How the FBI could Unlock the Apple iPhone without the Encryption Key

Here’s my recipe for unlocking the iPhone 5c used by the San Bernardino shooter Syed Farook:

  • the phone is already owned by and in possession of the government
  • there are only 10.000 possible combinations to try (the PIN is a 4 digit number)
  • it will take about 7 months to try all combinations (due to the programmed delays) if the phone does not have the “delete all content after 10 failed attempts” option turned on
  • we should assume that that feature is turned on
  • the content is stored on the device only in 0 and 1 bits
  • those can be read without changing them (non-invasive and non-destructive)
  • thus a duplicate of the exact data can be made
  • the hardware has an embedded unique identifier, that part needs to be isolated in a way that all device duplicates can interact with it
  • we should probably assume that the wrong PIN code has already been tried (a few) times
  • the maximum is 9 times out of 10, so if we err on the side of caution, 10.000 device duplicates need to be made
  • the cost of the hardware is significant (the retail price is around 650 USD)
  • however, the hardware can be virtualized
  • that makes duplication cost about zero, but the reverse engineering rather costly
  • but once that is done, the government can “unlock” all devices of that same type by just duplicating all the bits into the virtual model


3 Responses to “How the FBI could Unlock the Apple iPhone without the Encryption Key”

  1. PK says:

    Probably the Apple device and software has a contract that forbids anyone to do this, but governments don’t always follow the rules anyway…

  2. PK says:

    I’m estimating the government has already done this (as it is much faster and cheaper as this whole legal process), but it is gambling on this case being a precedent for future cases that might have less of the emotional “but these are very dangerous and bad people” reason that might sway the public to okay this privacy intrusion (and breach of the “public promise” that Apple has made to protect the privacy rights of its customers).

  3. PK says:

    And now the FBI has also figured this out, see (that probably also explains those IP addresses from the US government in my log files).

Leave a Reply