FBI: iPhone-Hack Only Works on Older Models
The FBI claims that the method applied in the San Bernardino case doesn’t unlock newer iPhone models than the iPhone 5c. A bought exploit or method was used to unlock the phone in the San Bernardino case after Apple had declined the invitation to do the work for the feds.
Of course, the FBI has kept the wraps on the details of the method as it is common with computer forensics case. What we do know, is that the FBI has purchased help from the Israeli defense company Cellebrite, which aided in unlocking the passcode-protected device in order to access its contents. FBI Director James Comey explained on Wednesday that the method only works on “a narrow slice of phones”, basically up to the iPhone 5c and including all older models. New versions of the iPhone, containing a secure enclave as an added hardware cryptography security measure, however are not vulnerable to the method.
Did the FBI give its method away in the statement?
Comey’s statement to the press contains an important clue: The iPhone 5c is the last model without a secure enclave and therefore vulnerable to an attack called NAND-Mirroring. What this does is basically create a carbon copy of the flash memory chip before attempting to enter possible passcodes in an automated way. Once the iPhone is near the security limit of 10 wrong passcode attempts which would wipe the device clean, but has not reached the limit yet, the NAND memory is restored to the backed up state. This gives the officers at the FBI practically infinite tries at breaking the code. Newer iPhones such as the iPhone 5s and later cannot be attacked in this way as the secure enclave effectively prohibits access to the system memory.
FBI does not want to explicitly state the method used
While the San Bernardino case is off the table for Apple, future cases will certainly warrant the involvement with the FBI again and bring up further requests. We can expect this topic to be of political importance for all parties involved and, last but not least, the consumers. The FBI does not want to publicly and explicitly state what kind of attack was used to access the shooter’s iPhone 5c. The official reasoning behind this opaque information policy is that Apple might fix the exploit and make it harder for the FBI to access further iPhones.