BBC News reports:
IPhone passcodes can be bypassed using just £75 ($100) of electronic components, research suggests.
A Cambridge computer scientist cloned iPhone memory chips, allowing him an unlimited number of attempts to guess a passcode.
The work contradicts a claim made by the FBI earlier this year that this approach would not work.
The FBI made the claim as it sought access to San Bernardino gunman Syed Rizwan Farook’s iPhone.
You’ll remember, of course, that the FBI paid over $1.3 million to hack into Farook’s iPhone 5c.
So, being told that they could have done it for just $100 has must smart a little, and may raise some eyebrows in the accounts department…
The BBC News report is based upon a newly-published paper by Dr Sergei Skorobogatov, who describes how the iPhone 5c’s NAND flash chip could be removed, and its data cloned onto another chip to bypass the limit on passcode retries… with no risk of the original data being wiped.
Skorobogatov says that the parts needed for the exercise are “low cost and were obtained from local electronics distributors,” and made a video of the attack in action:
It’s impressive that Skorobogatov has done this, but it’s not a huge surprise to many in the security community who have been mooting just such a method for months.
iOS researcher Jonathan Zdziarski, for instance, put together a simple demo of how a NAND mirroring attack could allow for unlimited passcode attempts way back in March during the FBI/Apple kerfuffle.
Zdziarski even made a couple of videos of the NAND mirroring concept in action.
Unlike Skorobogatov, Zdziarksi didn’t rip the NAND chip out of one of his iPhones but instead proves the concept of the attack would work with help from a jailbreak.
Zdziarksi found that he was able to enter multiple passcodes, without any risk that the device would wipe itself automatically or introduce any additional time delays between unlocking attempts.
Which begs the question why the FBI felt the need to threaten Apple into building a backdoor to grant them access into Farook’s iPhone, and why they spent over a million dollars doing something that researchers believed (and have now proved) could be done much more cheaply?
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
3 comments on “Bypass an iPhone 5c’s passcode lock for $100”
Thanks for posting – Now Apple can/will counter-measure.
But they can't, that's the point. And the 5 series are no longer being manufactured.
It's a hardware problem that can't be fixed by software.
From the 6S onwards it's more difficult but the simple solution is to use a complex passcode.
So not market forces in action? Perhaps the company that put the backdoor in had charged what they could get away with rather then what the job is worth.