The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
FBI overpaid $999,900 to crack San Bernardino iPhone 5c password
Hacker brews fast NAND mirroring prototype for $100.
University of Cambridge senior research associate Sergei Skorobogatov has laid waste to United States Federal Bureau of Intelligence (FBI) assertions about iPhone security by demonstrating password bypassing using a $100 NAND mirroring rig.
FBI director James Comey made the claim during the agency's bid to defeat the password lock screen protection on the San Bernardino shooter's iPhone 5c.
The hacking effort erupted into a sparring match between the FBI and Apple, after the agency asked Cupertino to bypass the device's password protection. The agency reportedly paid a security firm more than US$1 million to concoct a bypass for the device.
Forensics expert Jonathan Zdziarsk first flagged NAND mirroring as an option to defeat iPhone password protection and the security controls that would erase device data if the wrong codes were entered 10 times.
Skorobogatov built a working prototype demonstrating how NAND mirroring could work using off-the-shelf components for an updated iPhone 5c, revealing a password in about 24 hours.
The researcher spent four months of part-time work to successfully remove the iPhone 5c NAND memory chip, cloning it so he could launch brute-force attacks against the password control.
Skorobogatov says his work is the first public demonstration of a working NAND mirroring prototype and show the FBI's claims on the technique "were ill-advised".
"[It] was achieved by desoldering the NAND flash chip of a sample phone in order to physically access its connection to the system-on-a-chip and partially reverse engineering its proprietary bus protocol," Skorobogatov says in the paper The bumpy road towards iPhone 5c NAND mirroring [PDF].
"The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors.
"By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts."
The attacks could also work against iPhone 6 with more sophisticated hardware, Skorobogatov says.
He found Apple employed security-through-obscurity rather than "fully thought through" hardening in its protection against NAND mirroring attacks.
Skorobogatov says his set up could help Apple and others find hardware security problems and reliability issues, citing his discovery that some NAND chips from broken iPhone 5c main boards had specific blocks that had failed due to excessive rewriting.
"This might happen because of a bug in Flash memory wear-leveling algorithm as it was implemented in software," he says. ®
No, the iPhone 6 is not susceptible to this as Skorobogatov suggests. . . The four chips that are part of the system of protection are inter-registered to each other and will not work if removed at all. They must be re-registered for the iPhone to ever reboot again. The pass code is NOT stored on the NAND but rather in a special memory area in the Secure Enclave which is unreadable from any external device. . . and removing it to try what Skorobogatov has done on the iPhone 5C will deregister it from the other three. Ergo, it will not work.
I have a quick question. Thank-you for your response.
Is most of the “hacking” taking place now against anything Apple is now coming from pro hackers from other countries or is it still the neighborhood rebel teen?
At least, that's my story, and I'm stickin' to it.