Breaking into that iPhone seems easy, for somebody with some money

(Money like the #FBI clearly has, as evidenced by the fact that they can afford a lenghty lawsuit over the issue)

All you do is teardown the phone, unsolder the flash memory (see picture below from iFixIt), make 100,000 copies of the flash, resolder them into 100,000 iPhones, and assign 10 attempts each to 100,000 people, take one iPhone each. If it’s a six-digit instead of the older four-digit pin, otherwise we’d only need 1000 iPhones.

Obviously, if that somebody — like or unlike the FBI, I don’t know — also had some skills and some equipment, I’m sure they can do the same thing without much soldering, and with a lot fewer phones.

Of course Apple and the FBI know this, and I’d be disappointed if the FBI hadn’t actually done this already. Nah, this lawsuit is about establishing a principle, and it has nothing to do with finding out information they really need about San Bernardino.

(For those of you reading this who are still mightily impressed by the high and mighty “unbreakable crypto”: if you, the user, can decrypt your data by entering 6 numbers into your phone, so can anybody else. It doesn’t matter how strong the crypto is, all you need to do is try out all combinations of 6 numbers, which is just a million. If the phone locks after 10 attempts, my tongue-in-cheek 100,000-iphones-for-100,000-monkeys above is one way of doing that. If the government, or your adversary, had spent the time to reverse-engineer the way iOS works, or can run it in an emulator — one of which, of course, actually is distributed for free by Apple with their XCode tools — then trying out 1 million combinations should take them far less time than writing a single court filing in this lawsuit. How less time depends on their setup, but they certainly have setups where it could take something like the actual, not proverbial, microsecond. This makes the assumption that all the needed data resides in flash, not in the Apple-made processor; if it were, it would become a more difficult/expensive project, but the same principles would apply. But I have not heard anybody suggest that that would be needed.)

So next time you hear something about this lawsuit, ignore everything about that awful San Bernardino shooting. It’s not about that.

It is, as Apple says, about whether governments (here the US, but no reason why it won’t apply to any other government) should have the ability to do this kind of thing routinely, specifically without needing 100,000 volunteers with 100,000 desoldered iPhones. Such as by calling up Apple, or Google, or anybody, and getting a call back with the data a couple of hours later.