
Barr Asks Apple to Unlock iPhones of Pensacola Gunman - nahikoa
https://www.nytimes.com/2020/01/13/us/politics/pensacola-shooting-iphones.html
======
anonu
The key sentence from the article for me is: the company has refused to help
the F.B.I. open the phones themselves, which would undermine its claims that
its phones are secure.

I would assume that even if the software/cryptography is secure, Apple would
have a physical/hardware-based way to access the data. But they can't admit to
this as its a big part of their marketing around the product.

I think there may be an Israel-based security company that has managed a
hardware bypass. But this was a few iPhone generations ago. Not sure about the
latest products.

~~~
olliej
No, read the Apple security white paper. Apple can’t install software on the
phone without the passcode, and the permanent storage is encrypted by keys
held in the Secure Enclave - eg an HSM designed specifically to thwart
physical attacks.

All the existing attacks have started with at least a partially unlocked
phone.

~~~
anonu
Maybe that's all true.

But can you discount a scenario where a hardware hookup and brute forces
through all possible numeric security codes? Could take less than a minute.
Who is to say there isn't a bypass that allows them to do this? Very hard to
tell

~~~
olliej
The secure element is responsible for gating retries, and like all HSMs is
designed specifically to prevent tampering, so everything - including retry
counts and delays - is theoretically rendered untamperable.

I am aware of two bugs in that logic over the years - I can’t find the
articles off the top of my head. One was essentially a TOCTOU bug that could
be triggered via voltage spikes to reset the device after you tried to unlock
but before it updated the retry count. The other required imaging and
restoring the flash between each attempt. I don’t know how that was fixed, but
it should hopefully be obvious that That is going to take more than a minute
to brute force a 6 digit passcode.

------
noodlesUK
If Apple were to cooperate, what’s to say they are even able to decrypt a
device like this post-facto. If their crypto implementation is sensible it’ll
be impossible. Perhaps because PINs are weak it’d be possible to get the
secure element to release the key material by reflashing it, but again, in a
sensible design, any secureROM reflash probably should wipe the chip.

------
mhb
Interesting quote from the article:

 _As in the investigation into the Pensacola shooting, the San Bernardino
gunman, Syed Rizwan Farook, was also dead and no longer had a right to
privacy._

~~~
masonic
In that case, the phone _wasn 't even his property_. It was owned by the
government agency he worked for, and _still_ Apple refused to help.

------
throwGuardian
Apple has a track record of only punching down, never up. In China, these
histrionics would be brusquely ignored with threats of a sales ban and fines,
which is why Apple promptly handed over iCloud-China operations to a
government owned/approved cloud.

In this case, Barr has a better chance of Apple complying, by simply routing
the request through China.

