FBI Could Bypass iPhone’s Key-Wiping Security Feature, ACLU Claims
The American Civil Liberties Union (ACLU) has accused the Federal Bureau of Investigation (FBI) of trying to mislead the judiciary in the big Apple(AAPL) iPhone case, which centers on the work device of San Bernardino killer Syed Farook.
Apple is fighting a court order that would compel it to create a special version of the iPhone software, in order to help the FBI bypass the handset’s basic login security. If loaded onto the device, this as-yet-nonexistent software would disable mechanisms that repeatedly extend the amount of time the FBI has to wait between each attempt at a passcode guess, and potentially render data permanently inaccessible if they guess incorrectly 10 times.
It’s that last part that the ACLU is disputing. The rights group claimed in a blog post that the FBI probably has the means to bypass this “phone-wiping” feature — if indeed Farook turned it on — without Apple’s help.
However, cybersecurity expert Alan Woodward told Fortune the technique would be risky and probably impractical.
Get Data Sheet, Fortune’s technology newsletter.
As the ACLU post explains, a sufficient number of incorrect passcode guesses will result (again, if the feature is activated) in the erasure of the phone’s file-system key. This cryptographic key is held in flash memory, which is erasable. If the key is lost, it becomes impossible to decrypt the data being stored in that file system. Regular people think of this as the phone being wiped. Game over.
However, ACLU technology fellow Daniel Kahn Gillmor wrote, it is possible to get around the potential wiping problem. According to his post, all the FBI has to do is de-solder the relevant flash memory chip from the iPhone’s circuit board, copy everything on it to another device, then put it back.
Then, under this scenario, the FBI could start guessing. If Farook enabled the wiping feature and the phone erases the key after 10 incorrect attempts, the FBI could just copy the backed-up data back onto the chip and try again. Rinse and repeat.
“If the FBI doesn’t have the equipment or expertise to do this, they can hire any one of dozens of data recovery firms that specialize in information extraction from digital devices,” he wrote.
“They’re asking the public to grant them significant new powers that could put all of our communications infrastructure at risk, and to trust them to not misuse these powers. But they’re deliberately misleading the public (and the judiciary) to try to gain these powers. This is not how a trustworthy agency operates.”
For more on the case, watch:
Woodward, a visiting professor at the University of Surrey’s Computer Science Department, said he was skeptical about the technique Gillmor described.
He pointed out significant risks in unsoldering and re-soldering the flash memory chip, in terms of potential physical damage to the chip. And even if it were possible to do this safely, he said, it would probably still take the FBI decades to go through the guessing process.
“I’m a little skeptical that it’s possible, but as a practical means of doing it, I just don’t see it,” he said. “The FBI is saying they need something they can do within a meaningful timeframe.”
Meanwhile, colorful security entrepreneur John McAfee has admitted to lying about the ease with which he could break into the contentious iPhone, in order to get “a s***load of public attention.”
All this talk of what is technically possible is, of course, highly relevant to the case. However, it’s not the main tack groups such as the ACLU are taking. The human rights groups and much of the tech industry are arguing that the government’s invocation of the ancient All Writs Act would, if successful, set a precedent that would legitimize overreach while undermining cybersecurity and people’s trust in the devices they use.