Then why can’t the three letter agencies in the US unlock an iPhone? I don’t think it’s that easy. In that case all encryption would be useless if you had physical access to the machine.
It only works for things where the key is stored on the chip or phones where the key is stored in a TPM or equivalent and relies on a PIN to release it, as opposed to typical use of encryption where the full key is entered to unlock. An attacker with physical access can probe the chip but it’s risky - one slip and it’s gone for ever. This technique is most useful when all chips of this type have the same key so you only need to successfully crack one, any one. Ross Anderson’s book Security Engineering uses the example of Sky Pay TV cards https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c16.pdf
With all the encryption I’ve used these past decades the only time I have entered a full encryption key was for cryptocurrency. Aren't 99% of use cases the case where the key is stored on the client device? It seems like the main deterrent then just comes down to the failure rate of the probes.
On a tangent, a bad actor could then release HDCP keys for TVs from a big brand like Samsung and effectively invalidate all content protection for all the TVs they have already sold (afaik those can’t be remotely updated). If those keys are then revoked, there would be millions of bricked Samsung TVs.
> Then why can’t the three letter agencies in the US unlock an iPhone?
They almost certainly can but I believe the point of the FBI making a big song and dance about unlocking that phone (which they did unlock by themselves, btw) was about trying to force Apple into allowing TLA backdoors via the court of public opinion.
