How the hell could the FBI hack into that iPhone?

Experts have lots of theories, but the one that seems likeliest would be a grind.

apple-security-keys-fbi-2151.jpg

How will FBI investigators unlock the iPhone 5C used by San Bernardino shooter Syed Farook? There are plenty of theories.

James Martin/CNET

You know that part about the FBI needing Apple's help to unlock a terrorist's iPhone 5C? Never mind.

That was the unexpected message from the US Department of Justice on Monday, when it indefinitely stalled court proceedings that had been scheduled for Tuesday. Now, instead of turning to the court, the Justice Department would try a mysterious technique it's heard about that could crack the phone's encryption without Apple's help.

The feds had been pushing hard to get Apple to do the dirty work, a quest that burst into public view in February in a heated and high-stakes debate over the balance between personal privacy and national security. In the standoff, Apple had backing from across the technology industry, while the American public was deeply divided on which side to support.

What trick could the FBI possibly have up its sleeve?

Speculation is running wild among security experts, although a few theories are rising to the top. However it goes down, the FBI faces a tough technical challenge, in part because a wrong move could destroy the phone or erase its data. The solution would require some pretty creative thinking, said Ben Johnson of Carbon Black, which looks for software vulnerabilities.

"It's like a movie where you're doing all sorts of things you wouldn't think of to break into a bank," Johnson said.

NAND another thing

Harry Potter spoke Parseltongue to get into the Chamber of Secrets. The FBI would have to resort to a less magical (and a lot more tedious) solution to getting into the iPhone.

It's called NAND mirroring, and it requires copying part of the iPhone's memory. Right now, the iPhone will wipe itself clean after 10 wrong passcodes. But with a copy of the phone's flash memory, the FBI can just keep restoring the data.

"It can then retry indefinitely," wrote ACLU technology fellow Daniel Kahn Gillmor.

Gillmor wrote about NAND mirroring earlier this month, but that's when the FBI was publicly focused on forcing Apple to write a new version of the phone's operating system that would let it try unlimited passwords. Now Gillmor's theory is looking like the FBI's best bet. It wouldn't be as fast as a simple "brute force" effort password guessing, but it wouldn't require Apple's help.

On Monday, forensic scientist Jonathan Zdziarski wrote his own explanation of NAND mirroring and argued that it was the FBI's most likely tool.

Still, there are other possibilities.

Exploiting a software flaw

The feds could conceivably hack Apple's software running the iPhone through a software flaw, according to Johnson. That vulnerability might affect the way the phone works over wireless Internet, Bluetooth or cellular communications, or investigators might find a flawed app on the phone they could use to their advantage.

Whatever it is, the flaw would have to be severe to let investigators all the way into the phone's core and tell it to open. The biggest problem with this theory is that security researchers are constantly on the hunt for these sorts of weak spots. If flaws exist, we'd probably know about them.

"It's not really possible with so much attention being paid," Johnson said.

It wouldn't necessarily be surprising if a hacker went to the FBI to offer assistance, rather than to Apple. Where companies including Microsoft, Google and Facebook routinely offer "bug bounties" to outsiders who report flaws they've discovered, Apple has largely kept its own counsel on security matters. An unintended consequence of that reluctance to embrace outsiders is that those finding flaws in Apple software can now fetch a good payday from less scrupulous sources.

"Apple ... is never going to be able to compete with what is going on behind the scenes in the black market," Jay Kaplan, a former NSA analyst and co-founder of security firm Synack, told The New York Times.

Acid and lasers

Finally, the FBI could look at the chip that's storing the passcode.

As Zdziarski describes it, investigators could remove the microprocessor from the iPhone and run it through a chemical treatment before hitting it with a laser. But like Dr. Evil's plan to put lasers on sharks, this one is pretty risky. One wrong move, Zdziarski said, and the chip would be ruined. Not only would the data be lost, there would no longer be any point in forcing Apple to write new software.

The Justice Department said in its court filing Monday that it's been working on a technical solution during the entire legal dustup.

Johnson compared the behind-the-scenes machinations to a football game, saying investigators have probably moved the ball as far forward as they can.

"Maybe the FBI could get to fourth and one, but they need help [at that point]," he said.

Their solution might take investigators all the way into the end zone, where they decrypt the phone, or it might stall out completely.

On April 5, we'll know if it doesn't work. That's when the feds would come back and ask the court to force Apple to write that software.

Featured Video