Snowden provides a breakdown of how the FBI can use acids and lasers to hack the iPhone.

Last week’s court order asking Apple to provide software for the Federal Bureau of Investigation (FBI) to use to crack the iPhone belonging to the San Bernardino gunman generated tons of buzz as the smartphone company refused to comply. Now, Edward Snowden, former National Security Agency (NSA) contractor, is joining the hack party, suggesting that the FBI can use acids and lasers to pry out the data without Apple’s assistance.

In the court filings, the government said, “The phone may contain critical communications and data prior to and around the time of the shooting that, thus far: (1) has not been accessed; (2) may reside solely on the phone; and (3) cannot be accessed by any other means known to either the government or Apple.”

However, Snowden stated that the third statement is not entirely correct and suggested a technique that could be used to hack the device one-sidedly.

“The problem is, the FBI has other means... They told the courts they didn’t, but they do,” Snowden said. “The FBI does not want to do this.”

The method, which is called de-capping, involves removing and decapsulating the iPhone’s memory chip before exposing it to direct, microscopic examination. Once this is accomplished, the investigators can read the data as it is stored in the circuitry.

Andrew Zonenberg, a senior security consultant at IOActive and hardware reverse engineering specialist, explained the process in simpler terms: the FBI needs to remove the chip from the phone, use strong acid to remove its encapsulation, and then very carefully drill down into the chip using a focused ion beam. They could then examine the iPhone’s unique ID (UID), micron-by-micron, in an attempt to expose the portion of the chip containing exactly the useful data.

From there, the FBI must place microscopic “probes” at the target spot on the chip and read out the UID data bit-by-bit. The process is then repeated to extract the algorithm data used by the phone to “tangle” the UID with the user’s passcode and create a key that unlocks the phone.

Next, the FBI must load the UID, the algorithm, and part of the iPhone’s encrypted data onto a supercomputer and let it “brute force” attack the missing user passkey by trying all possible combinations until one decrypts the data. The guessing is done outside of the iPhone’s operating system, meaning there’s no 10-try limit or self-destruct mechanism that would entirely wipe the phone.

But, this technique is hazardous; if at any given point there is a slight hiccup in the de-capping or attack process, the chip would be destroyed, and access to the phone’s memory could be lost forever.

Source: ABC News