Bypass an iPhone 5c’s passcode lock for $100

Which is a lot cheaper than the $1.3 million the FBI paid.

Graham Cluley
Graham Cluley
@[email protected]

Bypass an iPhone's passcode lock for $100

BBC News reports:

IPhone passcodes can be bypassed using just £75 ($100) of electronic components, research suggests.

A Cambridge computer scientist cloned iPhone memory chips, allowing him an unlimited number of attempts to guess a passcode.

Sign up to our free newsletter.
Security news, advice, and tips.

The work contradicts a claim made by the FBI earlier this year that this approach would not work.

The FBI made the claim as it sought access to San Bernardino gunman Syed Rizwan Farook’s iPhone.

You’ll remember, of course, that the FBI paid over $1.3 million to hack into Farook’s iPhone 5c.

So, being told that they could have done it for just $100 has must smart a little, and may raise some eyebrows in the accounts department…

The BBC News report is based upon a newly-published paper by Dr Sergei Skorobogatov, who describes how the iPhone 5c’s NAND flash chip could be removed, and its data cloned onto another chip to bypass the limit on passcode retries… with no risk of the original data being wiped.

Skorobogatov says that the parts needed for the exercise are “low cost and were obtained from local electronics distributors,” and made a video of the attack in action:

Demonstration of iPhone 5c NAND mirroring

It’s impressive that Skorobogatov has done this, but it’s not a huge surprise to many in the security community who have been mooting just such a method for months.

iOS researcher Jonathan Zdziarski, for instance, put together a simple demo of how a NAND mirroring attack could allow for unlimited passcode attempts way back in March during the FBI/Apple kerfuffle.

Zdziarski even made a couple of videos of the NAND mirroring concept in action.

Unlike Skorobogatov, Zdziarksi didn’t rip the NAND chip out of one of his iPhones but instead proves the concept of the attack would work with help from a jailbreak.

Zdziarksi found that he was able to enter multiple passcodes, without any risk that the device would wipe itself automatically or introduce any additional time delays between unlocking attempts.

Which begs the question why the FBI felt the need to threaten Apple into building a backdoor to grant them access into Farook’s iPhone, and why they spent over a million dollars doing something that researchers believed (and have now proved) could be done much more cheaply?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Bypass an iPhone 5c’s passcode lock for $100”

  1. Mike

    Thanks for posting – Now Apple can/will counter-measure.

    1. Bob · in reply to Mike

      But they can't, that's the point. And the 5 series are no longer being manufactured.

      It's a hardware problem that can't be fixed by software.

      From the 6S onwards it's more difficult but the simple solution is to use a complex passcode.

  2. Jim

    So not market forces in action? Perhaps the company that put the backdoor in had charged what they could get away with rather then what the job is worth.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.