Skip to main content

Edward Snowden describes how the FBI could physically extract passcode from iPhone chip without Apple’s help

decapping

With Apple calling on the government to withdraw its demand that the company create a tool to unlock the iPhone in the San Bernardino case, it seems the FBI does have a plan B – albeit a long-winded and highly uncertain one. Edward Snowden says that FBI claims that it cannot access the phone without Apple’s help are not quite true.

“The problem is, the FBI has other means… They told the courts they didn’t, but they do,” Snowden said during a virtual talk hosted by Johns Hopkins University. “The FBI does not want to do this.”

The technique Snowden described is known as chip de-capping, and involves physically attacking the chip in order to probe its contents. Four cyber security researchers contacted by ABC News confirmed that the technique is real, but far from certain to succeed …

IOActive Senior Security Consultant Andrew Zonenberg described how it works.

In the simplest terms, Zonenberg said the idea is to take the chip from the iPhone, use a strong acid to remove the chip’s encapsulation, and then physically, very carefully drill down into the chip itself using a focused ion beam. Assuming that the hacker has already poured months and tens of thousands of dollars into research and development to know ahead of time exactly where to look on the chip for the target data — in this case the iPhone’s unique ID (UID) — the hacker would, micron by micron, attempt to expose the portion of the chip containing exactly that data.

The hacker would then place infinitesimally small “probes” at the target spot on the chip and read out, literally bit by bit, the UID data. The same process would then be used to extract data for the algorithm that the phone normally uses to “tangle” the UID and the user’s passkey to create the key that actually unlocks the phone.

Once the FBI has both the UID and entanglement algorithm, it would be able to brute-force the password on a computer rather than on the iPhone itself.

As you’d guess from the description, the technique is extremely delicate and risky – and perhaps not ideally attempted by an agency whose explanations for an iCloud password change didn’t quite add up.

If at any point there’s even a slight accident in the de-capping or attack process, the chip could be destroyed and all access to the phone’s memory lost forever […] It’s definitely a non-trivial attack.

Zonenberg agrees with Snowden that the technique will be known to some U.S. government intelligence agencies, even if not specifically known by the FBI.

Quote of the piece is an unnamed military intelligence official describing de-capping as some “super risky cyber-level s***.”

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Jake Becker - 8 years ago

    “Military intelligence”

    “cyber-level” …you think?

  2. 89p13 - 8 years ago

    “In short:

    The data the FBI claims to want is on Farook’s iPhone.
    They already have access to his iCloud account.
    They might have been able to transfer the data on his iPhone to his iCloud account via an automated backup, but they can’t because they reset his Apple ID (iCloud) password.”

    So – the FBI “accidentally” screwed up by resetting the iCloud password and NOW the only way to get the data is to have Apple “Backdoor” the auto wipe feature. And we are expected to believe that they aren’t looking for a precedent setting, wide-ranging ruling that will allow the government to open anyone’s /everyone’s encrypted device whenever any one’s iPhone is “found.”

    Folks — this is an ice covered slope that we are being pushed towards with so much haste and deliberate obfuscation of the truth. Make a stand and write your Elected Official and tell them to represent you.

    • iSRS - 8 years ago

      Not only that, but any other government, even if you take the FBI at their word that they only want this one time/one phone, will see this and say, “we want that for all iPhones sold and/or manufactured in our country”

  3. Robert - 8 years ago

    It’s hard to believe this can be successfully done in the real world.

  4. chrisl84 - 8 years ago

    Extra clingy girlfriends be like, “sweet, this is how I can read all his text messages”

  5. ezeealrm - 8 years ago

    Hotwire chip like breaking into a car.

  6. Stuart Berney (@sberney) - 8 years ago

    Open the case, gently remove the memory chip from mother board or detach electrical connections and just wire up the chip to your motherboard, reinstall on your own phone. Open your phone with suspect chip attached and read whatever. Practice makes perfect.

    • The memory is encrypted, your own passcode wont decrypt it. Only the original passcode + the built in hardware UID will decrypt that memory chip.

    • rnc - 8 years ago

      Duh! If it would be that easy, they would have done already.

      The SOC has the encryption key engraved in the hardware, without it, the memory is garbage.

  7. TechSHIZZLE.com - 8 years ago

    “…super risky cyber-level s***.”

    Did they quote will.i.am?

  8. frostie4flakes - 8 years ago

    Snowden is a clown, sure there is a chance, but an image could be seated on FPGA and then a less destructive methodology used

  9. William Abercrombie - 8 years ago

    Snowden never sold anyone down the river but our corrupt government on both sides of the isle. We could use intelligence, but the good old boy’s are scared of what he might reveal about them, as yet he has left that subject alone.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear