This week, the FBI said it now doesn't need Apple to crack into an iPhone. However, what does this tell us about encryption and the overall state of hardware security?

Larry Loeb, Blogger, Informationweek

March 24, 2016

4 Min Read
<p align="left">(Image: Images_By_Kenny/iStockphoto)</p>

iPhone Encryption: 5 Ways It's Changed Over Time

iPhone Encryption: 5 Ways It's Changed Over Time

iPhone Encryption: 5 Ways It's Changed Over Time (Click image for larger view and slideshow.)

It was the 12-round, heavyweight title fight that was supposed to be watched around the world -- no Pay-Per-View needed. Then, just before the bell rang, one of the fighters decided to return to the locker room for some more training.

On March 21, hours before Apple, the FBI, and Justice Department prosecutors could meet in federal court to hash out the legal arguments over hacking into a iPhone, the FBI filed papers that claimed it had found an outside party that could crack the government-owned iPhone 5C that was used by Syed Rizwan Farook, one of the two people responsible for the San Bernardino shooting in December.

This meant, essentially, that FBI didn't need Apple to do its work for it.

See you in April.

IBT is reporting that an Israeli forensics firm, Cellebrite, is the company that is helping the FBI bypass Apple in order to crack into Farook's iPhone. The iPhone itself is actually owned by Farook's former employer -- the county of San Bernardino.

Cellebrite is "a subsidiary of Japan's Sun Corp, has its revenue split between two businesses: a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices and technology for mobile retailers," according to Reuters.

Cellebrite has done this before, it seems, at least according to ABC News. The firm's engineers might even know how to do it without forcing a software fix to be issued by Apple.

The question that lingers is how will Cellebrite's engineers actually go about doing the hack? It's a hardware approach, I think. The kind of hardware hack that security people out there wondered why it had not been tried on the 5C before going to Apple.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

NAND mirroring, I bet, is the hardware technique that Cellebrite will be using. The technique is detailed by Zdziarski's Blog of Things posting and it seems reasonable.

Zdziarski's description of it makes the thrust of the technique clear:

Most of the tech experts I've heard from believe the same as I do -- that NAND mirroring is likely being used to some degree to brute force the pin on the device. This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip.

Now, was that so hard? The feds can access the hardware on that phone. They can desolder it and whatever else the agents need to do.

From an overall OpSec view, as Zdziarski put it: "The weak link in all of this has been Farook and his poor choice of security."

That brings us back to some of the recent "conversations" happening about how encryption and software relate to our society. Many of them ignore the particular facts about this iPhone 5C.

First of all, the government always owned it and can disassemble it however which way it wishes. It seems the FBI didn't realize -- or won't admit that it knew -- there were ways that have been around for a long time to do this sort of thing by mucking with the hardware. It was fortuitous that Japan, Inc. and Cellebrite were able to provide such experts.

Either that, or they were cynically trying to use the tragedy to get a rather nebulous claim ensconced in the courts. But, that discussion is for another day, maybe as soon as April 5.

In the meantime, the chairman of the US Senate Intelligence Committee says a bill to give law enforcement access to encrypted data could come as early as next week. Maybe that had more to do with the FBI's sudden change of plans rather than the technical know-how of Cellebrite. We'll see.

About the Author(s)

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights