[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

Jeffrey Walton noloader at gmail.com
Fri Mar 29 09:30:56 EDT 2013

On Thu, Mar 28, 2013 at 11:42 PM, Jon Callas <jon at callas.org> wrote:
> On Mar 28, 2013, at 6:59 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> ...
>> Apple designed the hardware and hold the platform keys. So I'm clear
>> and I'm not letting my imagination run too far ahead:
>> ...
>> There are no means to recover a secret from the hardware, such as a
>> JTAG interface or a datapath tap. Just because I can't do it, it does
>> not mean Apple, a University with EE program, Harris Corporation,
>> Cryptography Research, NSA, GCHQ, et al cannot do it.
> I alluded to that before. Prying secrets out of hardware is known technology. If you're willing to destroy the device, there's a lot you can do, from decapping the chip, to just x-raying it, etc.
Using JTAG interfaces and headless pinouts are hardly destructive testing :)

>> ...
>> These are some of the goodies I would expect a manufacturer to provide
>> to select customers, such as LE an GOV. I would expect that the
>> information would be held close to the corporate chest, so folks could
>> not discuss it even if they wanted to.
> Really? Why?
> I don't believe that it is in the interests of a company to shaft its customers....
It appear Apple, Google, Microsoft, et al are doing it. From the
article (unless I am reading it wrong): "... and if law enforcement
can’t crack a seized iPhone, officers will in some cases mail the
phone to Apple, who extract the data and return it stored on a DVD
along with the locked phone."

> Let me ask again -- what could an LE or GOV offer that would be better than being cool? ...
If there is nothing to be gained, then why does LE and GOV go to the
manufacturers in the first place? I'm presuming there is extracted,
usable data on the DVD mentioned above. For some reason, I don't have
the feeling that the DVD is empty or the data returned is unusable.

For what its worth, I agree with what are saying. But from the
article, it sounds diametrically opposed to what you are telling me.


More information about the cryptography mailing list