The iPhone's passcode security can be beaten for just $100
Remember how Apple and the FBI clashed regarding the unlocking of San Bernadino shooter Syed Rizwan Farook's iPhone 5c some six months ago?
Apple refused to help the FBI find a way to unlock the iPhone as it believed doing so would, in Tim Cook’s words, "undermine the very freedoms and liberty our government is meant to protect". After lots of posturing from both sides, the FBI eventually found a way to crack the encryption without Apple’s help, although at a reported cost of in excess of $1 million. But now a Cambridge computer scientist says he has managed to crack the iPhone 5c’s passcode security for a lot less than that -- just $100, in fact.
Dr Sergei Skorobogatov, from the University of Cambridge computer laboratory, spent the money on building a test rig to bypass iPhone 5c pin codes.
In a short paper, Skorobogatov explains that what he did was remove the NAND flash chip (the main memory storage) of a sample phone and access its connection to the SoC. He then worked out how it communicated with the phone and cloned the chip.
As you can see in the video below, what his NAND mirroring method does is allow anyone to have potentially unlimited attempts at guessing the PIN. Each time six attempts are entered and the phone locks, Skorobogatov removes the flash chip, inserts a freshly cloned one, allowing a further six guesses, and so on.
While it works, and is cheap, it’s admittedly not an ideal solution as finding a four-digit code reportedly took him 40 hours, and a six digit code could take hundreds of hours. Still, the method could be scaled up easily enough in order to reduce the time it takes to find a code.
Skorobogatov believes his method could, with some modification, be used to crack more recent iPhone models, including the iPhone 6.