Jonathan Zdziarski, a leading independent Apple iOS security researcher and forensics expert, has a theory about the FBI’s newly discovered potential route into the iPhone 5C used by San Bernardino shooter Syed Farook. In a blog post, Zdziarski wrote that the technique the FBI is planning to use to get around having to compel Apple to help bypass the phone’s security is likely a method called NAND mirroring—a hardware-based approach that, while effective, is far from the “golden key” software the FBI had sought.
The FBI reported in its filing to delay a hearing on its dispute with Apple, originally scheduled for March 22, that an outside company had approached the FBI with a solution to the “self-destruct” issue preventing the FBI from repeatedly guessing the device’s four-digit PIN. In that filing, FBI officials said that they needed just two weeks to certify that they could use the alternative approach to gain access to the phone.
Based on a number of factors, Zdziarski said that the company in question was likely one of the FBI’s external forensics contractors and that it was unlikely that it had found a “zero day” software technique to bypass the password. “Whatever technique is being used likely isn’t highly experimental (or it’d take more time),” Zdziarski noted. “Chances are the technique has been developed over the past several weeks that this case has been going on.”