Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Experts say 'chip off' procedure to access terrorist's iPhone is risky

Jeremy Kirk | March 10, 2016
An error in removing the iPhone's flash memory could make the data unreadable forever.

The iPhone 5c at the center of the legal battle between Apple and the FBI might be accessible through a delicate hardware technique, but experts warn it would be difficult.

In recent days, the American Civil Liberties Union's technology fellow and former NSA contractor Edward Snowden have suggested a method that would let investigators repeatedly guess the iPhone's password.

Federal investigators fear San Bernardino shooter Syed Rizwan Farook may have configured his work phone to use an Apple security feature that erases a key for decrypting data after 10 incorrect guesses of the phone's password. 

The forensic technique for getting at the data, known as "chip off," involves removing a NAND flash memory chip from a device and copying its data, yielding a decryption key that can be restored if it is erased after incorrect guesses.

Instead of trying that procedure, the U.S. Justice Department has asked a federal court to order Apple to give the FBI custom software for iOS 9 that can be loaded onto the phone. The software would either disable the auto-erase feature or allow law enforcement to rapidly try different password guesses.

Apple is fighting the order, saying the creation of such software -- essentially a backdoor -- would put millions of iPhones at risk.

Investigators already have a lot of data from Farook's online accounts, including backups of the phone stored in Apple's iCloud servers, which the company has turned over.

But the last iCloud backup investigators have is from Oct. 19, about six weeks before the Dec. 2 shootings that killed 14 people and injured 22 others. The government contends that the six weeks' worth of data stored solely on the phone could contain crucial evidence.

Daniel Kahn Gillmor, a technology fellow with the ACLU's Speech, Privacy and Technology Project, described the technical details involved in a chip-off operation in a Monday blog post.

Snowden cited Gillmor's Wednesday post on Twitter and contested the FBI's position via a video link from Moscow at Common Cause's Blueprint for Democracy conference. 

"There are hardware attacks that have existed since the '90s," he said.

The key that is used to encrypt the iPhone's user data is stored in a section of the phone's NAND flash chip that Apple calls "effaceable storage," Gillmor wrote.

To perform a chip-off operation, the Flash chip is de-soldered from the circuit board and then connected it to a NAND flash reader in order to copy its contents.

The chip is then reconnected to the board. If the key is erased after 10 wrong guesses, the backup data can be used to restore it for more attempts.

"If the FBI doesn't have the equipment or expertise to do this, they can hire any one of dozens of data recovery firms that specialize in information extraction from digital devices," wrote Gillmor, who couldn't immediately be reached for comment.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.