It's been over six months since the FBI first ordered Apple to help bypass encryption on the iPhone 5c that belonged to the San Bernardino shooter. The agency eventually paid over $1 million to an unidentified party to get access to the contents. A security researcher has now demonstrated how it was possible to bypass iOS passcode limit for less than $100.
Apple vs FBI encryption battle: "FBI was lacking in its research and due diligence"
When forcing Apple to help the agency, FBI had claimed it had no other way of accessing device contents. The FBI tried to convince a judge to force Apple to create a backdoor to the passcode-protected iPhones. Apple refused. During the period when this battle between Apple and FBI was sending shockwaves through the industry, many forensic experts suggested a NAND mirroring technique to the FBI. James Comey, FBI's director, said during a press conference that the technique would not work. "I don't feel defensive. I do feel strongly when someone accuses the Department of Justice or the FBI of being dishonest. That is something that cannot be let to lie, to sit there," Comey had said in reply to a reporter's question.
While the agency did manage to hack into the shooter's iPhone 5c using undisclosed techniques, it reportedly had to pay over $1 million to an unidentified third-party
Now, Cambridge University security researcher Sergei Skorobogatov has published a paper detailing the technique. Proving the agency wrong, Skorobogatov has demonstrated the technique does indeed work with an iPhone 5c. Despite the FBI's claims that technique does not work, Skorobogatov only had to use store-bought equipment to create copies of the phone's flash memory to generate more attempts to guess the passcode. "Because I can create as many clones as I want, I can repeat that process many, many times,” he said in a video.
iPhone 5c NAND mirroring
Skorobogatov has provided a working prototype on how to pull off this hack using only off-the-shelf components. The hack was tested on an iPhone 5c running iOS 9.3.
Full scan of all possible 4-digit passcodes will take about 40 hours or less than two days
Susan Landau, a faculty member in the Worcester Polytechnic Institute Department of Social Science and Policy Studies commented that law enforcement needs to improve its cyber security expertise.
"The moral of the story? It's not, as the FBI has been requesting, a bill to make it easier to access encrypted communications, as in the proposed revised Burr-Feinstein bill. Such "solutions" would make us less secure, not more so. Instead we need to increase law enforcement's capabilities to handle encrypted communications and devices," Landau noted.
Jonathan Zdziarski, a noted iPhone forensics and security expert, said that the latest demonstration "really shows the FBI was lacking in its research and due diligence." "Setting the precedent was more important than doing the research."
Source [PDF]
