It's Apple's shareholder meeting day at the time I am writing this, so a good opportunity to ponder the FBI iPhone hacking controversy.
Most of the news articles and TV coverage I've seen about the hack that the FBI is trying to force Apple to create, don't fully explain why it's needed. A handful of pieces have noted that this whole run-around would not have been necessary if the FBI hadn't made an iCloud backup early on, but the FBI is now claiming this was not negligent ineptitude on their part, suggesting that "rogue elements within San Bernardino County had reset the Apple ID password without consulting law enforcement."
A few of the reports mention the "10-times you're out" problem, where the phone data is deleted automatically after 10 incorrect password attempts. Still, the FBI could clone the phone's memory and just use brute-force to make different attempts on cloned phones. It's just a 4-digit PIN, so there's only 10,000 different PINs to try. This means that they'd only have to make the clone 1000 times, though there's a 50% chance the PIN will be in the 1st half of the numbers attempted, so on average only 500 10-try attempts will be needed. Sure, making 1000 (or even just 500) phone memory clones and testing them is time-consuming, but it certainly can't take longer than the time to sue Apple all the way to the Supreme Court.
They could just make the clones and brute-force the PINs.
Actually, it turns out that it'll take longer than a few minutes to make the 10 attempts. The news pieces haven't been mentioning a further issue with a password delay problem, but Ars Technica reveals this: "While the first four attempts can be entered back-to-back, the iPhone will force you to wait one minute before the fifth attempt, five minutes before the sixth, 15 minutes before the seventh and eighth, and a full hour before the ninth."
Adding in a minute for the 1st 4 tries (actually those take 80ms each), that's 97 minutes, or a little over an hour and a half for the 10 tries. So, if we add in another 97 minutes per phone, that's around 2367 hours for the 1000 clones with 10 time-delayed tries each, a bit over Apple's upper bound time estimate. Apple knows their engineers rarely work only a 50-hour week, so if they supply them with some Jolt cola or powershot drinks, they can probably get it done in a month, or half that if they get lucky with the brute force guesses. But it's not such a good "solution" if the FBI is planning on using this new software tool to break more than one phone, of course.
Thing is, the FBI already has the equipment to perform physical extraction of iPhone memory at their Cell Phone Investigative Kiosks available for law enforcement use at 80 locations around the country. The most popular extraction tool (and the one the Feds are likely using) is Cellebrite's UFED Physical Analyzer, which supports the full range of iPhones, including locked iOS devices with simple or complex passcodes.
I figure there has to be a bunch of ankle-braceleted hackers that the Government has arrested in the last year that they might be able to ply with dropped charges, who can show them how to reinstall cloned memory contents into an iPhone 5C. Or Cellebrite might be willing to be hired to determine how to do this. Once the FBI knows how to clone the memories, they can deploy 6-10 agents from the child porn detail for 2-4 weeks and pay them some overtime to create the clones and run the brute force attacks.
So the FBI v. Apple lawsuit just doesn't make any sense, unless there's something I'm missing in my analysis or information we just haven't received yet about this situation.
Rebecca Mercuri, Ph.D.
Digital Forensics Expert
Notable Software, Inc.
Copyright (C) 2016 by Rebecca Mercuri All Rights Reserved
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).