[ggreer]

No. From Apple's iOS security guide[1]:

> The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused (UID) or compiled (GID) into the application processor and Secure Enclave during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed by dedicated AES engines implemented in silicon using the UID or GID as a key. Additionally, the Secure Enclave’s UID and GID can only be used by the AES engine dedicated to the Secure Enclave. The UIDs are unique to each device and are not recorded by Apple or any of its suppliers. ... Integrating these keys into the silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. The UIDs and GIDs are also not available via JTAG or other debugging interfaces.

Even for older devices like the iPhone 5C, if the owner chose a good passphrase, I doubt it can be decrypted with Apple's help.

1. From the section on Encryption and Data Protection. Starts on page 10: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

[some_guy_there]

Thanks. So only recourse for highly resourced adversary will be to decode key via hardware imaging (not sure if any research has been done on this), and after that they will still have to bruteforce the passphrase used to secure the phone, the effectiveness of which depends on the entropy of passphrase.

I wonder what how Apple can help the law enforcement here.

[akiselev]

A lot of research has gone into information recovery from silicon inspection since it's tied closely to reverse engineering ICs. It's not the most trivial of pursuits but widely done.

There are some hardware HMACs (Atmel's in particular IIRC) where the process of opening the chip package destroys the area of silicon that encodes the private keys. I don't know if Apple used the same tech but if they did, any attempt to look at the private key storage would destroy it.

[cnvogel]

This kind of security is used in SIM-cards, access-cards for pay-TV, TPMs. Kind of standard with various variations.

Some criss/cross metal mesh as the topmost layer you would have to penetrate, or photodiodes that sense the light if you put a device under a microscope, ...

[EGreg]

Quantum cryptography would be fullproof. Any attempt to view the algorithm instead of using it would render it useless.

[cyphar]

That's not how quantum crypto works (it's based on observation of state, not the algorithm). Further, we've had cases of quantum crypto that just wasn't good enough to stop an observer from MITMing the internal state.

[squidbidness]

The usual expression is "fool proof", rather than "fullproof".

[superuser2]

It sounds like since the UID is fused it cannot be erased; it's probably the GID that's erased, and it sounds like the GID is known to Apple.

[savoytruffle]

None of the local passwords within passwords are known to Apple. They say.

The FBI is hoping they do know something secret.

In most cases it would be easier to subpoena online accounts, but of course Apple says iMessage is also unreadable for different reasons.

[X-Istence]

but fuses can be blown. Simply by blowing one of the fuses the key will change. Even a single bit change means it's useless to authorities.

[tlrobinson]

The fuses are only "blown" (i.e. the UID is burned into the chip) at manufacturing time, not when the device is erased.

When a device is first set up (or wiped) a random key is created and encrypted by the Secure Enclave with a key derived from the user's passcode and the device's UID. Since only that particular device's Secure Enclave has access to the UID the user's passcode can't be brute forced by any other computer, which enables the Secure Enclave to enforce policies like the passcode attempt delay and incorrect passcode attempt. If the device needs to be wiped the random key is simply erased by the Secure Enclave.

(Also, if you only changed 1 bit that would mean you only had to try 2 possible keys...)

[superuser2]

Thanks, that's what I was missing.