FBI acknowledged today that there “appears” to be an alternative way into Farook’s iPhone 5c – something that experts have been shouting for weeks now; in fact, we’ve been saying there are several viable methods. Before I get into which method I think is being used here, here are some possibilities of other viable methods and why I don’t think they’re part of the solution being utilized:
With those methods eliminated from our argument, we’re left with one that sticks out the most. But first, the “who”: we do know that the FBI frequently works with a number of contracted external forensics and data recovery labs, especially a handful at the top. The likelihood here is that a third party contractor, such as one of these forensics or data recovery firms, has devised a method and notified FBI of their findings. Many firms have outright denied that they are the one, however there are at least a few firms that are not denying it, or not talking at all. The one that is the most tight lipped is, of course, the one people are paying the most attention to. I’m not at liberty to specify who, but you can count on reporters to be banging on doors in the middle of the night for this kind of information.
Speaking of middle-of-the-night, the brief was dated for Sunday, suggesting perhaps it was put together Sunday night. No forensics companies in the US are likely up and working at that hour, which seems to at least hint that it’s possible this company may be based overseas, where it would’ve been Monday morning. This is speculation, however worth investigating as a number of such DOJ contractors are based overseas.
We also know, based on the submitted court brief today, that FBI believes two weeks will be sufficient time for them to test and verify the soundness of this alternative technique. This tells us two things: 1. Whatever technique is being used likely isn’t highly experimental (or it’d take more time), and 2. Chances are the technique has been developed over the past several weeks that this case has been going on.
So what technology could be developed and reliably tested within say, roughly a month? Just a few weeks ago, congressman Issa confronted Comey rather aggressively before Congress. He described a NAND mirroring technique that the tech community had been buzzing about for a week or so prior to the hearing. He referenced “making 10,000 copies” of the storage chip. In reality, this process is much easier, and that’s what I think is probably the most feasible technique to use here.
Most of the tech experts I’ve heard from believe the same as I do – that NAND mirroring is likely being used to some degree to brute force the pin on the device. This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip. This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, they’re trying different pin combinations. It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.
One other possibility exists along the same lines. Some firms have developed hardware invasive techniques that worked on older iOS 8 devices in a fashion similar to IP-BOX, that allowed them to brute force the pin code by blocking the writes of the passcode attempts to disk. In iOS 9, Apple made a change that caused these passcode attempts to be verified on disk after they were written. Using a NAND copying / mirroring technique, this barrier could be overcome in iOS 9, allowing the device to write and verify the attempt, but have that change later blown away by restoring an original copy of the chip. They wouldn’t have to copy the whole NAND in this case. If they can isolate the part of the chip that is written to (even though it’s encrypted), they can just keep writing over that portion of the chip. If the methods from iOS 8 were borrowed for this, then it could be partially automated by entering the pin through the USB, as well as using a light sensor to determine which pin successfully unlocked the device
NOTE: They actually made this change in several different versions of iOS, but the IP-BOX developers kept finding ways around it. The change that broke IP BOX fixed a race condition, but there was also the actual write-verification of the passcode attempt, which happened later on to put other tools out of commission.
All of this paints a pretty clear picture: the leading theory at present, based on all of this, is that an external forensics company, with hardware capabilities, is likely copying the NAND storage off the chip and frequently re-copying all or part of the chip’s contents back to the device in order to brute force the pin – and may or may not also be using older gear from iOS 8 techniques to do it. The two weeks the FBI has asked for are not to develop this technique (it’s most likely already been developed, if FBI is willing to vacate a hearing over it), but rather to demonstrate, and possibly sell, the technique to FBI by means of a field test on some demo units.
This shouldn’t be a surprise to anyone, as it’s a fairly straightforward technique. It’s also a technique that wouldn’t work in an A7 or newer iPhone that has a Secure Enclave. More importantly, this technique wouldn’t work at all had Farook used a complex alphanumeric passcode. The weak link in all of this has been Farook and his poor choice of security.
Disclaimer: My hypothesis could just as easily be wrong, given that we have very little information to go on. This is merely my fair assessment based on what I know of the details of this case. The NAND being in play seems the most likely scenario, however.
The FBI is rumored to have classified this technique, only 24 hours after requesting a two-week window to give report. If true, FBI wouldn’t classify something that they haven’t validated, which means they validated it too. This suggests the technique *could* also be an exploit, so now we’ve two different possibilities to consider. The classification also suggests a little bit about the company. The company must have engineers capable of holding (or already holding) clearances, suggesting it’s a rather large company. This is consistent with the speculation about the identity of the company. Also note that by classifying this technique, the cost of it just skyrocketed probably by a factor of 10 or more. Expect that this technique was/is sold privately for well over a million.
My gut still tells me this is likely a NAND hardware technique. A software exploit doesn’t scale well. I know this because my older forensics tools used them, and it required slightly different bundles for every hardware and firmware combination. Some also work against certain versions, but not against others. They scale poorly, and can be patched easily. If the FBI considers this technique important enough to classify it (which probably implies acquiring the technology), then they’re expecting long term efficacy and scalability out of it, to use on a wide range of devices. The NAND hardware technique should work on any iPhone 5c or older, regardless of firmware version. There’s no need to muck around with guessing models or OS, no fear of Apple patching it out of newer firmware.. it just works.
Reuters has identified the company involved as Cellebrite.
An anonymous source came forward and told WaPo the method being used is a software method. There’s certainly more than one way to skin a cat, but I have my doubts about the reliability of this information. A few things bother me:
Ultimately, any of the methods I cited in this post could work, the real question is which of these fit the circumstances. An exploit it certainly possible; I still think attacks on the NAND are more likely – and as I said, this doesn’t have to be direct “chip copying”, but could include copying even a single block of data back and forth on the NAND, or finding another way to prevent the counter write from becoming permanent in the NAND. Unfortunately, we may never find out as the FBI has reportedly moved to classify all of the details that would not only inform the public of the threat to their security, but also facts that would hold the FBI accountable to whether or not due diligence was done in exhausting all possible techniques.