Hardware hack defeats iPhone passcode security

IPhone passcodes can be bypassed using just £75 ($100) of electronic components, research suggests.

A Cambridge computer scientist cloned iPhone memory chips, allowing him an unlimited number of attempts to guess a passcode.

The work contradicts a claim made by the FBI earlier this year that this approach would not work.

The FBI made the claim as it sought access to San Bernardino gunman Syed Rizwan Farook’s iPhone.

Farook and his wife killed 14 people in the California city last December before police fatally shot them.

The FBI believed his iPhone 5C contained information about collaborators, but its security system prevented easy access.

The agency pressured Apple to give it a software backdoor into the phone, and, when it refused, reportedly paid $1m to a security company to retrieve data from the phone.

Now, Dr Sergei Skorobogatov, from the University of Cambridge computer laboratory, has spent four months building a testing rig to bypass iPhone 5C pin codes.

He then worked out how the memory system communicated with the phone so he could clone the chip.

And the target phone was modified so its Nand chip sat on an external board and copied versions could be easily plugged in or removed.

“Because I can create as many clones as I want, I can repeat the process many many times until the passcode is found,” he said.

Known as Nand mirroring, the technique is one FBI director James Comey said would not work on Farook’s phone.

Finding a four-digit code took about 40 hours of work, Dr Skorobogatov said.

And finding a six-digit code could potentially take hundreds of hours

Using a slightly more sophisticated set-up should make it possible to clone memory chips from other iPhones, including more recent models such as the iPhone 6.

However, Dr Skorobogatov said, more information was needed about the way Apple stored data in memory on more recent phones.

The different techniques could make it “more challenging to analyse and copy”, he added.

Apple has not responded to a request for comment on Dr Skorobogatov’s research.

Susan Landau, on the Lawfare news blog, said the work showed law enforcement agencies should not look for software backdoors to help their investigations but should develop or cultivate hardware and computer security skills.

“Skorobogatov was able to do what the FBI said was impossible,” she said

Source: BBC News

About King Alex

A simple individual that wants to make an impact

No comments yet... Be the first to leave a reply!

What Do You Think? Leave Your Reply Here!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: