John McAfee reveals how the FBI can unlock an iPhone in 30 minutes

“John McAfee, the anti-virus program pioneer and gadfly U.S. presidential candidate, claimed that unlocking the Apple iPhone of Syed Farook, one of the shooters who carried out a deadly attack in San Bernardino, California, late last year, is a ‘trivial’ exercise and explained how it should take the FBI just 30 minutes to complete it,” David Gilbert reports for International Business Times.

“McAfee indicated he believes unlocking the iPhone is a ‘trivial’ matter and that the FBI knows this, adding that if it doesn’t, then ‘we are in deep trouble,'” Gilbert reports. “And he said that if the FBI is indeed aware of how trivial it is to unlock the iPhone, then it is deceiving the public by ‘asking for a universal key’ to access Apple’s smartphones.”

Gilbert reports, “According to McAfee, this is how the FBI could unlock Farook’s iPhone…”

Read more in the full article here.

MacDailyNews Take: Prove it, John.

Of course, even if McAfee’s claim were true, then the FBI wouldn’t have established a precedent and obtained a “key” that they can use on any iPhone they deem necessary forevermore.

SEE ALSO:
John McAfee blasts FBI for ‘illiterate’ order to create Apple iPhone backdoor – February 23, 2016
Libertarian U.S. presidential candidate John McAfee offers to unlock terrorist’s iPhone for FBI – February 19, 2016

Can the FBI force a company to break into its own products? No, says U.S. Magistrate – March 2, 2016
FBI Director Comey now claims ‘mistake made’ in changing San Bernadino terrorist’s Apple ID password – March 1, 2016
U.S. Congress likely to side with Apple vs. FBI in iPhone unlocking fight – March 1, 2016
Why did the FBI direct the San Bernardino Health Department to reset Syed Farook’s Apple ID? – February 22, 2016
Turing Award winners advocate for encryption; back Apple vs. U.S. government overreach – March 1, 2016
Mark Cuban: Why Apple must win vs. the FBI; in the United States of America, we have rights – March 1, 2016
U.S. Attorney General Loretta Lynch plays disinformation card in iPhone unlocking fight – March 1, 2016
The FBI’s case against Apple got kneecapped in Brooklyn: The judges rebuke couldn’t have been stronger – March 1, 2016
U.S. Magistrate Judge: The U.S. government cannot force Apple to unlock an iPhone in New York drug case – February 29, 2016

31 Comments

    1. inbred?

      your hyperbole knows no bounds. sad to see that you have no shred of decency or civility about you, breeze.

      Think about it: is such mudslinging the most effective way to communicate? it really just reveals how immature you are.

  1. It’s hard to know whether he is for real or whether this is simply attention seeking.

    Maybe somebody like Walt, or a journalist on a prominent newspaper should offer to give John a locked 5C with some information on it and publicly challenge him to demonstrate that he really can extract the data?

    If John is able to do what he claims, then the FBI need to engage him for his skills and reward him handsomely. On the other hand, if he cannot do what he claims, then hopefully that would shut him up and stop him from being a distraction.

    1. I like your public challenge idea!

      And hopefully, the FBI would be smart enough to not turn off that iPhone 5c until McAfee demonstrates that this could be done on a different iPhone 5c. If the FBI isn’t smart enough to do that, and turns over the suspect iPhone 5c without a demonstration first, then as McAfee said “we are in deep trouble”!

  2. I had to go and look at what comes after “here’s how you do it.” And it is truly ridiculous:

    “You need a hardware engineer and a software engineer. The hardware engineer takes the phone apart, and copies the instruction set [the phone’s mobile operating system and installed applications] and the memory. You then run a program called a disassembler, which takes the 1s and 0s and gives you readable instructions. Then the [software engineer] sits down and reads through it. What he is looking for is the first access to the keypad, because that is the first thing you do when you input your PIN. When he sees that, he reads the instructions for where in memory the secret code is stored.”

    Couldn’t be easier! Just get two engineers with 30 minutes of their time and they’ll get it done for you!

    The worst of it all is, there are many people out there who will actually believe what this guy is saying.

      1. Honestly, I wasn’t expecting that I’d need to explain the reasons why his comments are ridiculous on this of all forums. Most posters here know enough about hardware and software engineering to know that what he is proposing is simply preposterous. If we for the moment even accept that a hardware engineer could plausibly find a way to disassemble the software in the phone, that software engineer would then need to read through close to 1GB of code. My first computer was called Sinclair ZX Spectrum, an 8-bit device with some 16kb of OS. It took several hours to read through thousands of lines of assembly code that was in the OS. Now, iOS has 50,000 times larger OS than ZX Spectrum. Granted, a lot of it is GUI imaging, but one still has to sift through the code, so even if the code is only 10%, it should take thousands of hours to decypher it. And we are dealing with the low-level assembly code, which means that this engineer would really need to know how to decompile it in order to understand what it is doing.

        All this without even accounting for data encryption.

        1. “Most posters here know enough about hardware and software engineering…”

          I can’t imagine what gave you that idea. I am amazed and impressed when I see posts with detailed and factual technical content. I think a lot of people here are users of their computers and phones, without more than a smattering of tech/coding knowledge, if any.

        2. Assuming the SW engineer is worth his salt, if the HW engineer could give the SW engineer a fully disassembled source code, I would think the SW engineer would use a pattern match utility to find the ‘suspect’ locations for PIN first access and cut down search time dramatically. The search could even be done in parallel with several cores searching different sections. I would think encrypting the encryption routines would be counterproductive let alone the rest of the OS. What this all comes down to is whether access to that source code is even possible in the first place.

      1. Unless logic rules for CPUs have changed I would think even decades old assumptions of how assembly works would remain valid. Apple using ARM architecture components for their CPUs also reduce the learning time for understanding the Apple A-series assembly language even w/o documentation from Apple.

    1. i read that and immediately thought:

      What part of “Apple does not store the User’s Passcode on the iPhone.” is John McAfee failing to comprehend or grasp? You cannot find something stored on the iPhone that was never stored in memory in the first place.

  3. McAfee enjoys the publicity. Russia Today is not really a news organization. BUT, he does propose a different approach, one that involves having physical access to the phone, and thuse one which would not put all our personal iPhones in jeopardy of being remotely cracked. If it’s true, then it makes the FBI look even more like fools and liars.

    I notice that Comey now says a “mistake was made” in having the password reset on the terrorist’s iPhone. People make mistakes. I’d really like to know, WHO made it? Why didn’t the congressman ask THAT question?

    1. I agree that if a backdoor becomes a requirement for some reason the only ‘real’ solution would be needing non-trivial physical access to the device being searched. This would effectively restrict wide-area surveillance of personal encrypted mobile devices.

  4. Not buying it. If it were that–relatively speaking, of course–easy to do, there’s no reason why the FBI (with their vast resources) couldn’t have broke into the phone already.

    Now’t there’s always the possibility that the FBI didn’t know this, and took a different route, but McAfee still sounds like he’s whoring for attention.

  5. If I am not mistaken the iPhone password is not stored in memory, like most devices. It is stored in the secure area on the processor. I would assume this makes it a little harder to access.

    1. Ooo Baby! Here We Go!

      John McAfee better prepare to eat a shoe because he doesn’t know how iPhones work
      His plan to crack the iPhone will not even begin to work.

      The core claim, the part on which everything else hinges, is that there is a location on the iPhone’s flash storage (or perhaps RAM; he uses “memory” pretty interchangeably for both) that contains a plaintext, readable copy of the device’s PIN, and that iOS compares the PIN typed in to this stored value. It’s true that Apple could have designed the iPhone this way, if Apple was staffed exclusively by idiots. But Apple did not design the iPhone this way, and John McAfee should know that Apple did not design the iPhone this way. . . .

      If John McAfee really does believe that the FBI, and everyone else working in computer security, is some kind of an idiot who hasn’t realized a very basic and simple flaw in the iPhone’s security, he could trivially prove his theory and show the world where the iPhone keeps its PIN. He could film the whole thing and put it on YouTube. Given that the whole exercise should only take half an hour, it’s hard to see any reason why McAfee wouldn’t do this—unless he’s not a fan of the taste of shoe leather.

      😀 😀 😀

    1. This guy doesn’t know anything about it. You try to install anything with the DFU mode, you still have to have the passcode to open the iPhone with any data still in it. If it doesn’t have any data left in it, you can get to an phone that’s indistinguishable from a factory new iPhone. Otherwise, any changes to the firmware forces an install that requires a restore with re-sync from a backup. Without an AppleID or the original passcode, you get nowhere.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.