Edward Snowden rubbishes FBI claims that it needs Apple’s help to unlock iPhone

9 Mar 2016

Rogue, exiled NSA agent Edward Snowden has revealed the FBI doesn't need Apple's help to bypass the iPhone's auto-erase defences

“Respectfully, that’s bullshit,” said the rogue and exiled NSA operative Edward Snowden in relation to the FBI’s claims that it needs Apple’s help to unlock the iPhone at the centre of the San Bernardino shootings investigation.

Apple is locked in a tooth-and-nail fight with the FBI over the question of putting a backdoor into the iPhone’s encryption settings. It has been ordered by a court to help the FBI crack the iPhone of the shooter Syed Farook who, along with his wife Tashfeen Malik, killed 14 people and injured 22 others in San Bernardino, California, in December.

The situation has led to an enormous debate about the future of security and Apple CEO Tim Cook has gone as far as describing the creation of such a backdoor as unleashing “the software equivalent of cancer”.

‘The FBI says Apple has the ‘exclusive technical means’ to unlock the phone. Respectfully, that’s bullshit’
– EDWARD SNOWDEN

Snowden, who was speaking yesterday at Common Cause’s ‘Blueprint for Democracy’ conference, said it appears the FBI doesn’t actually need Apple to create this mythical backdoor because the FBI has the technical means to do so already.

“The FBI says Apple has the ‘exclusive technical means’ to unlock the phone,” Snowden said. “Respectfully, that’s bullshit.”

He later expanded in a tweet linking to a blog post by Daniel Kahn Gillmor of the American Civil Liberties Union who said the FBI’s major claims in the iPhone case are fraudulent.

How FBI can bypass iPhone auto-erase feature

Kahn Gillmor said that the FBI can bypass the iPhone’s ability to wipe itself after 10 failed attempts because it can already back up part of the phone in a location called Effaceable Storage before even attempting to guess the passcode.

Kahn Gillmor explained: “The iPhone protects its user’s data with a complex hierarchy of cryptographic keys. Some data is protected by multiple keys. Imagine a pile of letters and photos placed inside a locked box, with the box itself placed inside a locked filing cabinet. You’d have to have keys to the filing cabinet and the box to read any of the letters or see any of the photos. If either of these keys is destroyed, the letters and photos are lost forever.

‘All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then retry indefinitely’
– DANIEL KAHN GILLMOR

“When iOS decides to wipe out user data because the passcode guess limit has been reached (or for any other reason), it doesn’t actually erase all the data from its underlying storage; that would actually take several minutes. Instead, it just destroys one of the keys that protects the data, rendering that data permanently unreadable. The key that is erased in this case is called the ‘file system key’ —and it is not burned into the phone’s processor, but instead merely stored in what Apple calls ‘Effaceable Storage,’ which is just a term for part of the flash memory of the phone designed to be easily erasable.”

Kahn Gillmor says that this file system key is in effect the key to the entire filing cabinet and this file system key is stored in the Effaceable Storage part of the iPhone in the NAND flash memory.

“All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then retry indefinitely because it can restore the NAND flash memory from its back-up copy,” Kahn Gillmor said.

So what are the FBI’s actual motives? Perhaps the path to easier investigations in the future is a precedent of complicity by tech giants and it is better PR for the FBI if the tech giants are cooperating rather than resisting.

But most worrying of all is the reality that even though Apple is fighting from the moral high ground about a backdoor being created not only for the good guys, as Kahn Gillmor has just illustrated, the bad guys now have a way of trying to hack the iPhone at their leisure.

And that should be a concern for every smartphone owner on the planet.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com