After the uproar with Apple and the FBI because Californians do not want to unlock the device with which a terrorist committed an attack in San Bernardino, a security company comes to the fore to say that it is technically possible to get inside a locked iPhone .
Since iOS 8, Apple warns that iPhone data is encrypted and even they have no way to unlock it . Even if a court order asks to enter inside an iPhone, it is technically impossible to do so, or so Cupertino says. However, the company Trail of Bits tells us in its blog how Apple could access that iPhone that the FBI needs.
It is possible to take an iPhone and with a device that tries to break the unlocking code, take out the key starting with 0000 and ending with 9999. The problem for the FBI is that iOS has some security systems to make it not so “easy” to enter the system . First of all, you can enable the option for your iPhone to automatically delete all its content if you fail 10 times by entering the code. And anyone who is jealous of their privacy will have this option enabled.
Secondly, if the previous option is not activated, iOS crashes for a while if we enter the code wrongly several times , so that’s it:
- 1-4 attempts: no waiting
- 5 attempts: 1 minute
- 5 attempts: 5 minutes
- 7-8 attempts: 15 minutes
- 9 or more attempts: 1 hour
This would explain why the FBI can’t get inside the iPhone by brute force. It would take almost 10,000 hours to reach the correct code, which translates into more than a year . That’s assuming the auto-delete option isn’t enabled.
However, what Trail of Bits suggests is to put the iPhone in DFU mode and load a firmware that doesn’t have that auto-delete option enabled, without restoring the previous one, just overwrite it. With this option, the FBI could try to access the terminal by brute force, and depending on the number that the code starts with it could be a matter of days or months to find the key.
However, for this to happen, Apple has to do its part, because a modified iOS without Apple’s signature would not be validated by the device to be installed . This signature is only held by Apple, which would have to create a modified version of the iOS without this auto-delete protection.
On an iPhone 5c there would be no more problems than this, but on more modern Touch ID terminals, the Secure Enclave might not even allow Apple itself to change the firmware of a locked terminal, as the Secure Enclave cannot be overwritten without the device having been correctly wiped before.