“iPhone passcodes can be bypassed using just £75 ($100) of electronic components, research suggests,” BBC News reports. “A Cambridge computer scientist cloned iPhone memory chips, allowing him an unlimited number of attempts to guess a passcode.”
“The work contradicts a claim made by the FBI earlier this year that this approach would not work. The FBI made the claim as it sought access to San Bernardino gunman Syed Rizwan Farook’s iPhone,” The Beeb reports. “Dr Sergei Skorobogatov, from the University of Cambridge computer laboratory, has spent four months building a testing rig to bypass iPhone 5C pin codes. In a YouTube video, Dr Skorobogatov showed how he had removed a Nand chip from an iPhone 5C – the main memory storage system used on many Apple devices.”
“He then worked out how the memory system communicated with the phone so he could clone the chip,” The Beeb reports. “He then worked out how the memory system communicated with the phone so he could clone the chip. And the target phone was modified so its Nand chip sat on an external board and copied versions could be easily plugged in or removed.”
“In the video, Dr Skorobogatov demonstrated locking an iPhone 5C by trying too many incorrect combinations. He then removed the Nand chip and substituted a fresh clone, which had its pin attempt counter set at zero, to allow him to keep trying different codes,” The Beeb reports. “‘Because I can create as many clones as I want, I can repeat the process many many times until the passcode is found,'” he said. Known as NAND mirroring, the technique is one FBI director James Comey said would not work on Farook’s phone.”
