Could FBI Have Cracked Shooter's iPhone for Less Than $100?Researcher Demonstrates Technique, Acknowledges It Could Have Destroyed Device's Data
A U.K.-based security researcher has taken the FBI to task after demonstrating how the law enforcement agency could have cracked the San Bernardino terrorist's iPhone using a delicate, $100 operation that enables unlimited passcode guesses.
See Also: Case Study: The Road to Zero Trust
Sergei Skorobogatov, a senior research associate in the security group at the University of Cambridge's computer laboratory, released an academic paper and video showing how he accomplished what's called NAND mirroring. The technique, also referred to as "chip off," allows all four-digit passcodes to be guessed in around 40 hours.
The procedure can be used against older iPhones that have enabled a security feature that erases the device's data after 10 incorrect passcode guesses. But it's a technically difficult operation, and one that could easily destroy a device's data if not flawlessly executed.
FBI vs. Apple
In March, FBI Director James Comey contended that such a procedure would not work to unlock an iPhone 5c belonging to Syed Rizwan Farook, who with his wife shot and killed 14 people in San Bernardino, Calif., in December 2015. Skorobogatov's work, the first public demonstration of such a technique, shows that while Comey's contention is not true technically, there are plenty of reasons why the FBI likely brushed it off.
NAND mirroring had been suggested as a possibility after the FBI in February launched a controversial legal battle against Apple. The agency sought to force Apple to create a special version of its iOS mobile software to circumvent security controls on Farook's iPhone. Apple argued that such software - essentially a government-ordered backdoor - would put millions of users at risk (see The Crypto Debate: Apple vs. the FBI).
While many experts said that NAND mirroring would be an option, they also advised that it was risky. The FBI eventually paid less than $1 million to a contractor for a technique - which presumably exploited a chain of software vulnerabilities in iOS - to unlock the device. At the same time, it dropped the related challenge against Apple.
Skorobogatov, who says his research required less than $100 worth of off-the-shelf components, generally agrees that his technique is risky. "Although it does not require expensive equipment there were several unexpected traps, pitfalls and obstacles on the way to full success," his paper reads.
Heat It Up
Skorobogatov's paper and YouTube video show why the FBI probably decided not to go the NAND mirroring route: It involves a lot of heat, delicate iPhone surgery and perseverance in the face of numerous other software glitches.
The encryption key that scrambles data on the iPhone is stored on a NAND flash chip. If the security feature is enabled, that key is erased after 10 incorrect passcode guesses. The way around the problem is to copy the data, including the key, and restore it once 10 guesses have expired.
To copy it, the NAND flash chip has to be removed from the phone. The chip is soldered into the main printed circuit board (PCB) and also held in place with a strong epoxy. It's a tight space to work: There's only a .05mm (0.02 inch) gap between the bottom of the NAND chip and the PCB.
"Unless properly planned and supported by special thin blade knife tools, this could damage both the NAND and the main PCB," Skorobogatov writes.
Softening the epoxy requires a temperature of more than 572 degrees Fahrenheit. But if the whole area is heated to that temperature, the epoxy sticks to other small circuit board components, risking damage. Skorobogatov says he used a Nichrome wire heated with an electric current to 1,292 degrees to carefully weaken the epoxy. Then, he heated the printed circuit board to 302 degrees before further heating up the NAND flash chip. Once at the right temperature, he used a thin-blade knife to remove it.
Some Potential for Memory Damage
Even if the chip is successfully removed, repeatedly restoring its data could cause damage to the flash chip. Skorobogatov notes that NAND chips can be rewritten a few thousand times, but there's no way of knowing how many times the chip may have already be rewritten before starting a NAND mirroring operation.
That's where a longer passcode offers a better defense. A four-digit passcode would only require a maximum of 1,667 rewrites of the chip. But for a six-digit passcode, guessing could require as many as 160,000 rewrites, which would "very likely damage the flash memory storage," the paper states.