Security Software & Equipment Store

Friday, March 11, 2016

Edward Snowden Weighs In on the US vs. Apple iPhone Encryption Case

Known for his numerous leaks that exposed the NSA’s mass surveillance operations, Edward Snowden is now the latest expert to take a side in the Apple vs. FBI iPhone encryption case. “The FBI says Apple has the ‘exclusive technical means,’” he said.  He then proceeded to explain how the FBI could force its way into the iPhone – which is how the FBI wants to get in – without Apple’s assistance. The FBI is worried that after entering the wrong PIN for 10 times in a row, the iPhone could automatically erase data stored on it. So that’s one of the things it’s asking Apple to remove. But Snowden revealed that the FBI could physically remove the memory from the phone’s mainboard, copy it, and then try password combinations until it finds the right one The method is described in a post on the ACLU site, which claims that FBI’s stance on this particular matter is a lie. The Bureau is worried the iPhone could destroy itself, but this method would let its hackers save the contents without Apple’s help. “All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely because it can restore the NAND flash memory from its backup copy,” ACLU wrote. “The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.” Is Snowden's approach technically viable? And if it is, should the FBI use it? Send your comments to the Cloud and Cyber Security Center .

No comments:

Post a Comment