
Hardware hack defeats iPhone 5C passcode security - ZeljkoS
http://www.bbc.com/news/technology-37407047
======
sschueller
Again, it only applies to iPhone 5 and below. No one has yet proved to being
able to clone the secure enclave and attempt this on a newer iPhone.

~~~
Bartweiss
Still - that's enough to make it interesting that the FBI rejected this
approach and then paid for an outsider's solution to accessing the phone.

~~~
dogma1138
No, it's not. Previous discussion
[https://news.ycombinator.com/item?id=12510586](https://news.ycombinator.com/item?id=12510586).

~~~
mrb
You are wrong. The San Bernardino attacker's iPhone was an iPhone 5C,
completely vulnerable to this NAND cloning attack.

~~~
dogma1138
>You are wrong. The San Bernardino attacker's iPhone was an iPhone 5C,
completely vulnerable to this NAND cloning attack. reply

No one claimed it wasn't, no one was even talking about the secure enclave
protected phones.

That doesn't mean that NAND mirroring is a forensically acceptable method,
hence it "doesn't work".

Read the paper, and read the discussion.

~~~
s_q_b
You're right.

But the question is, did the FBI read that image and seek a court order
anyway?

The FBI is slow, but not incompetent by any means. This was a terrorist's cell
phone, a crucial link to determining whether this was a lone act or a
coordinated plan.

Even if they couldn't introduce it in court, wouldn't they do it anyway? In
fact, it seems very suspicious that the FBI suddenly found an exploit vendor
after Apple refused to bow to governmental pressure.

So the question is becomes, "If they had the data anyway, why seek a court
order?"

To examine the problem, consider that to the FBI, accessing a single phone is
a win in a single battle. That is not what the FBI is after.

What they are after is total victory. They believe only an ironclad legal
precedent can win their war. They may be right. They may be wrong. I strong
suspect that they are wrong.

Encryption is like the tide. It can be pushed back, but in the end it will
win.

Water always finds the cracks.

~~~
dogma1138
Yes they were after a precedent because regardless of how "easy" this is it's
not a turnkey solution and it doesn't scale well.

The FBI were looking for an easy solution that every law enforcement can use
and that is to force Apple and other device makers to unlock the devices or
undermine their security sufficiently for traditional mobile forensic
approaches to be viable.

The FBI didn't find an exploit they found a vendor with an exploit, likely a
vendor with an exploit that did not involve doing irreversible damage to a
phone to extract the data from it. Forensics and even digital forensics have
pretty strict rules to what counts for a forensically secure data extraction
and what doesn't. When in doubt you simply wait for a better method to come
around, you preserve evidence this is why we can go back and reexamine
evidence with new techniques, the first question of any new forensic process
is "does it alter the state of the evidence".

------
_Codemonkeyism
Press again fails to understand the topic, how this applies only to 5c and how
phone vendors (Apple) defeat this with safe hardware data storage and keys
(see previous HN discussion).

~~~
droopyEyelids
The BBC stands well ahead of the pack in terms of chasing tabloid-level
inaccurate clickbait crap, especially in terms of oversimplified pop-science.

~~~
M_Grey
Well, you're making a claim for which contrary evidence exists in the form of
the very article you're commenting on. Do you have any evidence to back what
you're saying?

------
Drdrdrq
> Finding a four-digit code took about 40 hours of work, Dr Skorobogatov said.

> And finding a six-digit code could potentially take hundreds of hours

If it takes 40 hours to brute force 4 digit pin, it would take 4000 hours to
brute force 6 digit one.

~~~
saurik
I am guessing this includes the work required to set up the ability to do this
in the first place.

------
matt_wulfeck
Every time Apple iterates on a phone they move the security forward. The
biggest leap was with the 6 and the introduction of the secure enclave. And
they are getting better still.

~~~
wepple
Minor correction: The secure enclave was introduced in the A7 chip on the
iPhone 5s

------
JosephRedfern
I'm probably missing something here, but without a secure enclave, why can't
the PIN be bruteforced "offline", i.e. not via the iPhone?

~~~
Gaelan
I _believe_ the device data is encrypted with a built-in hardware key _and_
the passcode, so you'd need some way to read the key out of the CPU.

~~~
JosephRedfern
Ah, right. How is that different from the secure enclave? Less isolated,
perhaps?

------
coldcode
Old news on old phones. Headline should be updated.

~~~
sctb
Thanks, we've updated the title.

