For more than a month, federal investigators have insisted they have no alternative but to force Apple to help them open up a phone used by one of the San Bernardino shooters.
That changed Monday when the Justice Department said an “outside party” recently showed the FBI a different way to access the data on the phone used by Syed Farook, who with his wife killed 14 people in the Dec. 2 attack.
The magistrate judge in the case postponed a hearing scheduled for Tuesday and gave the government two weeks to test its method. But federal officials have been mum about who came forward and what method they’ve proposed. Here are some of the leading options outside experts think the FBI might be exploring.
___
BACK UP AND ATTACK
One likely scenario involves making multiple copies of the iPhone’s flash memory, which investigators could use to restore the phone’s data should they inadvertently trigger the phone’s “self-destruct” feature by making too many wrong guesses at the passcode.
That feature doesn’t actually erase all the files on the iPhone. Instead, it erases a section of the iPhone’s memory that contains one of the keys necessary to unlock the data on the phone. This section, known as the “effaceable storage,” sits in a memory chip that theoretically could be removed and plugged into a reader device that’s capable of electronically copying what’s stored on the chip — and then replacing the data if it’s been erased.
While the technique hasn’t been proven for this purpose, forensic expert Jonathan Zdziarski said it was demonstrated in a widely circulated video that shows a Chinese smartphone vendor using a similar procedure to install more memory capacity on an iPhone. FBI Director James Comey was asked about the technique during a congressional hearing on March 1, but Comey didn’t say directly whether the FBI had considered the approach.
___
RESET THE COUNT
A more nuanced approach would involve isolating the portion of the phone’s memory where the count of how many passcode attempts have been made is stored, said Ajay Arora, CEO and co-founder of Vera, an encryption software company.
In theory, the person working on the phone would then be able to reset the count each time it approached 10, allowing investigators to make an infinite number of guesses.
“This is more technical and a little more difficult, because you’d have to isolate the section,” he said. Apple hasn’t provided any maps to show where that data is stored. The main problem: The FBI would run the risk of losing information if something went wrong.
Shane McGee, chief privacy officer at the FireEye cybersecurity firm, agreed that this kind of approach could potentially work. “All the government really needs is the opportunity to do a very simple, brute-force attack,” he said.
___
DE-CAPPING
Another approach, sometimes known as “chip de-capping,” calls for physically removing the casing of the iPhone’s processor chip, using acid or a laser drill. In theory, investigators could
