The FBI Will Likely Use 'NAND Mirroring' To Crack San Bernardino Terrorist's iPhone


The fight between the FBI and Apple may have been put on hold due to an "outside party" willing to crack the San Bernardino iPhone, but it doesn't mean that questions still don't remain. Most importantly, who will hack it, and how will it be done?

According to one iOS forensics and security expert, we might have an answer to "how" — through an approach called "NAND mirroring," which uses a vast number of code copies to try out hypothetical passwords until the right one clicks it open.

For a simplified comparison, the technique is "kind of like cheating at Super Mario Bros.," as that same expert, Jonathan Zdziarski, put it on his blog.

 "[It's like it is] with a save-game, allowing you to play the same level over and over after you keep dying," he continued. "Only instead of playing a game, they're trying different pin combinations."

Much has been made of trying to hack into the San Bernardino phone, which belonged to Syed Rizwan Farook, one of the two terrorists responsible for orchestrating the attacks in San Bernardino, Calif., on Dec. 2, 2015. With his wife, Tafsheen Malik, Farook killed a total of 14 people. Both were eventually killed in a shoot-out with the police later that day.

Soon after the events in San Bernardino, the FBI ordered Apple to break Farook's encrypted phone to garner possible information on the case. Apple refused, and what ensued was a month-long court hearing, as well as a public debate and media spectacle over issues of national security versus privacy.

The battle between Apple and the government was put on hold on March 21, when the FBI unexpectedly announced it had found another way to hack into the encryption and asked for a continuation.

On March 23, Reuters reported the "other party" the FBI recruited for the job is an Israeli firm called Cellebrite. The company is best known as a mobile forensic software provider.

Despite the confirmation of the FBI's contracted hacker team, the actual hacking method still remains a mystery. Even so, NAND mirroring looks like it's probably the best option, asserts Zdziarski.

"The other ideas, I've kind of ruled out," said Zdziarski in an interview with Macworld. "None of them seemed to fit."

As for how long the process will take? As Macworld stated:

"Farook's iPhone used a four-digit passcode, which would result in 10,000 permutations, a low enough number to be possible to brute force using NAND mirroring, but one high enough that it may take the two weeks the DOJ has given itself to report back to the federal magistrate."


Photo: Brad Wilmot | Flickr  

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics