabilities are severely limited, or this is a test case to see how the courts respond."
For a security expert this guy is really stupid.
By and large the opinion of the security community has been, unless the device is truly secure, as in Apple can't hack the device, it isn't secure. If Apple can figure it out, so can somebody else, in particular state sponsored groups, but possibly including large or at least wealth criminal enterprises. So Apple set out to meet those requirements and thus far their defense has been precisely that even THEY can't hack the phones.
As to the second part, there is no need to test the courts. Apple is not charged in the crime, nor are they married to any of its perpetrators. Therefore once the Judge signs the warrant from the FBI, Apple MUST supply the evidence demanded if they are able to. In fact, what the FBI has done negates the usual criticism of privacy advocates that the police are attempting to circumvent established legal procedures.
That being said, I have to wonder why the FBI are so focused on the phone. If the perps had an Apple account and were backing up the phone using that account, it certainly is within Apple's ability to change the password on the account which would enable the FBI to download the data to an unencrypted device.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
