[nxobject]

It's a pity that we (likely including the journalist) don't know more about how the cops got access to the iPhone beyond cloud backups: the one thing I'm taking away from this article is that passcodes can still be brute forced.

[Terretta]

Well, look what vectors Apple thinks are used (most while you keep using it, some physical):

https://support.apple.com/en-us/105120

[worthless-trash]

I think that bruteforcing the passcode is an unlikely attack vector, if they do "brute force it" it likely wont be with apples OS running, it would be some kind of custom attack.

[blitzar]

Image device -> run image in emulator -> try 5 passcodes -> get blocked -> reload image -> try 5 passcodes -> get blocked -> ... -> try 5 passcodes -> unlock phone.

[kalleboo]

That's the point of the Secure Enclave, where the password keys are stored. It's designed to be impossible to image. Early attacks relied on pulling the power to the chip after it sent a failure message but before it updated the attempt counter, this is fixed on newer revisions to happen the other way around.

[Am4TIfIsER0ppos]

Are you a hardware engineer at apple speaking in official capacity? Not that I would believe that even you were. Of course the government can read their surveillance device.

[sidoshi]

How do you Image an iphone device?

[einsteinx2]

I assume you can desolder the flash chip and directly dump its contents. Not trivial, but not too difficult for someone with the right skills.

[kalleboo]

That won't give you the encryption keys, which are stored in the Secure Enclave.

[aziaziazi]

Isn’t the Secure Enclave another separate flash chip?

[filoleg]

Yeah, I had the same question. Because the grandparent comment explanation felt very much like the “…and then draw the rest of the owl” joke.