The Apple vs. FBI fight over breaking the encryption of the San Bernardino iPhone was one of the most important news topics of the beginning of the year. Ultimately Apple won, as it didn’t have to create a backdoored version of iOS that would let the FBI spy on that iPhone 5c that belonged to one of the San Bernardino shooters. The FBI won too, as it bought an iPhone hack for more than $1.3 million that let it bypass the password that protects the lockscreen of iPhones.
During the debate, the FBI shot down one iPhone hack solution that would not involve Apple. Researchers proposed that the FBI would simply dismantle the iPhone, remove the NAND memory that contains the encrypted data, clone that memory, and then brute force their way into it.
That way, the FBI would be able to try out all the possible password combinations without triggering any of the safety mechanisms Apple built into iOS, to prevent such spying techniques. The FBI dismissed the method and chose to pursue other avenues.
The iPhone is encrypted only as long as it’s protected by a password. Once you discover it, you can access all the data on it.
The disadvantages of this proposed iPhone hack are that the NAND memory might be destroyed while it’s unsoldered from the iPhone’s main board. Secondly, entering all possible password combinations would take hours (for 4-character PINs) or months (for 6-character PINs)
But the method does work, and a Russian professor demoed it in a YouTube video. For less than $100 in equipment, professor Cambridge computer security expert Sergei Skorobogatov proved that the method above works. He wrote a paper on the matter that explains how such an attack would work on iPhones and iPads no older than iPhone 6 Plus.
Hackers looking to break into an encrypted iPhone would certainly be able to do it if the iPhone is old enough. And intelligence agencies that have sophisticated resources at their disposal could do it even more efficiently.
Check out Skorobogatov’s video below, and read more about the attack at this link.