You missed the bit where the phone wipes itself after a number of incorrect attempts.

Indeed i did, but can't you also bypass that by copying the drive? It's encrypted but that doesn't matter if it's just for backup?

Fake screen => real TMP => fake drive buffer (ignore writes)

So unlimited tries because it's unaffected by the wipe? Or does the TMP brick itself too as it wipes the drive?

Can't they disassemble the physical hardware, and then clone the flash memory (or whatever memory device it has), and then crack a clone of it without fear of self-erasure?

I don't know how the iphone does it, but in general cryptographic material is stored in a HSM (hardware security module) that is specifically designed to not only prevent people from just cloning its contents, but to also actively destroy itself if it detects any attempt to mechanically break into it (e.g. by releasing a dissolving chemical if you try and disassemble it, or something like that, but more elaborate). That makes it quite hard to clone, although not impossible for a sufficiently resourceful agency, I guess.

And if done right, without knowing the HSM's contents you have no chance to break the device's encryption, because the encryption keys are derived from the user's password based on the contents of the HSM (which could be anything) so you can't brute force the password, and it doesn't really matter that you can safely clone the rest of the data: that data is worth zero bits without the encryption key to decrypt it. In other words, unless you can learn the HSM's contents, all attempts to enter a PIN must go through it.

To be honest though I find it quite unlikely that this phone's security could really stand up to a government-funded agency with them having physical access to it. That is pretty much the hardest possible threat model and I doubt a commodity phone could survive it. This is quite clearly a political battle in order to claim precedent in future cases; it is, after all, much more convenient for security agencies to just be able to brute force random people's passwords than to surgically extract encryption keys from the phone's security module.

I really don't see that happening in the iPhone, it's not marketed as a super secret agency place to store important documents either, with how i mistreat mine it would have been wiped 10 times over and i'd probably have chemical agents spilled all over me.

This entire case has more to do with setting a precedent for installing back doors on consumer tech than anything else.

Disagree.

It is established that if the government works out how to install the back door, and they build the back door, they can require businesses to install it.

They can demand you turn over documents and records that already exist. They can require you to cooperate with an investigation, which can mean installing eavesdropping equipment, require you to split off traffic to them when the traffic is directed to specific accounts, or in the case of voice communications, ensure your VoIP protocol implements the mandatory wiretapping protocol via CALEA.

The order is not about that. The courts could rule on any of them, but the three biggest ones I've read about are:

1) First amendment challenge. SCOTUS has ruled code is protected speech. SCOTUS has ruled that freedom of speech is not just protection to state your views, but also protection from being forced to state what is not your view. The challenge is that this order is forcing Apple to state something that is not their view. The appeals court could overturn the order citing protected speech. The FBI really wants to avoid this argument, and have been doing their best to redirect from it.

2) Requirement to invent. More and more lawyers have chimed in on this one. At first it was suspected to be a first, but it seems nobody can find any legal precedent in the US where a company is required by court order to invent something. Government can encourage it and reward it, but never in history has it been a court order to help invent something. This would be a major legal challenge and major precedent.

3) Forth amendment challenge. SCOTUS has recently ruled in many recent cases that warrants around bulk actions or automated actions have a different level of scrutiny than warrants against individual and manual actions. This has come up many times in the last decade. This is fun because it is not Apple itself, but the rights of the customers. Under Just Tertii, a company can argue on behalf of their customers, since even though the customers are not named parties in the suit, the rights of the customers have a direct affect on the issue so their position needs to be considered. All of this lawsuit stems under the 4th amendment, seizing and searching a device for data. Customers have a very strong privacy right, it is a power specifically prohibited which the government cannot breach except under the conditions outlined in the 4th amendment. Since creating the software would affect all customers, would give the government a tool to automate attacks against all such devices, and since all this work is done under connection of a warrant, the argument is the warrant at issue is unlawful and overbroad. Therefore the order is unlawful and overbroad.

None are a precedent for installing a back door -- that is already possible if the Government can provide the door. At issue is if the government can force a company against their will to attempt to create a back door that doesn't exist, a back door that affects the millions of devices outside the warrant and not just the one stated in the warrant, then be forced to surrender that tool for government to use on any devices at their whim.

Or does the TMP brick itself too as it wipes the drive?

The encryption keys are in the TPM. It doesn't wipe the drive, it just wipes the encryption keys inside the TPM.

You can copy the drive all you want, once the TPM wipes the encryption keys, it's impractical to brute force the encryption on the drive.

If it wiped the key that's a different story but i wonder how high the trial and error count is, if it was really low we'd have complains from people that their data was lost. If it's even just somewhat high (100?) that's 1% of all combinations you get to try, and it's not like they're all equally likely so you get to use up say 20 on the likely bets (birthdate etc) and still get 80 more random choices, it's not huge but it's worth trying.

1) First amendment challenge. SCOTUS has ruled code is protected speech. SCOTUS has ruled that freedom of speech is not just protection to state your views, but also protection from being forced to state what is not your view. The challenge is that this order is forcing Apple to state something that is not their view. The appeals court could overturn the order citing protected speech. The FBI really wants to avoid this argument, and have been doing their best to redirect from it.

You're correct in your phrasing, the SCOTUS has ruled that code is protected speech. However, that ruling was voided because the case was to be re-tried. However, before the re-trail a settlement was reached, or something along those lines. So currently, code != protected speech. If that ruling hadn't been voided, it would be a much easier case for Apple.

It's also a clear sign that the government is reaching when they're using a 'writ' signed by George Washington to back them up. It's 227 years old and was created at the same time as the courts.

Here is the writ in it's entirety:

(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.(June 25, 1948, ch. 646, 62 Stat. 944; May 24, 1949, ch. 139, § 90, 63 Stat. 102.)

Basically, this writ states that a court can tell anyone to do anything if it's not in another law. More info about it here: Gizmodo.com