179

As far as I understand, the 4 digit passcode is combined (in some fashion) with a key stored in secure read only memory (e.g. secure enclave chip or similar), where it is directly embedded into silicon wiring to help prevent unauthorized reads.

But no matter how strong or multi-layered or complicated the security is, wouldn't it still be possible to read the key directly from the silicon wiring of the secure chip or ROM, using some electron microscopy technique or similar? If so, surely the FBI could develop the technology for this, without asking Apple for help.

user9806
  • 1,689
  • 2
  • 9
  • 4
  • 13
    FTR, iPhone 5 doesn't have secure enclave – Neil McGuigan Feb 18 '16 at 19:30
  • 21
    @NeilMcGuigan Good point. I think a lot of news items that discuss this situation are totally, utterly confused by the secure enclave vs. no-secure enclave issue, and wind up talking about extracting stuff from an enclave when that's not actually at issue in this particular case. But that still leaves the question: in iPhones that lack an enclave why can't the FBI just copy the part of the encryption key that's held (not in a secured area) by the device, copy the volume to be decrypted, and just brute-force the passcode (which is the remaining portion of the encryption key) straightaway? – mostlyinformed Feb 18 '16 at 19:59
  • @NeilMcGuigan I'm reading that it does? http://www.slate.com/articles/technology/future_tense/2014/09/ios_8_encryption_why_apple_won_t_unlock_your_iphone_for_the_police.html – schroeder Feb 18 '16 at 21:14
  • 3
    @schroeder looks like it's on any iphone w A7 chip or newer (Sept 2013). This includes iPhone 5s, but not iPhone 5. I'm not sure about 5c – Neil McGuigan Feb 18 '16 at 21:25
  • Ok - see it now. BTW, 5c has A6: http://www.techtree.com/content/features/4633/apple-iphone-5-iphone-5c-iphone-5s-key-differentiators.html – schroeder Feb 18 '16 at 21:30
  • 1
    Relevant question on Crypto.SE: http://crypto.stackexchange.com/questions/32886/why-does-the-fbi-ask-apple-for-help-to-decrypt-an-iphone – jwodder Feb 18 '16 at 21:39
  • 2
    iOS also supports 6-digit passcode and also passphrases. Has it been stated which type this device is using? – ThomasW Feb 19 '16 at 03:01
  • 5
    The most impressive hack here is how Apple is getting all this free press just for getting the FBI to ask for help. Apple has helped before. Saying no now does far more for the perception that an iPhone is secure than it improves actual security. – candied_orange Feb 19 '16 at 03:39
  • 6
    @CandiedOrange In the past Apple has complied with government orders to extract data that was extractable without unlocking on iOS 7 and earlier. iOS 8 is more secure and the data is locked. http://techcrunch.com/2016/02/18/no-apple-has-not-unlocked-70-iphones-for-law-enforcement/ – ThomasW Feb 19 '16 at 06:56
  • Or go to one of the many companies that offer this as a service... – PlasmaHH Feb 19 '16 at 09:02
  • "Surely the FBI could develop the technology for this" - You might be underestimating the hardware-obfuscation possible here since Apple itself designed that A6 processor. Since there's a chance Apple did something special inside that chip to tighten security, the FBI really should ask for Apple's help. (Apple too would be more accommodating if the remaining threat were higher.) – bobuhito Feb 19 '16 at 11:54
  • Why go to all that expense and effort when you can just get someone else to do it for you, quite possibly for free? – Compro01 Feb 21 '16 at 11:35
  • 2
    @Compro01 because **now** someone else might be able to do it. But if you can force Apple to decrypt the device now, they will have to decrypt devices in the **future**, even more secure devices no one else can decrypt! – Josef Feb 22 '16 at 11:10
  • @ThomasW Or perhaps that what we're being led to believe... –  Mar 05 '16 at 14:29
  • @franklin If you have any evidence to the contrary please let us know. – ThomasW Mar 05 '16 at 15:04
  • @user9806 "embedded into silicon wiring" ?? how ? – AminM Apr 09 '16 at 06:57

8 Answers8

226

Yes, it is possible. However, that runs the risk of destroying the device without getting the data off first, which is undesirable. It also does not achieve the political goals of forcing Apple to assist in decrypting the device, paving the way with precedent for the flurry of future requests of this sort to come, some of which are certain to have less favorable facts and thus are not as suitable as test cases.

Xander
  • 35,525
  • 27
  • 113
  • 141
  • 165
    Buying a dozen iPhones to test any physical extraction method would be a lot cheaper than everything about this affair, so one has to assume that the question is no longer about the San Bernardino case. – Thomas Pornin Feb 18 '16 at 18:22
  • 8
    @ThomasPornin This is exactly the thought that I had. But the confusing thing (to me, anyways; iOS is not an ecosystem I'm all that familiar with) is that some items I've seen have asserted that for the iPhone 5c extracting data--even if you could do so with 100% guarantee of success-- from the secure module would not be enough, by itself, to allow easy decryption. Though other sources I've read assert that after a successful extraction the FBI would merely be left with a super-quick brute-forcing job to gain the passcode. (I'll admit that at this stage I'm just as confused as OP...) – mostlyinformed Feb 18 '16 at 19:36
  • 4
    If all the data is extracted and this is merely a matter of pure software, then a brute-force on a 6-digit PIN is not going to take long. If a single iPhone can verify/process a PIN within one second, then the same iPhone hardware can necessarily perform the same job for 1 million PIN in 1 million seconds at most -- and that's assuming a rather heavy PIN processing. With a couple of good PC this will be done in less than 24 hours, and probably a lot less than that. – Thomas Pornin Feb 18 '16 at 19:48
  • 1
    That was my understanding as well,re. the ease of brute-forcing the PIN. But some news outlets (well, *many* outlets) are utterly confused on that point. I know, incorrect information about tech in the news media. Shocking. – mostlyinformed Feb 18 '16 at 20:04
  • 12
    @ThomasPornin Xander Ok, slight issue: as NeilMcGuigan just pointed out above the iPhone 5c *doesn't actually have a secure enclave*. (Oops.) http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/ The partial key is burned into the hardware, but not protected. But that seems to make the question of why the FBI can't simply read the 5c's **not-enclave/module protected** partial encryption key from the phone and gain the remainder of the key (ie. the PIN/passcode) via brute-forcing even more puzzling. – mostlyinformed Feb 18 '16 at 20:15
  • 3
    @halfinformed If they try to brute-force by just trying codes, the phone will automatically erase itself after 10 failed attempts. However, I'd think the FBI Lab would be capable of copying the encrypted contents of the flash chips (or whatever storage mechanism) onto a computer that doesn't have that drawback. – reirab Feb 18 '16 at 23:28
  • 2
    @reirab They probably can, if they work at it. However, the specific content they need, the flash memory with the key in it, is stored in a region of silicon which is *intentionally* as hard as possible to copy from without jeopardizing its contents. – Cort Ammon Feb 19 '16 at 00:03
  • 1
    @ThomasPornin - Sure they could buy a dozen (or 100) phones to play with, but if they are unsuccessful on 2 out of 12, are they going to accept a 1 in 6 chance that they'll destroy the evidence? The skills and equipment to do so are not cheap, so they could rack up hundreds of thousands of dollars (or millions?) just in testing the technique. – Johnny Feb 20 '16 at 02:00
  • 1
    More than just "undesirable", I suspect that such invasive/destructive methods of key extraction may well be much less forensically sound, and therefore run greater risk of challenge in any ensuing court proceedings. – eggyal Feb 21 '16 at 10:39
  • 1
    @Johnny It's not like the FBI would just roll a pair of dice for every attempt! The point is that once they figure out a reliable method of data extraction (by experimenting on a pile of iPhones), they'll be able to safely apply that to the San Bernadino phone, with a far higher chance of success than 1 in 6. – William T Froggard Feb 22 '16 at 14:07
  • so much like. As techies, we get tunnel vision on how things work at the electron level, and forget about our duty as humans to resist evil of all forms, even if that evil speaks the same language/has a similar skin tone to us. Morals > how the gadget works – codyc4321 Feb 22 '16 at 18:03
  • And yes, the FBI doesn't care about terrorism in this case, not if the perpetrators/suspects are dead. They just wanna remove what little freedoms we have left and own human beings like any other form of property – codyc4321 Feb 22 '16 at 18:04
  • 1
    @WilliamTFroggard - got any references for that success rate? I've seen lots of theories online about decapping IC"s and using an electron microscope to read the flash, but few details or statistics about success rates. If it were a cost effective and reliable way to hack encryption (especially when reading from a security chip where the designer wanted to intentionally hide the data), wouldn't the FBI already be doing so? – Johnny Feb 22 '16 at 20:53
  • To respond to @ThomasPornin in a purely legal sense, from the point of view of a law and computer science major, that is indeed the point of this case: we as a society (and you as Americans) need to sort the more general problem out as a matter of public policy. In fact, Bloomberg is reporting that the case is destined for the USSC: a very interesting proposition given the recent vacancy that has arisen! – lol Feb 24 '16 at 05:05
  • Can you backup *Yes, it is possible* with **facts and references**? That is the only part of your answer that adresses the actual question (the rest is an opinion), so that is a bit meager. –  Mar 01 '16 at 10:32
94

What makes you think that they haven't already?

This case is about setting a precedent to obtain access whenever the government desires. They chose this case because America's fear of terrorism will give more popular support for setting this precedent than, say, busting a pot grower or catching a tax cheat.

What would be even better? Privacy advocates pointed out that existing spying operations haven't provided useful count-terrorism intelligence. What if this iPhone contains some golden nuggets of counter-terror intel? Officials will be vindicated, and have a much easier time racheting back privacy protections further in the future.

Maybe the FBI is taking a page from the good lawyer's handbook, and asking questions they can already answer.

erickson
  • 1,783
  • 11
  • 13
  • 14
    Also, they could just ask Apple "Please take this phone, and get such and such information off it for us using whatever means necessary, without revealing anything about the means. Then destroy it". That wouldn't serve the ulterior goal. – Kaz Feb 19 '16 at 02:50
  • 11
    @Kaz Wouldn't that have negative effects on any evidence gained (chain of custody)? – Bob Feb 19 '16 at 08:03
  • 3
    @Kaz That would make it impossible for the defense to investigate the evidence. – Selenog Feb 19 '16 at 12:16
  • 9
    @Selenog there is no defense, there is no criminal trial here; the perpetrators are deceased. The FBI wants the data off the device so that they can investigate *other* people who may be linked to the perpetrators & go up the chain of command in their terrorist cell. – alroc Feb 19 '16 at 16:43
  • 2
    @alroc Well and should they find any accomplices then that phone can't be used as evidence in the trail, of course assuming they get a trail, I guess. – Selenog Feb 19 '16 at 17:52
  • @Selenog A complete, decrypted dump of the phone would be made available to prosecution and defense. – Kaz Feb 19 '16 at 20:18
  • 2
    @Kaz and how would they be judicially certain the evidence is not tampered with? (in the hypothetical situation this information would have to be admissable in court, which seems far-fetched in any case). – rubenvb Feb 22 '16 at 09:50
  • 1
    Don't forget erickson, they won't allow you to access secret government data anytime YOU desire ;) – codyc4321 Feb 22 '16 at 18:05
  • @rubenvb Some protocol would have to be worked out for that, perhaps involving supervision. – Kaz Feb 22 '16 at 18:43
  • You are not answering the question "Is it possible" –  Mar 01 '16 at 10:33
78

It doesn't scale

While the general consensus is that such technology exists and would be available to FBI, it's not an appropriate general solution because it might be applicable to this case but (unlike a legal battle with Apple) it doesn't scale to all the other cases where they would want to do the same thing.

  • It is expensive - this case might be important enough to warrant the expense, but doing it for all the phones they'd want to read is even more expensive than, say, a prolonged legal battle with lots of lawyers involved;
  • It risks destruction of evidence - there is a significant risk of failure, and failure would mean permanently destroying the key and any means to recover it ever.

A solution that allows FBI to decrypt such phones safely and cheaply would be very desirable to them, so even if they are able read the embedded key from the chip, it is worth a try to get Apple to do it instead.

Peteris
  • 8,369
  • 1
  • 26
  • 35
  • 23
    +1 for a well-written technical answer to the question, without all the extra political commentary – Ajedi32 Feb 19 '16 at 16:13
  • 2
    I know right...understanding how the gadget works is more important than having morals and being human! – codyc4321 Feb 22 '16 at 18:06
  • 1
    This make sense. I would imagine they want to be able to have a signed shim bootloader that could bruteforce the pin sort of like what you can do by slightly modifying the Team Win Recovery Rom on an unlocked Android. That way they could just break any phone they physically have without having to pin into the PCB. – Ori Feb 26 '16 at 17:58
  • Can you backup *the general consensus is that such technology exists* with facts and references? –  Mar 01 '16 at 10:34
  • @JanDoggen The technology to analyse chips by microscopy has existed "forever" - here's a 10 year old survey paper http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-641.pdf that includes, among other things, an overview of various invasive attacks on chips. Here's https://gcn.com/Articles/2010/02/02/Black-Hat-chip-crack-020210.aspx a 5 year old successful attack on a comparable tamper-resistant chip. Credit card EMV chips are also vulnerable to chip-imaging attacks to extract keys, but they're mitigated by the fact that it's more expensive to extract a key than the limits on a single credit card. – Peteris Mar 01 '16 at 11:16
20

You are assuming the problem is technical. It might be political / legal. Let's assume the government already has the technical capability of extracting this information from phones, without Apple providing them a back door. The government, for both legal and technical reasons, can't admit that. Legally, because it might tip its hand to other investigations in which data was used obtaining this not-yet-legal method, which would taint those investigations.

Once, however, the courts force Apple to provide them a backdoor, then they can use their own backdoor with impunity, or just use Apple's.

Otheus
  • 607
  • 5
  • 8
9

Yes, it is possible. Secure enclave chip is tamper-resistant, but with Advanced (expensive) semi-invasive attack, this chip is vulnerable.

A good link that covers all aspects of attacks on tamper-resistant hardware (note: Dr Sergei Skorobogatov attacks military chips and we know that secure enclave chip of iPhone is weaker than military chip) http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html

intercept report a real hardware attack by CIA on iPhone and below paragraph is from theintercept:

At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of — and the amount of power used by — the iPhone’s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a “side channel” attack. The second focused on a “method to physically extract the GID key.”

But Apple-FBI backdoor is a part of a battle between government departments and crypto for privacy, so the goal of FBI is limiting all crypto-software with passing new law and Apple-FBI backdoor doesn't mean that FBI can't!

See more at: Delicate Hardware Hacks Could Unlock Shooter’s iPhone by threatpost:

“It’s been known they(NSA) have a semiconductor [fabrication] since January 2001. They can make chips. They can make software. They can break software. Chances are they can probably break hardware ”

  • 1
    The phone currently in question is of a model that does not have a Secure Enclave. – user Feb 22 '16 at 10:41
  • yes,but an advanced version of above attack is possible on newer models,plz see first link –  Feb 22 '16 at 15:08
  • +1 Finally an answer with some references that actually adresses the core question "Is it possible?" –  Mar 01 '16 at 10:39
  • I can't understand the number of downvotes this answer gets. – Deer Hunter Mar 01 '16 at 22:21
4

They can, but that's not the problem they're facing.

As you've mentioned, the encryption key is generated from a mix of the PIN number and the private key. The problem is the PIN number.

iPhones allow only a maximum of 10 tries to enter PINs after which it will refuse to accept any additional PIN input. Furthermore, users can configure the phone to delete all data on disk if the 10th attempt fails*. Now, I'm not sure if the specific phone they're trying to unlock has been configured this way but it's too big a risk to take if the data on the phone is important.

A 4 digit PIN has 10000 combinations. So being able to try just 0.1% of all possible combinations is unlikely to work.

What the FBI is asking is basically for Apple to install a custom OS on that phone without the 10-entry limit so that they can try all 10000 PIN combinations.

*Note: When configured to delete data on disk on failed attempts the iPhone won't actually format the disk, it would just delete the private key thereby making any further cracking attempt all but impossible.

Freiheit
  • 277
  • 1
  • 10
slebetman
  • 231
  • 2
  • 4
  • future cracking attempts won't be impossible. Just brute-force the private key. Too time-consuming? yes, but the USA government is the closest entity to the fabled "infinite processing power" grail. – Mindwin Feb 19 '16 at 14:30
  • 10
    I think you're missing the point of the question. If the FBI can extract the key and the disk image from the iPhone, everything in your answer here is irrelevant. They could throw the iPhone in a meat grinder and it wouldn't matter - they'd already have all the information necessary to make as many brute force attempts on the PIN as they want without any risk of data loss. – Ajedi32 Feb 19 '16 at 16:09
  • @Mindwin - you can't brute force the private key. It's AES-256. It's not about processing power. There isn't enough energy on earth to do it. – TTT Feb 22 '16 at 21:57
  • 2
    @TTT Last I checked, although your statement is technically correct, it is sooo far off the mark. The entire observable universe doesn't have enough time nor energy to brute force an AES-256 key. – Aron Feb 23 '16 at 01:06
  • @Aron - I'd like to leave open the possibility that some alien civilization could figure it out using an unknown technology. :D – TTT Feb 23 '16 at 02:48
  • 1
    @TTT That would not be brute force then. – Aron Feb 23 '16 at 02:49
  • @Aron - I meant a technology that would be *faster*; not one that would collapse the mathematics. Perhaps some sort of tacheyon device that takes as long as it needs and reports back when it's finished. (This is where conversations like this go to die, or end up in chat.) – TTT Feb 23 '16 at 02:56
  • 1
    @TTT The fact is "faster" is equal to "would collapse the mathematics". Entropy = Information. The universe isn't big enough for the amount of matter to exist for all possible keys to be computed. As a consequence, information must be deleted, which requires entropy to increase, which will have a limit. – Aron Feb 23 '16 at 03:01
  • @Aron - I thought for sure I had you at *tachyon* device. – TTT Feb 23 '16 at 03:28
  • 3
    @TTT I'm a Physicist by training. I actually know what a tachyon is. Here is the Physics that prevents the caluculation being possible. https://en.wikipedia.org/wiki/Landauer%27s_principle – Aron Feb 23 '16 at 04:51
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/36135/discussion-between-ttt-and-aron). – TTT Feb 23 '16 at 20:07
  • As far as I know, by default you can try as many passcodes as you like. As a security feature, the user can turn on "erase after 10 failed attempts". And to protect these users against pranksters who might intentionally erase a phone by typing in 10 passcodes, there is a time delay so it takes over two hours to erase a phone that way - the delay is not a security feature, but to protect from pranksters. – gnasher729 Feb 24 '16 at 21:53
1

No, even if you were theoretically able to get the embedded key in the hardware, you would still not have the 4 digit code that is combined with the embedded key. Of course, at this point it would be trivial to bruteforce (especially at just 4 digits long).

This answer is geared more towards the original question although other answers are doing well to expand on the discussion regarding the implications of the court's decision.

d1str0
  • 2,348
  • 14
  • 24
  • 3
    This doesn't appear to answer the question. Recall that the question is: "Would it be possible to read the key off the hardware?" Saying "Even if you could then..." is not an answer to the question. Perhaps it should be a comment, or shouldn't be posted at all. In any case, please don't use the answer box to post comments, discussion, or other commentary. Reserve the answer box for only material that answers the question that was asked. Thank you! – D.W. Feb 18 '16 at 23:45
  • 1
    @D.W. I think it actually answers the question better than the rest as mine specifically states you do not get the encryption key off of the hardware. It is only *partially* the key. There is still another factor needed to get to the key. – d1str0 Feb 18 '16 at 23:49
  • 2
    My reading of the question is that it's asking about getting the key (which needs to be combined with the passcode) out of the phone. Exactly because this would make a brute-force attack trivial. I think the OP figured that part too trivial to be worth spelling out. – Peter Cordes Feb 19 '16 at 10:14
0

My understanding is that reading anything "directly from silicon" is not practically possible in general case. While it is theoretically possible to determine silicon structure using an electron microscope (destroying a dozen of identical chips in the process), I'm not aware of any readily available methods to read flash memory contents.

Think about it: if it was possible to reliably read any chip's contents, why would the FBI bother to ask Apple for assistance?

Dmitry Grigoryev
  • 10,072
  • 1
  • 26
  • 56
  • 1
    Is it possible to add bonding wires to the embedded flash in order to read the key? Or just make it ignore the attempt limit by manipulating the relevant part with a focused ion beam. – Michael Feb 20 '16 at 07:23
  • because FBI don't know how to tie to vcc a R/W line on a memory chip. that's why. FBI has surely already done it. It just want apple on its side for the other 10000 phones it needs to decrypt – Gianluca Ghettini Feb 27 '16 at 10:23
  • 1
    It would be nice to have some references describing how such things are done. For what I know, even a copy protection bit in a PIC controller is pretty much a show stopper for firmware cloning, even for companies willing to pay tens of thousands $$ for it. – Dmitry Grigoryev Feb 29 '16 at 10:27