[Discuss] iPhone break Re: Encrypt Everything? Good Luck With That

[richb at pioneer.ci.net (Rich Braun)]

The writeup about "NAND Mirroring" suggests what I expected all along: I
really thought the FBI and major state/city police CSI units would have the
resources to extract a flash-memory chip from any phone, read/copy the
contents, and run the code externally to the phone (or put the chip back into
the phone in a reverted state for multiple password-guesses). The current
Apple IOS 9.0 doesn't contain protections against that, but it's not hard to
imagine Apple upping the ante again in the next version to make this style of
attack ever-more difficult.

What was annoying about this whole episode was that the FBI director would go
on TV, with a straight face, claiming they didn't have a way to accomplish
this. This brute-force attack is plain and obvious, and while the FBI's tech
staff may not match that of a large tech company's, I can't imagine there
being a whole lot of idiots there (indeed I went to a local conference in
November where one of the FBI's tech-elites gave a talk, mainly about her role
as advocate for women in tech).

So the FBI lied. (Surprised? I guess not.) Apple isn't out of the woods on
this, though: the whole thing makes them look bad to at least some subset of
their customers no matter how it plays out. They played up the "privacy"
aspect of encryption, presumably for PR reasons; the real issue that I see is
now that commerce has migrated to the Internet, the foundation of commerce now
includes encryption technology. Undermining encryption means rebuilding a new
foundation for commerce; not likely to happen.

-rich