John McAfee Reveals To FBI, On National TV, How To Crack The iPhone

My understanding based on https://www.apple.com/business/docs/iOS_Security_Guide.pdf :

The passcode is not stored anywhere. There is a secret key, but you cannot read it directly. You can request a combination of the secret key and a user-entered passcode every 80ms. You can use this combined key to attempt to decrypt the phone.

On an iPhone 5c, those key requests are rate-limited by the operating system. Every time you try a new passcode, the OS increments a timer and makes you wait longer and longer before trying again, even if the hardware itself is technically capable of making a request every 80ms.

The FBI wants Apple to write a new version of the OS that does not increment that timer. (Side note: later generations of the iPhone [those with TouchID] have the increasing timer logic implemented in hardware, making it impossible to bypass.)


Rundown of the interview:

Inside is a processor which is a computer, the instruction set which is the iOS and all the applications that you run,

This is nonsensical. An instruction set is just a description of what instructions a computer can execute. It's not some sort of data storage.

and the memory in which you store your data.

Presumably he means non-volatile storage (i.e., flash) here. But then what is referring to with "instruction set"?

Now, let's take the FBI case. The FBI wants Apple to change their software so that it removes the check for security. So that we don't check for security any more.

Not quite. They want Apple to produce a version of the OS that allows passcode brute-forcing.

Once it has that software it can use that software on any phone. But they say they only need it for one phone. So I'm going to tell the world exactly how we do this. Now I'll probably lose my my admission to the world hackers' community, however I'm going to tell you.

Successfully breaking the passcode protection of the iPhone would increase his esteem among hackers, not decrease it. He could easily get a talk at some hacker conference on the subject, if he was capable of it.

You need a hardware engineer and a software engineer. The hardware engineer takes the phone apart. And it copies the instruction set which is the iOS and its applications and your memory.

Presumably he means "data in non-volatile storage", here.

And then you run a piece of program called a disassembler, which takes all the ones and zeroes and gives you readable instructions.

Plausible, I think. Pretty sure the OS itself is not encrypted, just user data and apps.

Then, the coder sits down and he reads through. And what he's looking for is the first access to the keypad. Because that's the first thing you're doing when you input your pad. It'll take half an hour. When you see that then you reads the instructions from where in memory this secret code is stored. It is that trivial. A half an hour.

Except that the passcode isn't stored anywhere.

All that this interview shows is that John McAfee has a very poor understanding of how a passcode works on the iPhone, and a weirdly poor understanding of computer terminology.

/r/videos Thread Parent Link - youtube.com