My Take on FBI’s “Alternative” Method

FBI acknowledged today that there “appears” to be an alternative way into Farook’s iPhone 5c – something that experts have been shouting for weeks now; in fact, we’ve been saying there are several viable methods. Before I get into which method I think is being used here, here are some possibilities of other viable methods and why I don’t think they’re part of the solution being utilized:

  1. A destructive method, such as de-capping or deconstruction of the microprocessor would preclude FBI from being able to come back in two weeks to continue proceedings against Apple. Once the phone is destroyed, there’s very little Apple can do with it. Apple cannot repair a destroyed processor without losing the UID key in the process. De-capping, acid and lasers, and other similar techniques are likely out.
  2. We know the FBI hasn’t been reaching out to independent researchers, and so this likely isn’t some fly-by-night jailbreak exploit out of left field. If respected security researchers can’t talk to FBI, there’s no way a jailbreak crew is going to be allowed to either.
  3. An NSA 0-day is likely also out, as the court briefs suggested the technique came from outside USG.
  4. While it is possible that an outside firm has developed an exploit payload using a zero-day, or one of the dozens of code execution vulnerabilities published by Apple in patch releases, this likely wouldn’t take two weeks to verify, and the FBI wouldn’t stop a full court press (literally) against Apple unless the technique had been reported to have worked. A few test devices running the same firmware could easily determine such an attack would work, within perhaps hours. A software exploit would also be electronically transmittable, something that an outside firm could literally email to the FBI. Even if that two weeks accounted for travel, you still don’t need anywhere near this amount of time to demonstrate an exploit. It’s possible the two weeks could be for meetings, red tape, negotiating price, and so on, but the brief suggested that the two weeks was for verification, and not all of the other bureaucracy that comes after.
  5. This likely has nothing to do with getting intel about the passcode or reviewing security camera footage to find Farook typing it in at a cafe; the FBI is uncertain about the method being used and needs to verify it. They wouldn’t go through this process if they believed they already had the passcode in their possession, unless it was for fasting and prayer to hope it worked.
  6. Breaking the file system encryption on one of NSA/CIAs computing clusters is unlikely; that kind of brute forcing doesn’t give you a two week heads-up that it’s “almost there”. It can also take significantly longer – possibly years – to crack.
  7. Experimental techniques such as frankensteining the crypto engine or other potentially niche edge techniques would take much longer than two weeks (or even two months) to develop and test, and would likely also be destructive.

With those methods eliminated from our argument, we’re left with one that sticks out the most. But first, the “who”: we do know that the FBI frequently works with a number of contracted external forensics and data recovery labs, especially a handful at the top. The likelihood here is that a third party contractor, such as one of these forensics or data recovery firms, has devised a method and notified FBI of their findings. Many firms have outright denied that they are the one, however there are at least a few firms that are not denying it, or not talking at all. The one that is the most tight lipped is, of course, the one people are paying the most attention to. I’m not at liberty to specify who, but you can count on reporters to be banging on doors in the middle of the night for this kind of information.

Speaking of middle-of-the-night, the brief was dated for Sunday, suggesting perhaps it was put together Sunday night. No forensics companies in the US are likely up and working at that hour, which seems to at least hint that it’s possible this company may be based overseas, where it would’ve been Monday morning. This is speculation, however worth investigating as a number of such DOJ contractors are based overseas.

We also know, based on the submitted court brief today, that FBI believes two weeks will be sufficient time for them to test and verify the soundness of this alternative technique. This tells us two things: 1. Whatever technique is being used likely isn’t highly experimental (or it’d take more time), and 2. Chances are the technique has been developed over the past several weeks that this case has been going on.

So what technology could be developed and reliably tested within say, roughly a month? Just a few weeks ago, congressman Issa confronted Comey rather aggressively before Congress. He described a NAND mirroring technique that the tech community had been buzzing about for a week or so prior to the hearing. He referenced “making 10,000 copies” of the storage chip. In reality, this process is much easier, and that’s what I think is probably the most feasible technique to use here.

Most of the tech experts I’ve heard from believe the same as I do – that NAND mirroring is likely being used to some degree to brute force the pin on the device. This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip. This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, they’re trying different pin combinations. It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.

One other possibility exists along the same lines. Some firms have developed hardware invasive techniques that worked on older iOS 8 devices in a fashion similar to IP-BOX, that allowed them to brute force the pin code by blocking the writes of the passcode attempts to disk. In iOS 9, Apple made a change that caused these passcode attempts to be verified on disk after they were written. Using a NAND copying / mirroring technique, this barrier could be overcome in iOS 9, allowing the device to write and verify the attempt, but have that change later blown away by restoring an original copy of the chip. They wouldn’t have to copy the whole NAND in this case. If they can isolate the part of the chip that is written to (even though it’s encrypted), they can just keep writing over that portion of the chip. If the methods from iOS 8 were borrowed for this, then it could be partially automated by entering the pin through the USB, as well as using a light sensor to determine which pin successfully unlocked the device

NOTE: They actually made this change in several different versions of iOS, but the IP-BOX developers kept finding ways around it. The change that broke IP BOX fixed a race condition, but there was also the actual write-verification of the passcode attempt, which happened later on to put other tools out of commission.

All of this paints a pretty clear picture: the leading theory at present, based on all of this, is that an external forensics company, with hardware capabilities, is likely copying the NAND storage off the chip and frequently re-copying all or part of the chip’s contents back to the device in order to brute force the pin – and may or may not also be using older gear from iOS 8 techniques to do it. The two weeks the FBI has asked for are not to develop this technique (it’s most likely already been developed, if FBI is willing to vacate a hearing over it), but rather to demonstrate, and possibly sell, the technique to FBI by means of a field test on some demo units.

This shouldn’t be a surprise to anyone, as it’s a fairly straightforward technique. It’s also a technique that wouldn’t work in an A7 or newer iPhone that has a Secure Enclave. More importantly, this technique wouldn’t work at all had Farook used a complex alphanumeric passcode. The weak link in all of this has been Farook and his poor choice of security.

Disclaimer: My hypothesis could just as easily be wrong, given that we have very little information to go on. This is merely my fair assessment based on what I know of the details of this case. The NAND being in play seems the most likely scenario, however.

UPDATE #1:

The FBI is rumored to have classified this technique, only 24 hours after requesting a two-week window to give report. If true, FBI wouldn’t classify something that they haven’t validated, which means they validated it too. This suggests the technique *could* also be an exploit, so now we’ve two different possibilities to consider. The classification also suggests a little bit about the company. The company must have engineers capable of holding (or already holding) clearances, suggesting it’s a rather large company. This is consistent with the speculation about the identity of the company. Also note that by classifying this technique, the cost of it just skyrocketed probably by a factor of 10 or more. Expect that this technique was/is sold privately for well over a million.

My gut still tells me this is likely a NAND hardware technique. A software exploit doesn’t scale well. I know this because my older forensics tools used them, and it required slightly different bundles for every hardware and firmware combination. Some also work against certain versions, but not against others. They scale poorly, and can be patched easily. If the FBI considers this technique important enough to classify it (which probably implies acquiring the technology), then they’re expecting long term efficacy and scalability out of it, to use on a wide range of devices. The NAND hardware technique should work on any iPhone 5c or older, regardless of firmware version. There’s no need to muck around with guessing models or OS, no fear of Apple patching it out of newer firmware.. it just works.

UPDATE #2:

Reuters has identified the company involved as Cellebrite.

UPDATE #3:

An anonymous source came forward and told WaPo the method being used is a software method. There’s certainly more than one way to skin a cat, but I have my doubts about the reliability of this information. A few things bother me:

  1. The media is citing a USB bug that was patched in 9.3; it was released the day *after* the FBI brief was written. Building a PoC and putting together an exploit payload in a day is just not possible, let alone the day before. Therefore, if the FBI is using this exploit, then the media should be talking to Inverse Path, the author of the original PoC, as it would need to have been developed and tested before its public release. Inverse Path has denied working with FBI. This leaves the possibility open that it could be some other exploit, however if that is the case then it was most certainly under development when the DOJ filed its scathing brief about Apple, and possibly before.
  2. FBI Director Comey, in a press conference, claims the NAND technique “doesn’t work”; this says more about the credibility of this information than anything. Every expert I’ve consulted (including three hardware forensics firms) believe it works, and multiple firms are still in the process of validating the technique. The amount of time to prep and test this technique alone is proving greater than the month that we’ve been discussing it – it’s very unlikely that any reputable source could have already discredited this method, given how much time and effort it is taking everyone else to fully flesh out and test it. When asked directly if the FBI tried this technique, Comey dodged the question and replied (on the topic of “chip copying”), “I don’t want to say beyond that”, indicating the FBI hadn’t tried it. This speaks volumes about how flippantly the FBI is willing to discount viable methods endorsed by numerous researchers.
  3. In Comey’s press conference, he stated that they approached everyone they thought might have an idea, however not one security researcher (including myself) claims to have been contacted by FBI. Specifically, this would make sense as these are security researchers who have been credited by Apple for finding vulnerabilities in iOS since the time Farook’s device was recovered. Other researchers attempted to approach FBI for collaboration, but were turned away. While I wouldn’t expect the FBI to consult with “everybody”, respected researchers in the field who have found vulnerabilities in iOS before should certainly be at the top of the list of people to talk to.
  4. The media has been speculating that Cellebrite, and not an individual, is assisting the FBI. Cellebrite has been extremely tight lipped about this, however some of their employees have already dropped hints on social media. Comey didn’t rule this out. When asked directly if it was a company they’d ever worked with before, Comey declined to comment. Ironically, the original leak came out of an Isralei newspaper, where Cellebrite’s HQ is located; some in the media have speculated that the leak came from inside Cellebrite, possibly intentionally. If Cellebrite is not the mystery company, then they sure are doing a good job of pretending they are. If theyre not, then they should do the honest thing and express that publicly, like other firms have done, especially now that they’re the center of attention.

Ultimately, any of the methods I cited in this post could work, the real question is which of these fit the circumstances. An exploit it certainly possible; I still think attacks on the NAND are more likely – and as I said, this doesn’t have to be direct “chip copying”, but could include copying even a single block of data back and forth on the NAND, or finding another way to prevent the counter write from becoming permanent in the NAND. Unfortunately, we may never find out as the FBI has reportedly moved to classify all of the details that would not only inform the public of the threat to their security, but also facts that would hold the FBI accountable to whether or not due diligence was done in exhausting all possible techniques.