[anonu]

The key sentence from the article for me is: the company has refused to help the F.B.I. open the phones themselves, which would undermine its claims that its phones are secure.

I would assume that even if the software/cryptography is secure, Apple would have a physical/hardware-based way to access the data. But they can't admit to this as its a big part of their marketing around the product.

I think there may be an Israel-based security company that has managed a hardware bypass. But this was a few iPhone generations ago. Not sure about the latest products.

[cronix]

Pegasus, by the NSO Group. Yes, for the right money you can get into any iPhone. It was pretty effective to help Saudi Arabia kill Khashoggi and also aide other gov'ts, like Mexico, in going after journalists and dissidents. NSO Group "carefully screens" who they sell their technology to, and the Israeli gov't "approves" the sales prior. https://www.cbsnews.com/news/interview-with-ceo-of-nso-group...

[olliej]

No, read the Apple security white paper. Apple can’t install software on the phone without the passcode, and the permanent storage is encrypted by keys held in the Secure Enclave - eg an HSM designed specifically to thwart physical attacks.

All the existing attacks have started with at least a partially unlocked phone.

[anonu]

Maybe that's all true.

But can you discount a scenario where a hardware hookup and brute forces through all possible numeric security codes? Could take less than a minute. Who is to say there isn't a bypass that allows them to do this? Very hard to tell

[olliej]

The secure element is responsible for gating retries, and like all HSMs is designed specifically to prevent tampering, so everything - including retry counts and delays - is theoretically rendered untamperable.

I am aware of two bugs in that logic over the years - I can’t find the articles off the top of my head. One was essentially a TOCTOU bug that could be triggered via voltage spikes to reset the device after you tried to unlock but before it updated the retry count. The other required imaging and restoring the flash between each attempt. I don’t know how that was fixed, but it should hopefully be obvious that That is going to take more than a minute to brute force a 6 digit passcode.

[lilyball]

Why would you assume that? It's in Apple's interests to have no way at all to access a locked phone without the passcode. The best they can do is wipe the thing.