A researcher at IOActive believes the U.S. intelligence community has the capability to carry out a delicate hardware hack that could unlock the iPhone 5c at the center of the current FBiOS debate.
The attack requires considerable financial resources and acumen with an intrusive attack against the device’s chip in order to extract enough data to be able to guess the phone’s passcode offline.
Researcher Andrew Zonenberg told Threatpost that he has never tried an invasive attack against an iPhone, but that such attacks are risky and could destroy the chip and render all the data the FBI covets lost.
Invasive probes, he said, are not the only option. Zonenberg said that power analysis can also be conducted against the chip as it carries out cryptographic operations. That information, he said, could leak enough data about the crypto key.
“Once you get enough power traces, you could do the rest of the cryptanalysis offline,” Zonenberg said, cautioning that he’s uncertain whether Apple has built in any protections against power analysis that would impede this approach.
These capabilities, however, are limited to a relatively small number of people who have the understanding of how to analyze chips, either invasively or by other means.
“I can all but guarantee you that Intel and other chip companies can do it. Chip companies have the equipment (including a focused ion beam) and maybe the expertise,” he said. “Apple has information about the design of course, so they would know the first places to go for.
“Other than a bunch of universities that do higher-end research on semiconductor stuff, there aren’t a lot of other places.”
Zonenberg said that this type of research could run into the tens of thousands of dollars in lab time and equipment rental fees just to find the memory in question on the iPhone plus whatever it would cost to hire the expertise.
“It would not be cheap. For a one-time analysis for any model iPhone you’re looking at couple of months at best by skilled and expensive people,” he said. “Once you get that, the cost of an attack per device would be cheaper on the order of mid-tens of thousands depending on what is involved and the non-trivial chance of destroying the chip.”
The fact that the guesswork trying to ascertain the four-digit passcode on the phone belonging to San Bernardino shooter Syed Farook would bypass Apple’s native security on the device is a major stumbling block for the FBI. Apple’s security allows only for manual passcode attempts, and also inserts a lag between incorrect guess up to an hour, and ultimately wipes the phone after 10 incorrect guesses.
The FBI won an early ruling in court last week when a California federal magistrate ordered Apple to assist the FBI by building one-time firmware for the device that would disable those security measures. Apple CEO Tim Cook quickly and defiantly refused to comply citing not only the privacy and security of his company’s customers, but also the precedent it would set with law enforcement.
Over the weekend, the House Energy and Commerce Committee invited FBI Director James Comey and Cook to appear before the committee to iron out the issue. Separate letters to Comey and Cook were sent on Friday seeking an explanation of the issues and how both sides will move forward.
This came after the U.S. Justice Department said in a court filing with the U.S. District Court in Central California that Apple’s refusal to cooperate was based more on brand protection and marketing than security and privacy.
“To the extend that Apple claims that the Order is unreasonably burdensome because it undermines Apple’s marketing strategies or because it fears criticism for providing lawful access to the government, these concerns do not establish an undue burden,” the filing said.
Also over the weekend, the FBI released a statement it worked with San Bernardino County—which owns Farook’s iPhone—which reset the password on the phone’s iCloud account giving the FBI access to any backups performed on the device.
In a statement published by re/code, the FBI said the county technicians did not act independently, instead on Dec. 6, the FBI and the county reset the password. The last backup done on the phone, however, was Oct. 19, close to two months before the shootings.
IOActive’s Zonenberg, meanwhile, told Threatpost that an invasive hardware attack hack is likely also in the National Security Agency’s arsenal; the NSA has been absent from discussions since this story broke last week.
“It’s been known they have a semiconductor [fabrication] since January 2001. They can make chips. They can make software. They can break software. Chances are they can probably break hardware,” he said. “How advanced they were, I cannot begin to guess.”
Zonenberg said an invasive attack requires the removal of the iPhone’s chip and the application of acid to remove its encapsulation. Once that’s been achieved, using an ion beam, the attacker would drill into the chip where the iPhone’s unique ID (UID) is stored. Once exposed, the attacker would need to use probes where the UID is located in order to read it bit-by-bit. The same process can be used to extract the key “tangled” with the passcode entered by the user in order to unlock the phone. That is enough data, he said, to bruteforce the user’s passkey offline away from Apple’s built-in security.
“On a modern device like the iPhone, you would have to spend a lot of time just find where the kid is, and you could destroy the phone in the process,” Zonenberg said. “You have to know where memory is, and you only get one shot with the actual unit.”