Thursday, March 24, 2016

I'm skeptical of NAND mirroring

Many have proposed "NAND mirroring" as the solution to the FBI's troubles in recovering data from the San Bernadino shooter's iPhone. Experts don't see any problem with this approach, but that doesn't mean experts know it will work, either. There are problems.

The problem is that iPhone's erase the flash after 10 guesses. The solution is to therefore create a backup, or "mirror", of the flash chips. When they get erased, just restore from backup, and try again.

The flaw with this approach is that it's time consuming. After every 10 failed attempts, the chips need to be removed the phone, reflashed, and reinserted back into the phone. Then the phone needs to be rebooted.
For a 4-digit passcode, this process will need to be repeated a thousand times.This is doable in a couples of days. For a 6-digit passcode that is standard on iOS 9, this needs to be repeated 100,000 times, which will take many months of nonstop effort 24-hours a day. Presumably, you can make this more efficient by pipelining the process, using multiple sets of flash chips, so that a new fresh set can be swapped in within a few seconds, but it still takes a couple minutes for the iPhone to reboot.

Can an iPhone even reboot 100,000 times? Nobody knows. This is far beyond any quality assurance tests Apple does for their phones. Presumably, even this problem can be gotten around. If other components of the phone fail, in theory all you need is the CPU, which you can unsolder and stick into a new phone. Though, there may be complications, such as needing to also bring along the LTE baseband chip, because of security checks in the software.

This all assumes digits. If it's an alphanumeric passcode, then everything just got exponentially harder.

The point is this: until somebody proves this technique actually works, it doesn't. All experts agree it ought to work in theory, but there's enough problems in practice that we should be a little skeptical of it as a viable solution for the FBI. As any expert will tell you, the difference between should work and does work is huge.

The next step is for somebody to prove it works for the 4-digit solution. It's relatively straightforward as long as you have the equipment. That still won't mean it'll work for 6-digits/alphanumerics, but at least it would be a solid data point.

Update: [h/t @loon] Washington Post is reporting Comy saying (about NAND mirroring) during a news conference:
“I’ve heard that [method] a lot, It doesn’t work.”


Ashton Charbonneau said...

Four digit passcodes will need 10,000 tries - six digits will require 1,000,000.

Roko Soldat said...
This comment has been removed by the author.
Roko Soldat said...

Hence how 100 000 restarts * 10 tries equals 1 000 000.

Germain Fortin said...

Hey! don't you think FBI cannot duplicate the encryption into a kind of big blue and let it calculate all the possible codes within minutes?