*That* iPhone is back in the news again. You remember, the one that caused a lot of fuss some months ago.
This time it’s neither Apple nor the FBI drawing the attention of people but rather a researcher allegedly proving that it was possible to recover the contents of the iPhone using less than $100 dollars worth of kit, some knowledge of NAND mirroring* and a little perseverance.
(*To be fair there’s quite a bit more knowledge required to pull this off but for the sake of brevity the key here is the NAND mirroring technique.)
Just like security experts said was possible but the FBI said couldn’t be done.
Enter University of Cambridge researcher Sergei Skorobogatov, who describes the method in detail in his paper and demonstrates in his Youtube video:
So, how was it done?
At the risk of oversimplifying – for those interested, the details are available in the paper – the technique Skorobogatov developed to accomplish the task worked like this.
First, Skorobogatov had to get his hands on some hardware. He needed at least two iPhones since the source device would likely get destroyed in the process. The second device would be used in the final step. These could be acquired from eBay or other online resellers, since this model is no longer manufactured.
Skorobogatov also needed some additional NAND chips which can either be bought individually or acquired from yet more iPhones.
Next the source NAND chip needed to be removed from the device. A custom harness was built to allow communication with this chip.
Before cloning the chip it’s important to understand how the NAND chip communicates with the hardware and software it’s tethered to. This required an intermediary board and logic analyzer, as iPhones use a mix of standard and proprietary communication protocols.
Once someone understands how to talk to the chip, they can send it commands like: read, write erase.
Next it’s time to start cloning. Using the original chip as the source and his spare chip(s) as his destination(s) it was possible for Skorobogatov to make reliable, bit-perfect copies of the original chip.
In the paper Skorobogatov explains how he ran into some issues creating the initial clones, which could have severely limited the of practicality of this technique. However, through deeper analysis and modifications, he was able to solve this crucial issue.
Finally it was time to test his work. Skorobogatov took the cloned chip, plugged it into the test device, booted the device and started typing passcodes.
Is this technique feasible?
Let’s first address the lockout issue. Using the process of chip cloning it’s possible to get around the lockout thresholds by continuously resetting the “test” chip. If you have more than one chip at your disposal you could alternately flash-and-test to make the process go quicker.
Passcode length then becomes the next hurdle. A 4-digit passcode (10^4 possible combinations) would certainly be faster to crack than a 6-digit (10^6 possible combinations).
In his paper, Skorobogatov estimates that cracking a 4-digit passcode would take approximately 20 hours versus 3 months for a 6-digit passcode – both of which could be dramatically reduced with some of the automation proposed in the paper.
In reality those are very achievable timeframes and this technique is quite feasible.
Incidentally, if we all follow NISTs new digital authentication guidelines, that effort exponentially rises to 27.8 years for an 8-digit passcode or 1,715,633,511.66 years for an 8-character complex passphrase!
There are some limitations pointed out in the paper that deal with limiting the amount of mechanical wear and tear on the equipment and physical wear of the chips themselves. Fortunately these limitations can be mitigated.
In the end
Ultimately no backdoor was needed. And we all know how we feel about backdoors.
With a little elbow grease, the phone’s contents could have been retrieved without all the drama and all the headlines.
Bob Gustin
Wouldn’t it be easier to modify the phone’s firmware to eliminate the password check?
Damon Schultz
ren’t the contents encrypted using the passcode as the key?
TonyG
Knowing Sergei from when I managed an R&D project he was in, I don’t doubt that he can do what he claimed. And I also suspect that applying some of the tricks from that project could probably reduce the time to crack the password as well.
Larry M
Wasn’t this published on Naked Security yesterday, too?
Paul Ducklin
If an article is popular, and was published close to the deadline for the newsletter on day X, we sometimes add it to the newsletter on day X+1 as well. It doesn’t mean the article has been *published* again – there is still just one copy on Naked Security – but merely that it was listed again.
(When this happens you will generally notice that it was at the top of the list on day X and at the bottom on day X+1.)
Larry M
The article glosses over the rather high-tech equipment involved: hot air tool to remove surface-mount chips from the phone, reflow oven to remount the chips on test cards for the analysis, logic analyzer to decode the protocols and data, etc. The researcher probably had $100,000 worth of equipment at his disposal.
roy jones jr
University of Cambridge. Because of course, right? 8D