Skip to main content

Edward Snowden says FBI’s claims are “BS,” explains how they can bypass auto-erase [Video]

Former U.S. spy agency contractor Edward Snowden is interviewed by The Guardian in his hotel room in Hong Kong...Former U.S. spy agency contractor Edward Snowden is seen in this still image taken from video during an interview by The Guardian in his hotel room in Hong Kong June 6, 2013. Snowden was on July 24, 2013 granted documents that will allow him to leave a Moscow airport where he is holed up, an airport source said on Wednesday. The official, who spoke on condition of anonymity, said Snowden, who is wanted by the United States for leaking details of U.S. government intelligence programmes, was expected to meet his lawyer at Sheremetyevo airport later on Wednesday after lodging a request for temporary asylum in Russia. The immigration authorities declined immediate comment. Picture taken June 6, 2013. MANDATORY CREDIT. REUTERS/Glenn Greenwald/Laura Poitras/Courtesy of The Guardian/Handout via Reuters (CHINA - Tags: POLITICS MEDIA) ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. FOR EDITORIAL USE ONLY. NOT FOR SALE FOR MARKETING OR ADVERTISING CAMPAIGNS. NO SALES. NO ARCHIVES. THIS PICTURE IS DISTRIBUTED EXACTLY AS RECEIVED BY REUTERS, AS A SERVICE TO CLIENTS. NO THIRD PARTY SALES. NOT FOR USE BY REUTERS THIRD PARTY DISTRIBUTORS. MANDATORY CREDIT

We said yesterday that the war of words on the Apple/FBI dispute were hotting up, and Edward Snowden has now taken things a step further, suggesting that the FBI’s claims that they need Apple to access the iPhone are … not true. His comments were reported by The Intercept, which posted video of the discussion at a civil liberties conference.

“The FBI says Apple has the ‘exclusive technical means’” to unlock the phone, Snowden said during a discussion at Common Cause’s Blueprint for Democracy conference.

“Respectfully, that’s bullsh*t,” he said, over a video link from Moscow.

Snowden had earlier described how the FBI could physically extract the passcode from the iPhone chip, and has now linked to an explanation of how the agency could bypass the auto-erase feature …

The method, posted on the ACLU website, relies on the fact that the ‘passcode attempt’ counter is store in NAND flash memory, in what is known as Effaceable Storage.

All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy […]

The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.

While a non-trivial solution, it is certainly less risk than chip decapping, and a technique that many commercial data recovery labs are capable of employing.

You can watch the video discussion –with rather poor quality audio – below. The relevant section starts at 30:25.

Via TNW. Photo: REUTERS/Glenn Greenwald/Laura Poitras/Courtesy of The Guardian/Handout via Reuters.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. alanaudio - 8 years ago

    This is the solution that Apple should propose to extract the data for the FBI. If there are commercial data recovery labs that are willing to do this work, then so much the better.

    By supporting a solution of this type, Apple avoids the ethical nightmare of having to create a back door. Furthermore, by having the work done in an independent establishment, Apple are not having to get involved with cracking the protection and don’t need to know how to do it, so security agencies elsewhere in the world won’t be able to pressure Apple to do this for them too. Apple can simply refer them to the commercial company that does the work.

    Of course the FBI will respond by coming up with another carefully chosen crime carefully chosen with slightly different circumstances where they can again try to pressure Apple to create an unlocking instrument for them, but by then, Apple will have moved on to an operating system designed in such a way that Apple has no known way of cracking it.

  2. PMZanetti - 8 years ago

    Because it has never, ever, been about this phone. The FBI chose this phone in the hopes of generating uninformed public sympathy.

    • spanky2112 - 8 years ago

      Exactly right! It was never about the phone. It’s about the ego of our government agencies that get bruised when they find a product they can’t hack. Whether there is or is not any pertinent info on the device is irrelevant to them. The fact that Apple won’t help them break their own product labels Apple as “UnAmerican” or “terrorist sympathizer”. It smacks of the time we were led to believe that Iraq had wmds. If you were against the war, you were pro terrorism.

      This play is tired and I hope that, we the people, open our eyes and get all of the facts before we give away our rights that so many have died to protect.

  3. Dave Huntley - 8 years ago

    No one needs to hear from Snowden, he is trying to stay in the news, he damaged national security, some people died because of him, he is irrelevant now. Move on.

    We can all decide what we want to do in the west without interference from this Russian.

    • Jake Becker - 8 years ago

      Thousands and thousands have died thanks to the incompetence of the government he used to live under, but endless amnesty there….

      • Dave Huntley - 8 years ago

        So two wrongs make a right? I don’t think so. Snowden did this all wrong, he prob sees it now, the reporter and wikileaks have all backed off after the dump of unredacted documents. What they did was treason. Snowden can rot where he is under a dictator, how ironic since he loves freedom he says.

    • Steve Sabol - 8 years ago

      Do you have a source confirming people actually died? I ask because I can only find officials saying the leaks put people “in harms way” but no confirmation of actual deaths.

      • Dave Huntley - 8 years ago

        Go Google quips from Greenblatt and Snowden himself on the John Oliver show even it’s on you tube, Oliver called him out for those that were put in harms way and some killed because of what he did and Snowden admitted it was a mistake for that to happen. Greenblatt ran off with hi BF and published a pile of documents without redacting names. It is well documented. They were gov’t agents and contacts working in rough places, and now they are no more.

    • Sebastian - 8 years ago

      Oh really? Do you have any source on this or are you just as full of shit as Fox News?

      • Dave Huntley - 8 years ago

        he even admitted it on the John oliver interview and its why greeblatt backed off dumping documents without redaction.

        you have heard of google i assume? u should try it.

    • jacosta45 - 8 years ago

      Ha.

    • halrepublic - 8 years ago

      Then who can talk about issue like this? Give me a hint.
      He is one of the truth telling people and he knows things behind closed doors, period.
      I choose to “hear from Snowden”.

      • Dave Huntley - 8 years ago

        And you are free to have your opion, and so am i without the crap on here from my “pal” – retarded quip if I ever heard one.

      • Edison Wrzosek - 8 years ago

        You do realize it is you who sound completely devoid of intelligence? Unbelievable…

      • Dave Huntley - 8 years ago

        Wrozek: maybe u can move in with Snowden ur hero. Russia is lovely. You may disagree with me but the name calling is pretty childish and just makes u look stupid. why is 9to5 not deleting his comments?

    • Dave Huntley - 8 years ago

      And if anyone was under the impression that governments don’t spy is a fool – most of us did not need any eyes opening. The government that he gave documents to, Russia and China have massive espionage industries and you don’t criticize them, indeed he his hiding under one. So he gave a one sided expose of activity, hurting us, but not them. So what did he do? He confirmed the gov’t spied, we knew they do, but he only damaged the western governments, China, Russia and others he helped by what he did.

      He may have had the right idea but boy did he do it wrong. And the person he entrusted to publish the docs, f-d up by not removing people’s names and sold the stories and the docs to the highest bidder. Where’s your principle on that? It was stolen data sold for profit in the end, that’s why Snowden is over, he and his cronies cashed in by damaging our security and helped those who spy on us.

    • Snowden is a hero. Dave Huntley is a coward.

      Simple as that.

  4. Robert - 8 years ago

    So they have to de-solder and re-solder the chip thousands of times!

    • Zaph - 8 years ago

      No, it stated that a socket can be added. Also there may not be a 10-try and erase option set. But there will be a 1hour time per attempt and there may be a more than 4 digit PIN..

    • louiethelug72 - 8 years ago

      You Must Read The Whole Article, He Say’s,

      “If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.”

      Must not be that quick to hate without all the facts…. Lol

    • Edison Wrzosek - 8 years ago

      Love it when people comment on articles they haven’t fully read yet, brilliant…

  5. applegetridofsimandjack - 8 years ago

    Snowden is my hero. The things he has done has and will change the world even more. He fukced ‘national security’ agencies from behind and he was too big for them and came unexpected.

    :)

    • Doug Aalseth - 8 years ago

      Agree completely. He is a hero. What I’d like to see is Obama gives him a complete pardon on his last day in office. It’;s won’t happen but it should.

    • Dave Huntley - 8 years ago

      No he was a thief who had signed on the secrets acts as a document handler – not an expert in anything, indeed no one seems able to see what he is qualified for anywhere, he stole the docs over time, and then he gave them to enemies of the west. He shared his data with Russia and China, who would have killed him if he had done it to them, so hurting the one side is where he did it wrong, he should have distributed the same amount of secrets on them all, but no, all he did was endanger people from his own country. Then the deal with Greenblatt to sell stories to the highest bidders, so greedy they were they started to forget to redact agent and informant names. So the very people who tried to help you live safer, put in jeapordy by people out to cash in, or even pretend to be people they really are not… Bizarre anyone listens to him as a security expert, he is the worm you try to keep out, traitor, sell out, call him what you will. He is no security expert, he is nothing but a thief. Even on the John Oliver interview he concedes that he screwed up on that, but he doesn’t own what he did. He will never return to the west, the Russians will dispose of him at some point,the media should blacklist him.

  6. Rich Davis (@RichDavis9) - 8 years ago

    That’s a pain in the ass solution. FBI wants a quick and easy solution. If you desolder the chip from the motherboard, you run the risk of permanently damaging the chip. Yes, I”m sure some of you have done this with success, but it’s STILL risky in damaging the NAND chips.

    Doesn’t the FBI, etc. get call logs and SMS text messages without any problem? If the user has a backup to the cloud, can’t the FBI just get Apple to reset the password to iCloud, and look at emails, contacts, calendar, stuff on iCloud? Or just restore to the iPhone after it’s been reset?

    • Zaph - 8 years ago

      The FBI has stated that they already have the call logs and SMS from the carrier. Emails are probably already supplies if the iPhone was using IMAP. I guess Apple can’t reset the iCloud password because they don’t know it.

    • William Robinson - 8 years ago

      The FBI already accessed the iCloud account, with Apple’s help. But they want to sync the phone via wi-fi again to see if there is newer info revealed. But they mistakenly changed the password. As many have pointed out, the terrorists destroyed their personal phones before the attack. The iPhone was a county owned phone which the employer could transparently see all emails, photos, text etc. So it’s not likely gong to contain anything worth all this squabbling. If it did, it would have been destroyed with the other phones.

    • Peter Hillman - 8 years ago

      Rich, the last time the iPhone was backed up to iCloud was in October 2015. The attack occurred in December. The iPhone 5C was owned by the county and their mistake was resetting the iCloud password at the FBIs request. Apple cannot trigger an iCloud backup because the iPhone has the old iCloud password stored in iOS. The iPhone is locked with a passcode, which is not the same as the iCloud password. You know, the regular iPhone lock screen. Also, you cannot restore an iPhone unless you unlock it first, and enter your current iCloud password in order to turn off Find My iPhone. If this was your iPhone and you changed your iCloud password through the website, the iPhone will prompt you to enter your new iCloud password as soon as you unlock the iPhone. That is why they cannot trigger an iCloud backup. The iPhone now needs the current iCloud password, but it is still locked with the passcode.

      As others pointed out, the shooter destroyed his personal cellphone, computers, etc., before the attack. This iPhone 5C was found in the back of his mother’s car. If there was anything incriminating on the work-issued iPhone, they would have destroyed it too.

  7. technominds2016 - 8 years ago

    I have heard this idea before. It was pointed out that it can’t be done because Apple thought of this too and the flash memory is tied to the hardware and won’t work if separated. I wish I could find the article. But I believe Snowden is wrong.

    • kkk123kkk123kkk - 8 years ago

      In the case of this particular iPhone it might be possible since A6 processor doesn’t have a hardware secure enclave, and everything password wise except for the hardware key is mostly handle by software. This method won’t work on iDevice with A7 or newer processor since the secure enclave count password attempt on its own.

      • technominds2016 - 8 years ago

        Thank you. My knowledge is little sketchy on this. I had read somewhere that it might not be as easy as everyone is suggesting. Unfortunately, I couldn’t find my source again.

  8. gshenaut - 8 years ago

    If you needed to do this a lot, you would probably want to use a flash memory emulator (i.e., acts like the original device’s interface but with memory in RAM so easily & quickly restored), so once the emulator is installed, no desoldering, chip swapping or whatever would be required.

  9. Seems to be a rather simplistic view of how the counter is stored. If the memory location is randomized, this wouldn’t work, unless you can also backup and store the randomizer seed. Lots of assumptions being made in this article – which leads me to the reason I’m commenting anyway:

    Since when is Snowden some sort of security guru?! He copied government files. He’s a hero or villain depending on your point of view, but I’m 99% sure no one ever thought he was a genius (or even pedestrian) hacker.

    • Dave Huntley - 8 years ago

      Snowden is an expert on everything now…. He is trying to stay relevant of course, he is old news but has to keep talking to keep his own case alive…. He wants to return to North America on his terms, but Obama won’t dare and the next gov’t will likely take him out. The longer it goes the less likely it will happen. He should have been constructive, but he was massively destructive.

      He did this all wrong, he is nothing but a thief, he was hired as document handler but sells himself as an tech expert. Whatever, he deservers everything he gets, but media should forget the traitor, let him rot in his KGB paradise, they are the only ones he helped out.

  10. pdixon1986 - 8 years ago

    Yay… Snowdon has just basically shared with the world how to access the data on an iphone…

    I did say it would take time, and probably by the end of the year someone will figure it out…

    It would seem the FBI are just trying to make it legal so that it will be easier for them… so even if Apple win – the FBI can still access your data if they have your phone, it will just be a question of whether it’s legal…

    • transamken - 8 years ago

      Yeah ok enjoy bending over and letting the government pull your rights right out of your ass in the false name of safety. Snowden is a hero rather you like it or not, this administration turned on whistle blowers so I don’t blame him for running one bit he was never going to get a fair trial here.

      • pdixon1986 - 8 years ago

        I don’t care who it is… basically he has confidently stated a way of bypassing Apple’s encryption, which essentially should laugh this whole thing out of courts…
        The only reason it’s in court is to make the FBI’s job easier…
        But now people know it is in fact possible to access personal data on the iphone.

      • Dave Huntley - 8 years ago

        And where did he run to? China and Russia. Handing out documents exposing agents from his own country all along. The laugh at people like him handing everything over for free. If he had done it to them, he would have been killed. Thats the difference between them and us.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear