Security expert undermines FBI director’s claim that iPhone unlock method ‘doesn’t work’

Despite legal threats and drama, the Area 51 desert event is on
The 'raid' was a bust, but the 3-day festival is happening—with or without little green men.

See all Editor's Picks

A security researcher has called into question the Obama administration’s argument that a proposed method for accessing the iPhone of San Bernardino shooter Syed Farook wouldn’t work.

A federal judge last week postponed a hearing in the court battle between Apple and the government over access to the phone after the Justice Department announced that a third party had presented it with a possible way to unlock the device. If the method succeeds, the government won’t need Apple to write custom code disabling security features on the device, including its auto-erase mechanism, to let the FBI flood it with password guesses.

The newly discovered technique remains a secret, but security experts have speculated that it involves a process called “NAND mirroring.” This involves copying the phone’s flash memory chip so that investigators can replicate it every time they guess the password wrong 10 times and the phone erases itself.

FBI Director James Comey said at a press conference last week that NAND mirroring “doesn’t work,” but iPhone forensics expert Jonathan Zdziarski has published a proof-of-concept blog post and a video showing it in action.

The FBI did not respond to an email asking about Comey’s remarks. Mark Raimondi, a Justice Department spokesman, declined to comment.

Update 12:05pm CT, March 28: Updated to reflect DOJ response.

H/T TechDirt  | Photo via Ruiwen Chua / Flickr (CC by 2.0) | Remix by Max Fleishman

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.