I want to focus on technical aspects, not on the fact that they wanted to make a precedence.
i assume the smartphone security architecture is following:
cryptography chip. it’s read only and stateless. it contains physical cryptography key. it offers some transformations of user input. it doesn’t expose the key. it doesn’t remember number of retries
NAND disk. contains encrypted data
OS. get input from user, talks to the chip, changes the content of the NAND
retries counter. no idea where is it? is it stored on NAND disk or some other dedicated long term memory?
from what i know the FBI wanted apple to make for them less secure iOS version that doesn’t erase the disk after a few failed retries. but why do the need it? can’t they just:
- make a copy the NAND disk (in case it has some killswitch)
- get the chip’s spec and just send to it a few millions decrypt request (testing every possible user pin / password)
- if the chip stores retires counter in some dedicated memory, they can always plug in a tweaked memory that always replies with the same value when read
why do they even need an OS? it’s just a simple program that can communicate with a chip. what am i missing?