(credit: Amy)
A key justification for last week's court order compelling Apple to provide software the FBI can use to crack an iPhone belonging to one of the San Bernardino shooters is that there's no other way for government investigators to extract potentially crucial evidence from the device. Technically speaking, there are ways for people to physically pry the data out of the seized iPhone, but the cost and expertise required and the failure rate are so great that the techniques aren't practical.
In an article published Sunday, ABC News lays out two of the best known techniques. The first one is known as decapping. It involves removing the phone’s memory chip and dissecting some of its innards so investigators can read data stored in its circuitry. With the help of Andrew Zonenberg, a researcher with security firm IOActive, here's how ABC News described the process:
In the simplest terms, Zonenberg said the idea is to take the chip from the iPhone, use a strong acid to remove the chip’s encapsulation, and then physically, very carefully drill down into the chip itself using a focused ion beam. Assuming that the hacker has already poured months and tens of thousands of dollars into research and development to know ahead of time exactly where to look on the chip for the target data -- in this case the iPhone's unique ID (UID) -- the hacker would, micron by micron, attempt to expose the portion of the chip containing exactly that data.
The hacker would then place infinitesimally small "probes" at the target spot on the chip and read out, literally bit by bit, the UID data. The same process would then be used to extract data for the algorithm that the phone normally uses to "tangle" the UID and the user's passkey to create the key that actually unlocks the phone.
From there the hacker would load the UID, the algorithm and some of the iPhone's encrypted data onto a supercomputer and let it "brute force" attack the missing user passkey by simply trying all possible combinations until one decrypts the iPhone data. Since the guessing is being done outside the iPhone's operating system, there's no 10-try limit or self-destruct mechanism that would otherwise wipe the phone.
But that’s if everything goes exactly right. If at any point there's even a slight accident in the de-capping or attack process, the chip could be destroyed and all access to the phone's memory lost forever.
A separate researcher told ABC News it was unlikely the decapping technique would succeed against an iPhone. Instead, it would likely cause the data to be lost forever. A slightly less risky alternative is to use infrared laser glitching. That technique involves using a microscopic drill bit to pierce the chip and then use an infrared laser to access UID-related data stored on it. While the process may sound like it was borrowed from a science fiction thriller, variations of it have been used in real world. In 2010, for instance, hardware hacker Chris Tarnovsky developed an attack that completely cracked the microcontroller used to lock down the Xbox 360 game console. His technique used an electron microscope called a focused ion beam workstation (then priced at $250,000 for a used model) that allowed him to view the chip in the nanometer scale. He could then manipulate its individual wires using microscopic needles.
Read 3 remaining paragraphs | Comments
No comments:
Post a Comment