How to Destroy Pandora's iPhone
Director James Comey claims that the FBI is simply carrying out a diligent investigation in San Bernardino. Put bluntly, I doubt this for two reasons. First, the FBI and public already has enough knowledge to know there is likely no valuable information to be obtained from the phone in question. Second, there exists an alternate—destructive, but still forensically sound—method which the FBI could employ that will both cost less and be completed sooner than this court fight.
Published by The Lawfare Institute
in Cooperation With
Director James Comey claims that the FBI is simply carrying out a diligent investigation in San Bernardino. Put bluntly, I doubt this for two reasons. First, the FBI and public already has enough knowledge to know there is likely no valuable information to be obtained from the phone in question. Second, there exists an alternate—destructive, but still forensically sound—method which the FBI could employ that will both cost less and be completed sooner than this court fight. I won't rehash the details on it is unlikely this phone will contain any information of use in the investigation, but I will say that should the FBI prevail in court and goes on to discover an otherwise unknown co-conspirator or similarly significant information then I—in the grand example of John McAfee—will eat my shoe. (To wit, a Clark's blue canvas loafer.)
And even if the information was relevant, there still exists a faster and less expensive way for the FBI to access the phone's data than to litigate potentially all the way to the Supreme Court. Each iPhone's CPU has its own secret hardware key and the memory is encrypted with a combination of the secret key and the PIN or password. This hardware key ensures that if two separate phones have the same PIN the actual encryption key is different and also attempts to ensure that attempts to break the PIN must involve the phone's secure CPU with its hardware limit of 12.5 tries per second.
But if one is able to obtain this hardware key, they no longer face these limitations. Armed with a hardware key, you could try as many PINs as possible against an extracted copy of the phone's storage without any time limit. And instead of being limited to 12.5 PINs/second, an attacker would be able to input 1000, or even 100,000 per second, by employing a large network of computers.
The FBI seeks Apple’s assistance so that the bureau can leave the secret key in the chip and instead bypass protections designed to limit the number and speed of PIN attempts. But if the FBI can extract the hardware key, it can achieve all its goals without requiring any new code or assistance from Apple.
How might this work?
The FBI could dedicate what would probably be the first million dollars or so of its recent $38M request for crypto-breaking tools to hire ChipWorks or a similar reverse engineering company to develop an in-house service for iPhone recovery. This service would create a forensic copy of the phone's encrypted storage and then dismantle the phone's CPU to read out the hardware key. Reverse engineering companies already have the expertise required to build such a service, the question is simply one of a party willing to pay the—admittedly large—price to develop the service. Once the underlying service is available, the FBI could simply submit phones and received the hardware key and encrypted storage within a matter of weeks.
Certainly, creating this kind of capability is not cheap but, conceptually at least, it is not difficult since a company’s ability to build chips resistant to destructive access is nearly impossible in a consumer-friendly, low cost product. And, as a bonus, this kind of service could also be used to operate on any encrypted phone—since all phones use the same strategy of a hardware key + PIN to resist external attacks—and would even be able to recover information where a phone is partially destroyed but the physical chips still remain intact.
And these services are also forensically sound. Because the first step of the process is to create a copy of the encrypted storage, and that encrypted storage is not destroyed by the forensic process, the remaining steps of analysis can be verified by a defense expert who is provided the hardware key.
It is quite true there is a risk with destructive analysis, but that holds true for all destructive techniques. The question is whether the risk justifies the benefit: given that the FBI might very well not win their legal case and having the ability to destructively analyze phones would be an overall excellent asset, there seems to be substantial benefits. The same features that makes this phone a great test case makes it a great candidate to pioneer destructive analysis: this can provide the budget justification to develop the necessary flow but a failure on this phone would not significantly impact the investigation.
If the FBI is committed to "chasing every lead,"—regardless of cost and regardless of probable value—then it should recognize that destructive analysis an alternative, and superior option—it’s both faster and cheaper than the fight with Apple. But pursuing destructive analysis would not create a precedent, of course.
And despite Director Comey's claims, the potential precedent at issue is huge, requiring a company to deliberately sabotage a security system for a particular device, that is, create and cryptographically sign a system (rather than cryptographic) backdoor. Destroying Pandora's iPhone would provide the FBI with the data they desire without risking a dangerous precedent.