[Cryptography] iPhone hardware attacks

Phillip Hallam-Baker phill at hallambaker.com
Wed Mar 2 15:41:17 EST 2016


On Wed, Mar 2, 2016 at 3:15 PM, Perry E. Metzger <perry at piermont.com> wrote:
> I keep wondering what the odds are that the NSA has no method
> available to decap the chips within an iPhone and extract secret
> keying material. I suspect they must be able to do that, even from one
> of the more modern iPhones with hardware based security modules.
>
> The techniques for doing this sort of thing are both well known and in
> the open literature. Even skilled amateurs manage such feats on older
> hardware quite routinely -- I've personally witnessed chips being
> decapped and put into university grade equipment for analysis. Given
> the NSA's budget and mission, it seems highly, highly unlikely that
> such methods are unavailable to them.
>
> This brings up another question. FBI officials have testified under
> oath that there is no government agency that can extract such
> information on their behalf. Is that very careful spin, willful
> ignorance, or simple perjury?

The NSA would not tell them about their capability. The NSA is not
testifying and so the NSA can lie to the FBI and let the FBI testify
on that lie to Congress without having perjured themselves.

Not that that would be a concern for them. Clapper got away with it.

On the broader question, I think part of the issue is what the
probability of success is. The software route is pretty much 100%
guaranteed to work. I don't think you can say that for decapping. A
bit too much acid, a slip of the hand, light erasing the stored
data... Lots of opportunities for a slip twix cup and mouth.


More information about the cryptography mailing list