Researcher Shows Simple iPhone Hack FBI Said Couldn’t Be Done
Sergei Skorobogatov of the University of Cambridge in the UK has published new research detailing a technique that the FBI has ruled out as a viable method of bypassing the iOS passcode limit on San Bernardino’s shooter iPhone.
At the start of the year, several security researchers proposed that the FBI use a technique called NAND mirroring to clone the phone’s memory as many times as they want and try all the passcodes they want, until they discover the one that unlocks the phone.
The FBI said NAND mirroring wouldn’t work
After the FBI abandoned any legal measures to force Apply to help it crack the San Bernardino shooter’s phone, FBI Director James Comey said the agency would seek a way to hack the device using other means.
In a press conference on March 24, Comey said the NAND mirroring technique doesn’t work, and several weeks later they announced they paid $1 million to a private company to hack the device.
In his researcher, Skorobogatov shows that the FBI wasn’t only wrong in its assessment of NAND mirroring, but spent $1 million of taxpayers’ funds on something that it could have gotten for a few hundred dollars, the cost of the off-the-shelf equipment he used for his tests. Read more:
According to Fortune, New paper revives controversy from trying to crack iPhone used by San Bernardino terrorist.
Earlier this year, the FBI sparked a major controversy by seeking to force Apple to develop hacking tools for breaking into iPhones. Ultimately, the bureau backed down and found another, rather expensive way to hack into the particular iPhone in question, which had been used by one of the San Bernardino terrorists.
At the time, some security experts suggested an easier way for the FBI to bypass the iPhone’s security measures. The FBI said the technique, which involved removing the phone’s memory chip that stored user data, wouldn’t work.
But now one of those experts has written a paper demonstrating just how easily the technique could have been used. University of Cambridge researcher Sergei Skorobogatov says he was able to bypass the security measures that bedeviled the FBI, including the phone’s limit of 10 incorrect PIN code guesses that, if reached, would cause all data on it to be deleted.
“The process does not require any expensive and sophisticated equipment,” Skorobogatov writes. “All needed parts are low-cost and were obtained from local electronics distributors.”
The paper is embarrassing news for the FBI, which set off a big debate over security, civil liberties, and encryption policy in its showdown with Apple. But the technique is also bad news for Apple and iPhone owners, who now know that their most private information stored on the device could be hacked, albeit only under very specific circumstances.
Skorobogatov included much of the instructions for cracking the iPhone’s NAND memory chip in his paper, including detailed photographs. However, he did not describe the entire process of extracting data from the phone’s storage chip. “A video of the working proof-of-concept demonstration for this NAND mirroring process will be placed on the Internet,” he wrote.
Paper shows how to crack an iPhone
A section of security researcher Sergei Skorobogatov’s paper on cracking an iPhone.
Screen shot
For some experts who opposed the FBI’s arguments in its Apple showdown, the paper also demonstrated the folly of a policy law enforcers sought following the controversy. Senators Richard Burr, Republican from North Carolina, and Dianne Feinstein, a California Democrat, are reportedly trying to revive their bill which would force smartphone companies like Apple AAPL 2.99% to put a backdoor into all encrypted systems to allow law enforcement access if needed. Apple along with many tech, banking and security groups, opposed the bill on the grounds that the backdoor could also be exploited by criminals.
Now that Skorobogatov has shown a way for law enforcement to crack iPhones that they have already seized, backdoors aren’t needed, according to Susan Landau, a professor at the Worcester Polytechnic Institute Department.
The Burr-Feinstein approach “would make us less secure, not more so,” Landau wrote in a blog post on Thursday. “Instead we must increase law enforcement’s capabilities to handle encrypted communications and devices. This will also take more funding as well as redirection of efforts.”
