Using Digital Forensics to Crack the Case

It appears the FBI has succeeded in unlocking the iPhone of one of the San Bernardino terrorists. Just how did it crack the code?

The Bureau was said to be working with a third-party expert, believed to Israeli-based mobile forensic software and solutions provider Cellebrite, to access the phone’s data without destroying it after the Apple-standard 10 failed password attempts. What did this third-party expert have up its sleeve?

NAND Mirroring

Mobile forensics and security expert Jonathan Zdziarski has a theory and it has to do with NAND mirroring. Zdziarski says this is where the NAND chip is de-soldered and dumped into a file, likely by a chip reader/programmer (picture a CD burner for chips), and multiple copies are made. A copy of the original chip is attached to the phone with a harness, and the FBI could then try passcodes until 10 incorrect guesses are made. 

The copy could be discarded and a fresh version re-copied onto a chip for another 10 guesses, essentially giving the FBI an unlimited number of attempts to find the password. While trying to guess all the permutations of a four-digit passcode might seem a monumental task, much—if not all—of the process would surely be automated.

NAND mirroring does have risks. Someone must de-solder the NAND chip to remove it without damaging the chip and then install a device between the phone and the chip. 

De-Capping

This process involves using acid and lasers to dissolve the processor’s casing and then using a probe to extract the password off the chip. However, the irreversible risks of using acid and lasers most likely precluded this option. 

The FBI isn’t saying, but reportedly whatever procedure it used has been successful. The question then becomes: What will be the privacy and security issues for Apple’s 900 million iPhone customers?