A security researcher has demonstrated that the passcode of an iPhone can be cracked using off-the-shelf components which cost just $100 — a tiny fraction of the $1.3 million the FBI paid a third party to do the same thing in the case of an iPhone 5C belonging to the San Bernardino shooter earlier this year.
In a video posted on YouTube and an accompanying paper describing the technique, University of Cambridge associate researcher Sergei Skorobogatov showed how a four digit passcode could be revealed in less than two days using a technique known as Nand mirroring.
The technique, dismissed by FBI director James Comey as unworkable at the time of the agency’s high-profile battle with Apple, sees the memory which is used as the main storage location on iPhones cloned and the passcode counter reset to zero.
“Because I can create as many clones as I want, I can repeat the process many, many times until the passcode is found,” Skorobogatov says in the video. Each set of six guesses takes 90 seconds to complete, meaning the 10,000 possible combinations could be fully tested in just over 41 hours.
“The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors,” Skorobogatov said in the paper — entitled “The bumpy road towards iPhone 5C NAND mirroring” — suggesting all together the components could be bought online for as little as $100.
While the technique demonstrated works for all iPhones up to the iPhone 6, Skorobogatov added that with the use of more sophisticated hardware, the same technique should work for the iPhone 6s and even Apple’s brand new iPhone 7.
In April, Comey revealed that the FBI had paid an unknown group of hackers $1.3 million for a physical mechanism to unlock the iPhone 5c used by San Bernardino shooter Syed Rizwan Farook — though he admitted the FBI did not known how the mechanism worked.
VICE News, the Associated Press, and USA Today announced last week that they filed a Freedom of Information Act (FOIA) lawsuit against the FBI in federal court Friday seeking records related to the “tool” the FBI purchased.
Earlier this year Apple and the FBI waged a high profile war of words when the tech giant said it would not agree to a demand from the law enforcement agency to create a specific version of iOS which would allow access to contents of the iPhone 5C, citing security risks for the millions of iPhone users around the world.
Apple has not responded to a request for comment on the research published by Skorobogatov and whether or not it would be updating its software to try and mitigate the attack.