Zdziarski’s take on the FBI’s ‘alternative’ method

“FBI acknowledged today that there ‘appears’ to be an alternative way into Farook’s iPhone 5c – something that experts have been shouting for weeks now; in fact, we’ve been saying there are several viable methods,” Jonathan Zdziarski writes for Zdziarski’s Blog of Things.

“We do know that the FBI frequently works with a number of contracted external forensics and data recovery labs, especially a handful at the top. The likelihood here is that a third party contractor, such as one of these forensics or data recovery firms, has devised a method and notified FBI of their findings,” Zdziarski writes. “Many firms have outright denied that they are the one, however there are at least a few firms that are not denying it, or not talking at all. The one that is the most tight lipped is, of course, the one people are paying the most attention to. I’m not at liberty to specify who, but you can count on reporters to be banging on doors in the middle of the night for this kind of information.”

“Speaking of middle-of-the-night, the brief was dated for Sunday, suggesting perhaps it was put together Sunday night,” Zdziarski writes. “No forensics companies in the US are likely up and working at that hour, which seems to at least hint that it’s possible this company may be based overseas, where it would’ve been Monday morning. This is speculation, however worth investigating as a number of such DOJ contractors are based overseas… Most of the tech experts I’ve heard from believe the same as I do – that NAND mirroring is likely being used to some degree to brute force the pin on the device.”

Much more in the full article – recommendedhere.

MacDailyNews Take: Zdziarski descibes the NAND mirroring technique as “kind of like cheating at Super Mario Bros. with a save-game,” which is exactly what we were thinking, too, as we read it.

10 Comments

  1. From the article: “Just a few weeks ago, congressman Issa confronted Comey rather aggressively before Congress. He described a NAND mirroring technique that the tech community had been buzzing about for a week or so prior to the hearing.”

    The FBI knew or should have known about this method. My guess is that they felt increasingly insecure about their chances to win public support and decided, at the last minute, to bail out of their self-inflicted catastrophe.

    1. grwisher, I think you are right. Our govt is playing fast and stupid on this whole screw america for a few more votes.

      While Pres. Obama has done some good things in his time, his comments that we fetishize over our phones shows how stupid he can be. He has a staff that makes his calls, sets his appointments, verifies security, etc….. we have to do that all by ourselves and still work to make a living.

      If it were not already 8 years…. I would say… “the man has to go”. And now I wonder what is Hillary’s position on this???

      Both parties are totally making a fool out of themselves on this. so sad.

  2. This is from the BBC: “The FBI said on Monday that it might have found a way to deal with the password lock set by killer Syed Rizwan Farook, who was behind an attack in San Bernardino, California, in December.
    An Israeli newspaper has since reported that data forensics experts at Cellebrite are involved in the case.
    Cellebrite told the BBC that it works with the FBI but would not say more.”

  3. “the brief was dated for Sunday, suggesting perhaps it was put together Sunday night,” Zdziarski writes. “No forensics companies in the US are likely up and working at that hour”

    Now you’re thinking like a government agency instead of a private company.

  4. FBI doesn’t need Apple’s assistance to hack an iPhone after all. So iOS can be hacked and Tim Cook’s statements are irrelevant. Maybe Cook should apologize to users for such a susceptible OS.

    1. The FBI (and the most technologically advanced country in the world) spent millions in court cost because they couldn’t break into the phone. Now they are saying that they found someone who might, with the help of some of the most powerful computers) get past a password.
      Now compare that to Android phones who local police tell me they can break into during their sleep.
      Sounds rather secure to me.

      Now waiting for your apology.

      1. also I note the technique which seems very involved doesn’t work with newer iPhones or alphanumeric passwords.

        “It’s also a technique that wouldn’t work in an A7 or newer iPhone that has a Secure Enclave. More importantly, this technique wouldn’t work at all had Farook used a complex alphanumeric passcode.”

  5. You haven’t a clue how FBI hacked the iPhone, in other words, you are completely ignorant of the method FBI used. You had better hope and pray that fBI hackers did not find a simple and elegant method that anyone else could use.

    Apology neither offered nor required.

    1. Before attacking people for not having a clue, you might to bear in mind that the FBI have only talked about evaluating a technique. I’m not aware of any statements that they have actually hacked Farook’s iPhone, so talking about it in the past tense as though it has already happened is wrong.

Leave a Reply to Joe Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.