One of the FBI’s Major Claims in the iPhone Case Is Fraudulent

“We have enormous computing power in the US government, but we need to be able to bring it to bear without the phone killing itself.”
                                  - FBI Director James Comey, March 1, 2016.

In the FBI’s court order requesting Apple's assistance in unlocking the work iPhone 5c used by the San Bernardino shooter, the bureau's first and most urgent demand is that Apple disable the iPhone's “auto-erase” security feature. This feature (which is not enabled by default on most iPhones) protects user data on a device from would-be snoops by wiping the phone after 10 failed passcode attempts. This protects you and me from thieves trying to guess our passcodes and access our data for identify theft, for example.

But the truth is that even if this feature is enabled on the device in question, the FBI doesn't need to worry about it, because they can already bypass it by backing up part of the phone (called the “Effaceable Storage”) before attempting to guess the passcode. I'll go into the technical details (which the FBI surely already knows) below.

How the FBI describes the “auto-erase” feature

Let's look at how the FBI describes the situation. The court order's first and most urgently phrased request is to ask Apple to “bypass or disable the auto-erase function whether or not it has been enabled.”

A few days after the court order was issued, but before Apple had formally responded, the government filed a strongly worded motion to compel, which contained this description of the feature:

The FBI has been unable to make attempts to determine the passcode to access the SUBJECT DEVICE because Apple has written, or “coded,” its operating systems with a user-enabled “auto-erase function” that would, if enabled, result in the permanent destruction of the required encryption key material after 10 failed attempts at the [sic] entering the correct passcode (meaning that, after 10 failed attempts, the information on the device becomes permanently inaccessible)…

In sum, the government seeks the ability to make multiple attempts at determining the passcode without risk that the data subject to search under the warrant would be rendered permanently inaccessible after 10 wrong attempts.

To add urgency to their attempt to compel Apple to abuse their software signing keys, the FBI is painting a picture of “permanently inaccessible” data. But if its agents are doing their job, that's just not the case.

How the “auto-erase” feature actually works

Here's where the technical details come in. The iPhone protects its user's data with a complex hierarchy of cryptographic keys. Some data is protected by multiple keys. Imagine a pile of letters and photos placed inside a locked box, with the box itself placed inside a locked filing cabinet. You'd have to have keys to the filing cabinet and the box to read any of the letters or see any of the photos. If either of these keys is destroyed, the letters and photos are lost forever.

When iOS decides to wipe out user data because the passcode guess limit has been reached (or for any other reason), it doesn’t actually erase all the data from its underlying storage; that would actually take several minutes. Instead, it just destroys one of the keys that protects the data, rendering that data permanently unreadable. The key that is erased in this case is called the “file system key”—and (unlike the hardwired “UID” key that we discussed in our previous blog post) it is not burned into the phone’s processor, but instead merely stored in what Apple calls “Effaceable Storage,” which is just a term for part of the flash memory of the phone designed to be easily erasable. Apple's iOS Security Guide explains:

Since it’s stored on the device, this key is not used to maintain the confidentiality of data; instead, it’s designed to be quickly erased on demand (by the user, with the “Erase all content and settings” option, or by a user or administrator issuing a remote wipe command…. Erasing the key in this manner renders all files cryptographically inaccessible.

The file system key is like the key to the filing cabinet in our example: a small thing that is easy to destroy, which disables access to the rest of the information.

Why the FBI can easily work around “auto-erase”

So the file system key (which the FBI claims it is scared will be destroyed by the phone’s auto-erase security protection) is stored in the Effaceable Storage on the iPhone in the “NAND” flash memory. All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.

Here's a picture of the front and back of main circuit board inside the iPhone 5c:

iPhone interior

Image credit: http://www.mobpart.com/iphone-5c-c-61_63

The large chip on the front marked A6 is the processor -- a custom chip designed by Apple specifically for its devices. It contains the CPU, BootROM, RAM, crypto engines, Apple's public signing key (used to verify software updates), and the UID key (see our previous blog post).

The largest chip on the back (outlined in red above) is the NAND flash, where all the data is stored, including both the encrypted filesystem and the Effaceable Storage.

The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.

If the FBI doesn't have the equipment or expertise to do this, they can hire any one of dozens of data recovery firms that specialize in information extraction from digital devices.

NAND flash storage is an extremely common component. It's found in USB thumb drives, mobile phones, portable music players, low-end laptops—pretty much every portable device. Desoldering a chip from the circuitboard is straightforward enough that there are many clips on YouTube showing the practice, and reading and writing a bare NAND chip requires a minor investment in hardware and training that the FBI has probably already made.

What's really going on here?

If this generally useful security feature is actually no threat to the FBI, why is it painting it in such a scary light that some commentators have even called it a “doomsday mechanism”? The FBI wants us to think that this case is about a single phone, used by a terrorist. But it's a power grab: law enforcement has dozens of other cases where they would love to be able to compel software and hardware providers to build, provide, and vouch for deliberately weakened code. The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices. If they win, future software updates will present users with a troubling dilemma. When we're asked to install a software update, we won’t know whether it was compelled by a government agency (foreign or domestic), or whether it truly represents the best engineering our chosen platform has to offer.

In short, they're asking the public to grant them significant new powers that could put all of our communications infrastructure at risk, and to trust them to not misuse these powers. But they're deliberately misleading the public (and the judiciary) to try to gain these powers. This is not how a trustworthy agency operates. We should not be fooled.

View comments (193)
Read the Terms of Use

Anonymous

The FBI aren't only going after apple for this stuff, they are going after a 3rd party messaging app that uses encryption as well. This isn't about 1 phone or even 20, this is about the ability to monitor any phone at will ...

Anonymous Insider

I sure hope its not unintentional. Please tell me that the FBI is smarter than that.

Colin

Admittedly, this could be the result of an incompetent government agency, but the degree of incompetence has been pretty well demonstrated to be so epic as to be implausible. The idea that a group of bureaucrats with a proven history of trying to increase their surveillance powers, both under court order and otherwise, is _less_ implausible.

Anonymous

I guess you haven't lived in the US for any length of time. Long enough, say, to have learned that the "casus belli" of Vietnam, the so-called Gulf of Tonkin "Incident" was a fake, a lie. Or that JFK was assassinated by a team of two or more people (this from the joint committee formed after more docs were release. Or that, in winning King family vs. Lloyd Jowers & other unidentified governmental agencies (Memphis, Tennessee, Federal (Justice, Military & Legislative), the jury found Bill Pepper's arguments and evidence persuasive.
You probably weren't around when Congress gave up its power to mint money in return for bribes from the soon-to-be "federal" "reserve" system. Or when the White House, having cracked the Japanese codes in WW2, refused to alert Hawaii. It only cost 2,500 or so lives, a cheap entry ticket into the Hollywar Scene of WW2--current price for the tickets to play (or "casus belli" is about 3,000 dead, as demonstrated by 9/11 as the ticket to Iraq, Iran, Afghanistan, Jordan, Libya, Saudi Arabia, where else in this latest outburst of "war muscle" to "promote peace and democracy" everywhere but China and Russia, eventually. We'll find that "We had to destroy the Middle East in order to save it," as was the case w/ Vietnam's Middlesex Villages and Towns.
We've passed way beyond "theories" here. There's already enough evidence to prosecute lots and lots of government employees; if ALL of the relevant evidence were made available--that which at least has not yet been destroyed--the prosecutions could proceed apace.
Probably the only certainty we have left about our government and the "grand cabal" that operates it from behind the Money Curtan, is that everything the government says is a lie, every bill proposed is meant to further reduce the power of We the People, and any news from the five white boys who control our media (and the other five white boys (and a girl or two) who control our money--is all in the service of misleading and disempowering the people. As Willie Casey, then CIA head & DCI, put it: "We'll know our disinformation program is complete when everything the American public believes [beat, beat -- wait for it] IS FALSE. [emphasis added, as if that were necessary.]"
I mean, James Earl Ray? Sirhan Sirhan? Lee Oswald & Jack Ruby? Oh please. It's a wonder that the long-suffering people of the US doesn't intern all current governmental employees in the FEMA Work Camps they've prepared for "people who think critical thoughts about the government and the powers that be.

Anonymous

They can restore the NAND, but it would still be under the refresh rate required for them to use their GPU cluster to brute it. Remember timeouts are a key ingredient in password security.

Anonymous

Doesn't matter. You're making millions of copies of the same file you're trying to crack. Whether you get locked out after 10 tries, or times out for being idle, you still have millions of copies to try different attacks (passwords).

I really find it hard to believe the experts in FBI labs are this ignorant.

Anonymous

Doesn't matter. You're making millions of copies of the same file you're trying to crack. Whether you get locked out after 10 tries, or times out for being idle, you still have millions of copies to try different attacks (passwords).

I really find it hard to believe the experts in FBI labs are this ignorant.

Anonymous

I really hope they do not go so far as to use a GPU cluster to crack a 4 digit 10,000 combination password. That's what we are talking about cracking. The chipset in the phone could do this in a flash.

Daniel Kahn Gillmor

I've written a followup post that describes how much time it would take. the answer is: not very much :/

https://www.aclu.org/blog/free-future/how-long-would-it-take-crack-iphone-without-triggering-auto-erase

WTS

I think the primary objection point being used, reduced security and fear of updates, while honest, is the least of the issue at hand. The court order compelling a private entity, to compel it's private workforce, to create a tool for law enforcement that defeats the entities own security is horrifying. The idea that a private company, guilty of no crime, and ordinary people, guilty of no crime, can be enslaved against their will by the government to create unique work is entirely contrary to the American ideal. What punishment will the government impart on Apple or the individual employee if they refuse? Will they be fined, imprisoned, whipped in public? How does the government of a "free society" inflict such abuse on freedom so callously? The real issue here is not privacy or security, the real issue is a free society teetering on a single law, All Writs. If All writs can be used for this, then All Writs is the one law to rule them all.

Pages

Stay Informed