It's been over six months since the FBI first ordered Apple to help bypassencryption on the iPhone 5c that belonged to the San Bernardino shooter. The agencyeventually paid over $1 million to an unidentified partyto get access to the contents. Asecurity researcher has now demonstrated how it was possible to bypass iOS passcode limit for less than $100.

Apple vs FBI encryption battle:"FBI was lacking in its research and due diligence"

When forcingApple to help the agency, FBI had claimed it had no other way of accessing device contents. The FBI tried to convince a judge to force Apple to create a backdoor to the passcode-protected iPhones. Apple refused. During the period when this battle between Apple and FBI was sending shockwavesthrough the industry, many forensic experts suggested a NAND mirroring technique to the FBI. James Comey, FBI's director, said during a press conference that the technique would not work. "I don't feel defensive. I do feel strongly when someone accuses the Department of Justice or the FBI of being dishonest. That is something that cannot be let to lie, to sit there," Comey had said in reply to areporter's question.

While the agency did manage to hack into the shooter's iPhone 5c using undisclosedtechniques, it reportedly had to pay over $1 millionto an unidentifiedthird-party

Now, Cambridge University security researcher Sergei Skorobogatov has published a paper detailing the technique. Proving the agency wrong,Skorobogatov has demonstrated the technique does indeed workwith an iPhone 5c. Despite the FBI's claims that technique does not work,Skorobogatov only had to use store-bought equipment to create copies of the phone's flash memory to generate more attempts to guess the passcode. "Because I can create as many clones as I want, I can repeat that process many, many times,” he saidin a video.

iPhone 5c NAND mirroring

Skorobogatov has provided a working prototype on how to pull off this hack using only off-the-shelf components. The hack was tested on an iPhone 5c running iOS 9.3.

Full scan of all possible 4-digit passcodes will take about 40 hours or less than two days

Susan Landau, a faculty member in the Worcester Polytechnic Institute Department of Social Science and Policy Studies commented that law enforcement needs to improve its cyber security expertise.

"The moral of the story? It's not, as the FBI has been requesting, a bill to make it easier to access encrypted communications, as in the proposed revisedBurr-Feinstein bill. Such "solutions" would make us less secure, not more so. Instead we need to increase law enforcement's capabilities to handle encrypted communications and devices," Landau noted.

Jonathan Zdziarski, a noted iPhone forensics and security expert, said that the latest demonstration "really shows the FBI was lacking in its research and due diligence." "Setting the precedent was more important than doing the research."

Source[PDF]