Would you still dare to use your iPhone if it has been successfully cracked?

Last week, the most sensational event in the tech world was undoubtedly the end of the dispute between Apple and the FBI (Federal Bureau of Investigation) over cracking iPhone passwords. The FBI said it had found a way to crack iPhone passwords without Apple's help. This news not only shocked the tech world, but also ordinary iPhone users, who were worried that their phone passwords would become meaningless. How did the FBI crack the iPhone password? Will it pose a threat to the security of our phones?

FBI bypasses Apple to crack iPhone

The San Bernardino shooting in the United States last December sparked a huge dispute between Apple and the FBI. In the shooting, the murderer Farook and his wife killed 14 people and injured 22. The FBI obtained his iPhone 5c during the investigation, but because the phone was password-protected, FBI investigators were unable to access the information in the phone.

Afterwards, the U.S. Department of Justice obtained a court order to force Apple to cooperate with the investigation and develop software that could bypass this security feature. However, Apple rejected the request on the grounds of protecting user privacy. The two sides launched several rounds of fierce confrontation over this.

Previously, technical experts said that there should be other ways to unlock the phone, but FBI investigators have always insisted that only Apple can bypass security procedures and asked Apple to develop a software that can bypass encryption procedures.

Just last week, the FBI announced that Farook's iPhone was successfully unlocked with the help of a third party, and Apple did not help. In response, Apple issued a statement saying that this case should not have happened at all: "From the beginning, we rejected the FBI's request and refused to open a backdoor for the iPhone because we believed it was wrong."

Although this incident seems to have come to an end, in fact, more worries have just begun. Many iPhone users feel that the passwords they set for their phones are not reliable. Once this method of cracking iPhone passwords is spread, the password protection on the phone will be useless.

Israeli companies and the “IP box”

Although the FBI did not disclose which "third party" helped it crack the iPhone password, there are reports that the company that provided technical support to the FBI was an Israeli company called "Cellebrite". According to reporters, the company's main business is extracting mobile phone data, and it is indeed an authority in this field worldwide. In fact, the police in many countries are customers of the company, using the company's equipment to extract mobile phone data.

Cellebrite's main product is called "UFED Mobile Phone Evidence Collection Box". The reporter found out that there are also agents selling this product in the Chinese market, and they have similar descriptions of its functions, including "extracting data from mobile phones of various brands and models, obtaining the phone book, text messages, call records, pictures, audio and video in the mobile phone, and supporting the cracking of the power-on passwords of more than 800 mobile phones..." It looks very professional, and it seems that with such a device, the password protection of all mobile phones will be useless.

What's more, a British media reported that a device called "IP box" was purchased online for 120 pounds, and it took only six hours to unlock an iPhone 5c. According to the report, this "IP box" can continuously try password combinations without being limited by the number of incorrect password inputs until it is successfully cracked. The device can be easily purchased in the market and online.

These two pieces of news are both puzzling and worrying. The puzzling part is that if it is so easy to crack the iPhone password, why does the FBI go to so much trouble to deal with Apple? No matter whether it is an "IP box" or a "UFED mobile phone evidence collection box", you can just buy one; and the worrying part is that if cracking the mobile phone password is really so easy, then anyone can easily crack our password, so what security can we talk about?

UFED and IP boxes are not reliable

Is it feasible to crack the iPhone password by purchasing the above equipment? The reporter consulted Han Zhengguang, one of the founders of the domestic iOS jailbreak team "Pangu", who is probably the person most familiar with the security of Apple's iOS system in China. He told the reporter that the speculations mentioned above are all groundless, and neither the "UFED mobile phone evidence collection box" nor the "IP box" can be the hero in cracking the iPhone password this time.

Han Zhengguang introduced that Cellebrite is indeed the most famous in mobile phone data extraction, and it is natural for it to provide assistance to the FBI in this matter, but where it can play a role is actually in the data analysis and extraction after the password of this iPhone is cracked, rather than breaking the password.

"I personally don't think that cracking the password is the credit of this company. It probably doesn't have the technical strength to do so." Han Zhengguang said that the iPhone passwords that UFED can crack are limited to some older versions of iOS systems, and the iOS system vulnerabilities it exploited have long been patched by Apple.

As for the "IP box", Han Zhengguang said that it is still cracked by exploiting the loopholes in the iOS7 era. By exploiting this loophole, the phone will be locked if the wrong password is entered on the screen continuously, but the password can be tried again with an external keyboard; there is a loophole in the early versions of iOS 8 that does not increase the error count if the power is immediately turned off after a failed password attempt, and the password can also be cracked by continuous trial and error and power off. However, these loopholes have long been blocked by Apple. For the current iOS system, these methods are completely ineffective.

Indeed, the reporter found that in the British media reports, the iPhone 5c that was cracked using the "IP box" was using the iOS 7 system, while the iPhone 5c used in the San Bernardino shooting had been upgraded to iOS 9, which could not be cracked by the "IP box" which has been outdated for more than two years.

iPhone 5s and above are more secure

Han Zhengguang said that the above possibilities are basically based on iPhones with 32-bit processors. For iPhones with 64-bit processors (iPhone 5s and later), neither the vulnerability nor the data backup methods will work. Because Apple has added a timer to 64-bit devices to block various brute force password guessing methods, and it is a combination of software and hardware. The methods used on 32-bit machines are ineffective on 64-bit machines. "If the FBI encountered a 64-bit iPhone instead of a 32-bit iPhone 5c, then perhaps the only way out is to use legal procedures to force Apple to make concessions."

Of course, the new iPhone is not invulnerable. Han Zhengguang said that since Apple introduced TouchID as a quick way to enter passwords in the new system, if the device has been entered with the correct unlock password and the device has been unlocked within 48 hours, it is still possible to unlock the device by cloning the fingerprint.

iCloud security should be paid more attention

According to the technical analysis of professionals, the following points can be summarized about the security of iPhone passwords: First, if you use iPhone 5s and above models, and use the iOS 9 system, then the possibility of your iPhone password being cracked by brute force by others is almost non-existent. Second, if you use a 32-bit iPhone, but the system has been upgraded to iOS 9, there is indeed a possibility that the phone password can be cracked by brute force, but this is by no means a simple operation, and requires superb technology and a lot of time and cost. It can be said that most people's phones are not worth being cracked by others in this way.

For example, the most likely method used by the FBI to crack the data is to prepare a large number of the same model to try, which is very costly. Third, if you are using an old model iPhone and an old version of iOS, then it is not difficult to crack the password. An "IP box" is enough.

The Pangu team said that as an ordinary user, you don’t need to worry too much about whether your personal phone password will be cracked, because your data is not sensitive enough for Apple to review. In fact, what users should be most concerned about is whether the email service provider registered for Apple ID is safe enough, whether the Apple ID password is too simple, and remember to enable Apple ID two-step authentication.

The above team also made more specific suggestions for users who have extremely high requirements for data protection: first, do not turn on iCloud data backup, because it is easier to obtain user data from iCloud than from an encrypted iPhone; second, do not set fingerprint unlocking. Although this unlocking method is faster, it does have risks. Someone has even demonstrated using a piece of plasticine to copy a fingerprint to unlock a phone; finally, it is best not to set a digital password for the lock screen password.

Several possible solutions

This time, the FBI wanted to crack an iPhone 5c running iOS 9, which is a 32-bit processor. The Pangu team provided several password cracking solutions that they believed were relatively feasible.

Exploiting iOS system vulnerabilities

They gain system permissions through undisclosed bootrom/iboot vulnerabilities, and then patch the kernel to bypass the software's error count to crack the password by brute force; or use undisclosed brute force to bypass the error count vulnerability (similar to the forced power-off bypass vulnerability that appeared in iOS 8). Of course, the premise of this cracking method is to master iOS vulnerabilities that are unknown to the outside world.

Repeat backup brute force guessing

The data in the flash memory on the mobile phone is cloned physically in advance, and then brute force guessing is performed through a USB external keyboard. When about 9 guesses are made, the cloned data is used to restore the phone's data physically, thus avoiding the embarrassment of data being erased.

Other technical means

For example, the suspect's life trajectory can be tracked and analyzed through the camera. If the camera happens to capture the suspect unlocking his phone in Starbucks, then the image analysis can be used to determine what the lock screen password entered by the user is.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.