FBI Likely Using NAND Mirroring To Topple iPhone Encryption In San Bernardino Case
A much anticipated court hearing to decide whether or not Apple should be forced to assist the Federal Bureau of Investigation with unlocking an iPhone 5c model that belonged to one of the San Bernardino shooters will have to wait for another day. That's because the FBI said it may have found a way to break into the deceased terrorist's iPhone without Apple's assistance, so the hearing was delayed. The FBI didn't disclose any details, other than saying it was receiving help from a third-party, though speculation on the web is that it involves copying the contents of the iPhone's NAND flash memory.
A forensic scientist named Jonathan Zdziarski, or "NerveGas" as he's known among hackers, described the NAND mirroring technique in a blog post. In simple terms, it essentially involves making backups of the phone's memory so that it can be restored after 10 failed passcode attempts, which is the cutoff point where the iPhone proceeds to wipe the contents.
"Think of this as game save, like Super Mario Brothers. You want to play the same level, so you keep killing Mario to restore the game state," Zdziarski told Recode in an interview.
Super Mario Brothers might not have been the best example to use, but it's still an easy comparison for any gamer to follow. It's basically an endless do-over for the FBI until it finally guesses the correct passcode. And with the proper tools and software, this can done by brute-force.
Of course, the process is a little more tricky than that. It involves carefully de-soldering the NAND flash memory chip from the iPhone. It would then be placed in a chip reader capable of backing up the chip's contents. After that, a harness would reattach the chip to the original iPhone and off the FBI goes.
The trickiest part of the process would be de-soldering the NAND flash memory chip without destroying it. Even with plenty of practice beforehand, there would be a tremendous amount of pressure on whoever ends up with the task.
There's speculation that the FBI knew about this technique all along but chose instead to pursue a legal precedent. Perhaps it was banking on Apple folding. Instead, Apple held firm on its stance that cracking its own security would put hundreds of millions of iPhones at risk, a notion that was supported by many in the tech industry, including Google, Microsoft, Facebook, and others.
A forensic scientist named Jonathan Zdziarski, or "NerveGas" as he's known among hackers, described the NAND mirroring technique in a blog post. In simple terms, it essentially involves making backups of the phone's memory so that it can be restored after 10 failed passcode attempts, which is the cutoff point where the iPhone proceeds to wipe the contents.
"Think of this as game save, like Super Mario Brothers. You want to play the same level, so you keep killing Mario to restore the game state," Zdziarski told Recode in an interview.
Super Mario Brothers might not have been the best example to use, but it's still an easy comparison for any gamer to follow. It's basically an endless do-over for the FBI until it finally guesses the correct passcode. And with the proper tools and software, this can done by brute-force.
Of course, the process is a little more tricky than that. It involves carefully de-soldering the NAND flash memory chip from the iPhone. It would then be placed in a chip reader capable of backing up the chip's contents. After that, a harness would reattach the chip to the original iPhone and off the FBI goes.
The trickiest part of the process would be de-soldering the NAND flash memory chip without destroying it. Even with plenty of practice beforehand, there would be a tremendous amount of pressure on whoever ends up with the task.
There's speculation that the FBI knew about this technique all along but chose instead to pursue a legal precedent. Perhaps it was banking on Apple folding. Instead, Apple held firm on its stance that cracking its own security would put hundreds of millions of iPhones at risk, a notion that was supported by many in the tech industry, including Google, Microsoft, Facebook, and others.
