How the FBI could Unlock the Apple iPhone without the Encryption Key

Here’s my recipe for unlocking the iPhone 5c used by the San Bernardino shooter Syed Farook:

• the phone is already owned by and in possession of the government
• there are only 10.000 possible combinations to try (the PIN is a 4 digit number)
• it will take about 7 months to try all combinations (due to the programmed delays) if the phone does not have the “delete all content after 10 failed attempts” option turned on
• we should assume that that feature is turned on
• the content is stored on the device only in 0 and 1 bits
• those can be read without changing them (non-invasive and non-destructive)
• thus a duplicate of the exact data can be made
• the hardware has an embedded unique identifier, that part needs to be isolated in a way that all device duplicates can interact with it
• we should probably assume that the wrong PIN code has already been tried (a few) times
• the maximum is 9 times out of 10, so if we err on the side of caution, 10.000 device duplicates need to be made
• the cost of the hardware is significant (the retail price is around 650 USD)
• however, the hardware can be virtualized
• that makes duplication cost about zero, but the reverse engineering rather costly
• but once that is done, the government can “unlock” all devices of that same type by just duplicating all the bits into the virtual model

References:

• https://scholar.google.nl/scholar?cites=13086092394573857191
• http://www.adisa.org.uk/
• https://en.wikipedia.org/wiki/Mobile_device_forensics