“iPhone passcodes can be bypassed using just £75 ($100) of electronic components, research suggests,” BBC News reports. “A Cambridge computer scientist cloned iPhone memory chips, allowing him an unlimited number of attempts to guess a passcode.”
“The work contradicts a claim made by the FBI earlier this year that this approach would not work. The FBI made the claim as it sought access to San Bernardino gunman Syed Rizwan Farook’s iPhone,” The Beeb reports. “Dr Sergei Skorobogatov, from the University of Cambridge computer laboratory, has spent four months building a testing rig to bypass iPhone 5C pin codes. In a YouTube video, Dr Skorobogatov showed how he had removed a Nand chip from an iPhone 5C – the main memory storage system used on many Apple devices.”
“He then worked out how the memory system communicated with the phone so he could clone the chip,” The Beeb reports. “He then worked out how the memory system communicated with the phone so he could clone the chip. And the target phone was modified so its Nand chip sat on an external board and copied versions could be easily plugged in or removed.”
“In the video, Dr Skorobogatov demonstrated locking an iPhone 5C by trying too many incorrect combinations. He then removed the Nand chip and substituted a fresh clone, which had its pin attempt counter set at zero, to allow him to keep trying different codes,” The Beeb reports. “‘Because I can create as many clones as I want, I can repeat the process many many times until the passcode is found,'” he said. Known as NAND mirroring, the technique is one FBI director James Comey said would not work on Farook’s phone.”
Read more in the full article here.
MacDailyNews Take: Well, if Lyin’ Comey said it, it must not be true. No research required.
Dr. Skorobogatov’s research report is here.
FBI Director Comey calls for national talk over encryption vs. safety – August 8, 2016
Feckless FBI unable to unlock iPhone, even with a ‘fingerprint unlock warrant’ – May 12, 2016
FBI’s Comey says agency paid more than $1 million to access San Bernadino iPhone – April 21, 2016
Nothing significant found on San Bernardino’s terrorist’s iPhone – April 14, 2016
FBI director confirms hack only works on older iPhones that lack Apple’s Secure Enclave – April 7, 2016
Apple responds to FBI: ‘This case should have never been brought’ – March 29, 2016
Zdziarski’s take on the FBI’s ‘alternative’ method – March 23, 2016