Posted on 09/20/2016 1:22:23 AM PDT by Swordmaker
IPhone (5C) passcodes can be bypassed using just £75 ($100) of electronic components, research suggests.
A Cambridge computer scientist cloned iPhone memory chips, allowing him an unlimited number of attempts to guess a passcode.
The work contradicts a claim made by the FBI earlier this year that this approach would not work.
The FBI made the claim as it sought access to San Bernardino gunman Syed Rizwan Farook's iPhone.
CHEAP TRICK
Farouk and his wife killed 14 people in the California city last December before police fatally shot them.
The FBI believed his iPhone 5C contained information about collaborators, but its security system prevented easy access.
The agency pressured Apple to give it a software backdoor into the phone, and, when it refused, reportedly paid $1m to a security company to retrieve data from the phone.
Now, Dr Sergei Skorobogatov, from the University of Cambridge computer laboratory, has spent four months building a testing rig to bypass iPhone 5C pin codes.
In a YouTube video, Dr Skorobogatov showed how he had removed a Nand chip from an iPhone 5C - the main memory storage system used on many Apple devices.
(Excerpt) Read more at bbc.com ...
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
FBI overpaid $999,900 to crack San Bernardino iPhone 5c password
Hacker brews fast NAND mirroring prototype for $100.
University of Cambridge senior research associate Sergei Skorobogatov has laid waste to United States Federal Bureau of Intelligence (FBI) assertions about iPhone security by demonstrating password bypassing using a $100 NAND mirroring rig.
FBI director James Comey made the claim during the agency's bid to defeat the password lock screen protection on the San Bernardino shooter's iPhone 5c.
The hacking effort erupted into a sparring match between the FBI and Apple, after the agency asked Cupertino to bypass the device's password protection. The agency reportedly paid a security firm more than US$1 million to concoct a bypass for the device.
Forensics expert Jonathan Zdziarsk first flagged NAND mirroring as an option to defeat iPhone password protection and the security controls that would erase device data if the wrong codes were entered 10 times.
Skorobogatov built a working prototype demonstrating how NAND mirroring could work using off-the-shelf components for an updated iPhone 5c, revealing a password in about 24 hours.
The researcher spent four months of part-time work to successfully remove the iPhone 5c NAND memory chip, cloning it so he could launch brute-force attacks against the password control.
Skorobogatov says his work is the first public demonstration of a working NAND mirroring prototype and show the FBI's claims on the technique "were ill-advised".
"[It] was achieved by desoldering the NAND flash chip of a sample phone in order to physically access its connection to the system-on-a-chip and partially reverse engineering its proprietary bus protocol," Skorobogatov says in the paper The bumpy road towards iPhone 5c NAND mirroring [PDF].
"The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors.
"By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts."
The attacks could also work against iPhone 6 with more sophisticated hardware, Skorobogatov says.
He found Apple employed security-through-obscurity rather than "fully thought through" hardening in its protection against NAND mirroring attacks.
Skorobogatov says his set up could help Apple and others find hardware security problems and reliability issues, citing his discovery that some NAND chips from broken iPhone 5c main boards had specific blocks that had failed due to excessive rewriting.
"This might happen because of a bug in Flash memory wear-leveling algorithm as it was implemented in software," he says. ®
No, the iPhone 6 is not susceptible to this as Skorobogatov suggests. . . The four chips that are part of the system of protection are inter-registered to each other and will not work if removed at all. They must be re-registered for the iPhone to ever reboot again. The pass code is NOT stored on the NAND but rather in a special memory area in the Secure Enclave which is unreadable from any external device. . . and removing it to try what Skorobogatov has done on the iPhone 5C will deregister it from the other three. Ergo, it will not work.
I have a quick question. Thank-you for your response.
Is most of the “hacking” taking place now against anything Apple is now coming from pro hackers from other countries or is it still the neighborhood rebel teen?
Pros are the big business nowadays. There are still a lot of amateurs out there, but they are operating in a different space, and most probably barely qualify as ‘amateur’.
So, on the one hand, you have state and state sponsored outfits trying to hack out info to gain intel and embarrass their overseas competition, and the others who are in it for the money, and account information.
On the other hand, you have outfits like anon who are in it for the “lulz” and celebrity pictures, etc.
Billy in Mom’s basement is most likely hooked into 4chan/anon and looking for some ... you get the idea.
At least, that's my story, and I'm stickin' to it.
What Apple has always been doing in security is far beyond the level that rebel teens or average hackers could break. The people attacking it are pros, working at either nation-state level or for university level stage with quite a lot of backing, usually working with older, already revealed vulnerabilities that MAY have been found by amateurs who lack the sophistication to weaponize them.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.