The standoff is not over between Apple and the FBI.
A court ordered Apple to help the FBI hack into a locked iPhone used by Syed Farook, who together with his wife Tashfeen Malik killed 14 people in San Bernardino, California, in December, but the company denied citing security issues.
If the FBI has managed to break the iPhone’s security, others may do so in the future — this could undermine the trust between Apple and its clients and even impact iPhone sales.
The FBI certainly got a victory after announcing that they had managed to decipher the iPhone from San Bernardino. But Apple now wants to know how they did it. And the tech giant is ready to go to court to compel the agency to reveal that secret.
Why Apple needs to know at all costs how the FBI broke the phone
This is not a matter of honor for Apple. It is also an issue of security and history. The company has for a long time boasted of invulnerability and how they had secured the latest version of their operating system. But that is now called into question, including the competence of the engineers who designed it. How the FBI bypassed the encryption and through the security measures in the iPhone OS is crucial for Apple.
If the FBI has managed to break the iPhone’s security, others may do so in the future — this could undermine the trust between Apple and its clients and even impact iPhone sales.
Several ideas have, however, emerged from last week about how the FBI proceeded; including the identity of the famous third person who could have helped. The first hypothesis, which is more than likely, is that the agency appealed to Israeli computer security company Cellebrite, the market leader in mobile digital investigative solutions.
The Cellebrite company could be the mysterious third person
Cellebrite markets several solutions on how to break into mobile phones. These devices, called UFED (Universal Forensic Extraction Device), are recognised by courts around the world and used to extract data from phones (SMS, call logs, videos, location, address book, etc.) spying into the operating system, system files and flash memory on the device. Even data that has been deleted or placed in the cloud can be recovered by this device.
The device works on most phones including locked iPhones, with simple or complex passwords. The only problem is that on their site, Cellebrite states that they are only able to crack devices running iOS 4, 5 and 6.
But the San Bernardino iPhone worked with iOS 8 or 9. Or maybe the FBI resorted to the method of extraction of the NAND flash memory.
The extraction of the NAND Flash
In his blog, security expert Jonathan Zdiarski outlined last week how to proceed. He advocated for removing the NAND flash memory chip to copy. An operation called “NAND mirroring”.
Once copied, the content is accessed through a NAND flash memory external drive. All that remains is to find the password by attacking the system with brute force, that is to say, by testing all possible combinations. Normally iOS erases all information after a number of failed attempts. But it would be enough to multiply copies workaround to getting the right password. So long and tedious.
If this is the method that has been used, it would mean that Apple did not provide security mechanism to make the data unusable in case of extraction of the NAND flash memory chip.
Originally published at Pulse Ghana on March 29, 2016.