Apple is fighting the FBI
-
@Dashrender said:
The problem as I understand it is that the key needed to decrypt the data is a 256 bit code stored in the secure enclave. The secure enclave is part of the processor and there is no way to save the data as it were.
So sure, they could extract all of the encrypted data from the drive, and then attempt brute force decryption. I don't recall the current expected amount of time to try all possible options of a 256 bit code, but I'm sure it's still years if not thousands or millions of them.
But they would only need to run through a (presumably) 4 digit pin. What are there 5000-ish different combinations?
-
@coliver close 10,000
-
@coliver said:
@Dashrender said:
The problem as I understand it is that the key needed to decrypt the data is a 256 bit code stored in the secure enclave. The secure enclave is part of the processor and there is no way to save the data as it were.
So sure, they could extract all of the encrypted data from the drive, and then attempt brute force decryption. I don't recall the current expected amount of time to try all possible options of a 256 bit code, but I'm sure it's still years if not thousands or millions of them.
But they would only need to run through a (presumably) 4 digit pin. What are there 5000-ish different combinations?
No, that would be what they need to run through to be allowed to use the secure enclave to get access to the key. But as I mentioned, there is no way for them to copy the secure enclave out of the phone. So currently they are forced to only do the on the phone, and the iOS version currently running will tell the secure enclave to delete itself after 10 bad tries.
If they had a way to extract the secure enclave from the phone, and then run 4 digit pins against that until they got it right, sure they could try 0000-9999 (10K 4 digit pins), but as I mentioned they can't.
-
@brianlittlejohn said:
@coliver close 10,000
Now of course, statistics say you'll find the right code after trying about half, so that's probably where coliver go the 5,000 number.
-
@Dashrender How does the secure enclave prevent the memory chips being imaged?
-
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
it doesn't.
But if you're talking about the memory chips that actually store the data that the secure enclave uses to store the encyption/decryption key - it's not that it in any way prevents you from doing that... but it's inside the CPU, and there are no APIs that exist to read those chips (chips inside chips?).
So I suppose if you could disassemble the CPU and get to the storage chips that the secure enclave uses, you would have the key. I guess the chances of that happening currently without damaging said memory chips, is near impossible.
So sure, you can get the standard flash/SSD chips from the phone, desolider them, connect them to a reader, pull the data off, and start applying 256 bit decryption codes to it...and we'll see how long that takes before you guess the right one.
-
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
Also, is the enclave tied to the drive?
AKA: could they image the drive and just keep trying with new images, or does the enclave control the 10 attempts?
-
@Dashrender said:
So sure, you can get the standard flash/SSD chips from the phone, desolider them, connect them to a reader, pull the data off, and start applying 256 bit decryption codes to it...and we'll see how long that takes before you guess the right one.
Well, they have some crazy equipment for that, so while not fast, likely faster than you are thinking.
-
@Dashrender said:
So I suppose if you could disassemble the CPU and get to the storage chips that the secure enclave uses, you would have the key. I guess the chances of that happening currently without damaging said memory chips, is near impossible.
I guess that the difference is is that I am expecting that they have a process for this. I'm not certain that they do, but it seems likely to me that they do. Not cheap, not easy, not 100% reliable, but when needed, I bet that they can do it. And once they have done that, it seems that the rest just falls into place.
-
@BRRABill said:
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
Also, is the enclave tied to the drive?
AKA: could they image the drive and just keep trying with new images, or does the enclave control the 10 attempts?
The enclave controls the attempts. But those are software attempts.
-
@BRRABill said:
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
Also, is the enclave tied to the drive?
AKA: could they image the drive and just keep trying with new images, or does the enclave control the 10 attempts?
the drive has nothing to do with it.
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
-
@Dashrender said:
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
Right, it's accessing it without iOS that I'm expecting.
-
Maybe they should hire a psychic.
-
@scottalanmiller said:
@Dashrender said:
So sure, you can get the standard flash/SSD chips from the phone, desolider them, connect them to a reader, pull the data off, and start applying 256 bit decryption codes to it...and we'll see how long that takes before you guess the right one.
Well, they have some crazy equipment for that, so while not fast, likely faster than you are thinking.
Oh I know - the new facility in Utah is probably trying trillions or more options a second.
-
@scottalanmiller said:
@Dashrender said:
So I suppose if you could disassemble the CPU and get to the storage chips that the secure enclave uses, you would have the key. I guess the chances of that happening currently without damaging said memory chips, is near impossible.
I guess that the difference is is that I am expecting that they have a process for this. I'm not certain that they do, but it seems likely to me that they do. Not cheap, not easy, not 100% reliable, but when needed, I bet that they can do it. And once they have done that, it seems that the rest just falls into place.
Who is they? you mean a state sponsor? I suppose.
I recall reading a year or more ago about this very thing.. some university was working on a way to get at information inside chips without destroying the function of the chip...
-
@scottalanmiller said:
@Dashrender said:
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
Right, it's accessing it without iOS that I'm expecting.
the problem with that is that the (and I'm guessing here) secure enclave won't respond to an attempt that's not signed by Apple's private key or some other key that would be unique - but I guess if that exists in iOS, then the FBI could extract that somehow..
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
So I suppose if you could disassemble the CPU and get to the storage chips that the secure enclave uses, you would have the key. I guess the chances of that happening currently without damaging said memory chips, is near impossible.
I guess that the difference is is that I am expecting that they have a process for this. I'm not certain that they do, but it seems likely to me that they do. Not cheap, not easy, not 100% reliable, but when needed, I bet that they can do it. And once they have done that, it seems that the rest just falls into place.
Who is they? you mean a state sponsor? I suppose.
I recall reading a year or more ago about this very thing.. some university was working on a way to get at information inside chips without destroying the function of the chip...
Well, Israel, apparently.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
Right, it's accessing it without iOS that I'm expecting.
the problem with that is that the (and I'm guessing here) secure enclave won't respond to an attempt that's not signed by Apple's private key or some other key that would be unique - but I guess if that exists in iOS, then the FBI could extract that somehow..
That's my guess. Pretty much, physical access always means that you can get to the data. It might be a huge pain, but I find it likely that they will find a way.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
Right, it's accessing it without iOS that I'm expecting.
the problem with that is that the (and I'm guessing here) secure enclave won't respond to an attempt that's not signed by Apple's private key or some other key that would be unique - but I guess if that exists in iOS, then the FBI could extract that somehow..
That's my guess. Pretty much, physical access always means that you can get to the data. It might be a huge pain, but I find it likely that they will find a way.
Yep, and designers of chips will continue to try to find ways to make those breakdown solutions work.
It's like the hackers who hacked Blu Ray players to get the key for blu ray encryption... though they could get it much more easily because unlike the secure enclave, the desired data flowed out via either an API or just over the accessible pins.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
Right, it's accessing it without iOS that I'm expecting.
the problem with that is that the (and I'm guessing here) secure enclave won't respond to an attempt that's not signed by Apple's private key or some other key that would be unique - but I guess if that exists in iOS, then the FBI could extract that somehow..
That's my guess. Pretty much, physical access always means that you can get to the data. It might be a huge pain, but I find it likely that they will find a way.
Yep, and designers of chips will continue to try to find ways to make those breakdown solutions work.
It's like the hackers who hacked Blu Ray players to get the key for blu ray encryption...
And then walk away from the game due to ferocious litigation