One computer scientist from Cambridge University may have showed that the FBI might have paid in excess to unlock the iPhone of Syed Farook, the San Bernardino shooter, after he managed to bypass the passcode with only store bought kits which had cost him $100.
Using a technique known as NAND mirroring in tech circles, Sergei Skorobagatov, managed to break into the phone. The weird part is that the technique had been dismissed by the FBI director, James Comey as an unworkable design for breaking into iPhone models, let alone the iPhone 5C. However, Sergei outlined his attack method in a YouTube video and also in a paper.
The method that he focused on is reliant on bypassing the password limit retry attempts. Usually there are six incorrect password attempts before a phone is locked. If users can manage to eliminate the restriction then they can get as many password attempts as they can. Therefore they can run various different combinations before the phone actually unlocks.
To be able to do this, Sergei soldered the NAND chip from the phone, which is the main storage memory for most Apple devices. He managed to reverse engineer the memory system’s communication with the phone before he cloned a version of the chip with the password attempt counter now saying zero.
In his video, he explained because of his ability to create as many clones as possible, he could therefore try as many password attempts as he wanted. For each six password attempts, there is a 90-second gap, which means to do all the potential 10,000 codes would take roughly 40 hours, just under 2 days. Six digit codes would obviously take longer.
The kit that he used to do the trick can be easily bought on eBay, Amazon or Alibaba. It costs about $100. He also wrote that such a technique would also be useful for the iPhone 6s and 7 models, though because of their hardware more sophisticated hardware would be needed.
Back in April, Comey had revealed that the agency had paid $1.3 million to a third party that helped to hack into the iPhone 5C for Farook. At the time he said the move was worth it.
The issue had risen after Apple had declined to help the agency create a backdoor to the iPhone noting that the resolution would set a dangerous precedent, and if the technology was in the wrong hands, it would lead to destruction.
The agency then decided to take Apple to court where the issue continued until the FBI dropped the case because they had found third party help. Apple was fighting the case with the help of legal and PR Company and was also supported by some of the technology companies who did not support FBI measures.
At the time, Comey said that they had considered many techniques including Sergei’s NAND mirroring approach. The agency eventually paid $1.3 million to the third party software company, which has not been disclosed ever since. Security researcher, Susan Landau said Sergei had managed to do something that the FBI had said was impossible.