Hacker News new | past | comments | ask | show | jobs | submit login
Barr Asks Apple to Unlock iPhones of Pensacola Gunman (nytimes.com)
36 points by nahikoa 7 days ago | hide | past | web | favorite | 10 comments

The key sentence from the article for me is: the company has refused to help the F.B.I. open the phones themselves, which would undermine its claims that its phones are secure.

I would assume that even if the software/cryptography is secure, Apple would have a physical/hardware-based way to access the data. But they can't admit to this as its a big part of their marketing around the product.

I think there may be an Israel-based security company that has managed a hardware bypass. But this was a few iPhone generations ago. Not sure about the latest products.

Pegasus, by the NSO Group. Yes, for the right money you can get into any iPhone. It was pretty effective to help Saudi Arabia kill Khashoggi and also aide other gov'ts, like Mexico, in going after journalists and dissidents. NSO Group "carefully screens" who they sell their technology to, and the Israeli gov't "approves" the sales prior. https://www.cbsnews.com/news/interview-with-ceo-of-nso-group...

No, read the Apple security white paper. Apple can’t install software on the phone without the passcode, and the permanent storage is encrypted by keys held in the Secure Enclave - eg an HSM designed specifically to thwart physical attacks.

All the existing attacks have started with at least a partially unlocked phone.

Maybe that's all true.

But can you discount a scenario where a hardware hookup and brute forces through all possible numeric security codes? Could take less than a minute. Who is to say there isn't a bypass that allows them to do this? Very hard to tell

The secure element is responsible for gating retries, and like all HSMs is designed specifically to prevent tampering, so everything - including retry counts and delays - is theoretically rendered untamperable.

I am aware of two bugs in that logic over the years - I can’t find the articles off the top of my head. One was essentially a TOCTOU bug that could be triggered via voltage spikes to reset the device after you tried to unlock but before it updated the retry count. The other required imaging and restoring the flash between each attempt. I don’t know how that was fixed, but it should hopefully be obvious that That is going to take more than a minute to brute force a 6 digit passcode.

Why would you assume that? It's in Apple's interests to have no way at all to access a locked phone without the passcode. The best they can do is wipe the thing.

If Apple were to cooperate, what’s to say they are even able to decrypt a device like this post-facto. If their crypto implementation is sensible it’ll be impossible. Perhaps because PINs are weak it’d be possible to get the secure element to release the key material by reflashing it, but again, in a sensible design, any secureROM reflash probably should wipe the chip.

Interesting quote from the article:

As in the investigation into the Pensacola shooting, the San Bernardino gunman, Syed Rizwan Farook, was also dead and no longer had a right to privacy.

In that case, the phone wasn't even his property. It was owned by the government agency he worked for, and still Apple refused to help.

Apple has a track record of only punching down, never up. In China, these histrionics would be brusquely ignored with threats of a sales ban and fines, which is why Apple promptly handed over iCloud-China operations to a government owned/approved cloud.

In this case, Barr has a better chance of Apple complying, by simply routing the request through China.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact