What’s the Alternative Method that the FBI will Use to Brute Force the iPhone
Right before Apple and the FBI were scheduled for a court hearing over their battle on unlocking an iPhone, the Department of Justice requested the judge to postpone the hearing. The DoJ has admitted that a third-party has offered its help to unlock the iPhone 5c and it might not need the help of Apple, after all. Following the decision of the judge vacating the hearing, Apple attorneys scheduled a conference call with reporters where it said that the company will ask the FBI to share the details of the exploit if the FBI keeps the case alive, which probably wouldn't be the case.
Until now, several experts have been saying that the FBI is simply using the recent terrorism case to get a legal support and set a precedent where it can push the tech companies to deliver whatever it asks for. Experts had also said that the agency could try several other methods without Apple's involvement in the case.
DoJ's request filed with the judge yesterday caused a lot curiosity in tech enthusiasts over how exactly the government was planning to unlock the iPhone. An in-depth analysis by Jonathan Zdziarski, a forensic scientist, now explains a lot of different techniques that are possibly not being used by the FBI and one that he thinks could be the method to unlock the iPhone - Nand mirroring. Nand mirroring was earlier referenced by Congressman Darrel Issa when he had confronted FBI chief Comey at the House Judiciary Hearing.
FBI to brute force iPhone with Nand mirroring?
Zdziarski and a number of experts speculate that the attack is based on a NAND mirroring technique, which is essentially a process to copy the flash memory of the device to be able to restore it a after a lockscreen wipe.
This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip.
This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, they’re trying different pin combinations. It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.
For those worried about the security of iPhones, any device with a Secure Enclave (iPhones launched after 5s) are immune to this attack. But yes, as Apple constantly works to protect its users against new exploits and vulnerabilities, the company will like to know exactly what vulnerabilities are going to be exploited to unlock the iPhone.
While it may seem like a win for the FBI as they won't need Apple's help, it's not. The FBI could have gotten into the contents of the iPhone 5c using an exploit if they had wanted to. But, vulnerabilities get fixed and any attack doesn't stay viable for a long time. Not wanting to rely on the exploits, the agency needed a legal right to get the data, no matter what the level of technical protections were in place. The federal bureau has been pushing to get this legal and permanent solution for over several years now. As Google and Apple have introduced stronger encryption techniques on their smartphones, FBI chief had even said that the companies have "gone too far" to protect their users.
Now that a third-party (possibly one of the FBI's contractors) has offered the agency a way to unlock this iPhone, it will be interesting to see if the bureau would pull off the case. If so, it could wait for another case to push Apple - or other tech companies, for that matter - into handing over a customized OS version.