[Cryptography] A possible way into an iPhone?

Arnold Reinhold agr at me.com
Sat Feb 27 19:48:14 EST 2016 


Sent from my iPhone

> On Feb 26, 2016, at 10:13 PM, Tom Mitchell <mitch at niftyegg.com> wrote:
> 
>> On Fri, Feb 26, 2016 at 2:46 PM, Arnold Reinhold <agr at me.com> wrote:
>> I found this link while working on the "FBI v. Apple" Wikipedia article:
>> 
>>    http://www.theinternetpatrol.com/how-to-avoid-the-disabled-time-out-when-trying-to-remember-your-passcode-on-your-itouch-iphone-or-ipad/
>> 
>> Here is the most relevant part:
>> 
>> “...you are allowed five guesses for free, meaning that the first five guesses do not incur any timeout penalty. But as soon as you enter your 6th guess at your passcode, if it’s wrong, your device is disabled for one minute. Then you get one more guess, and if that one is wrong, your device is disabled for five minutes. Then another guess, and if it’s wrong, you are locked out of your device for 15 minutes. After that each wrong guess at your passcode incurs a full 60 minute disabled timeout.”
>> 
>> "The way to avoid the disabled timeout when guessing at your passcode is this: as soon as you get your first message that your device “is disabled try again in X minutes”, connect it to your computer, with iTunes running. As soon as your device starts syncing disconnect it from the computer (yes, while it is starting to sync – we told you this was not approved by Apple!)
> 
> Not approved...
> Read again this blog.
> http://www.zdziarski.com/blog/?p=5645 
> 

This blog is creating a straw man and knocking it down. The FBI is not demanding Apple construct a certified forensic instrument, read the order.  I doubt any court could order that anyway.  

>  
>> This method has worked for us every time – as soon as you disconnect the device from your computer, for some reason, you will once again have 5 free guesses to guess at your passcode.”
>  
> Failure is not an option.
> 

If the reported vulnerability is real the FBI likely has labs and contractors that can develop it into a reliable method, testing it on enough sample iPhones to have confidence. The NSA certainly does and this case has international ties (ISIS) so they can be involved. The FBI could also ask for/compel technical assistance from Apple without raising the hard constitutional issues in this case. 

Seems like a win for everyone. 

Arnold Reinhold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160227/56de7ce8/attachment.html>

More information about the cryptography mailing list