It turns out the FBI could have beaten Apple’s ten-try limit to unlock the San Bernardino shooter’s iPhone 5c using cheap and easily available tools.
A researcher from Cambridge University in the UK has provided the first demonstration of a technique called "NAND mirroring" that would have taken no more than two days to beat Apple's security measure in the iPhone 5c.
In doing so, the researcher has proved the FBI didn’t need Apple to provide a special version of iOS -- a backdoor -- to overcome the password retry limit to unlock the iPhone 5c of San Bernardino shooter, Syed Farook.
The FBI claimed only Apple could help it unlock the iPhone and obtained a court order requiring it build what Apple called “GovOS”. By February, the FBI declared it had found an alternative route but never revealed what it was.
iPhone forensic expert Jonathan Zdziarski said at the time that the most likely of several available options, such as buying an iOS exploit, was NAND Mirroring.
NAND is a type of Flash memory and mirroring is a technique used in standard disaster recovery and backup systems.
“This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip,” Zdziarski wrote.
He compared it to “cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, they’re trying different pin combinations.”
The FBI in March, after quitting its attempt to force Apple’s hand, denied NAND mirroring worked. Zdziarski then built a software-based demonstration to show that it would work on an iOS 9 device. Still, it didn’t show the hardware-based attack the FBI would use.
This week, Sergei Skorobogatov, a researcher from the University of Cambridge’s Computer Laboratory, published a paper that details exactly the technique the FBI could have used, which he described as a “real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9.”
“This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol,” writes Skorobogatov.
While he says there were numerous pitfalls and traps, his successful attack was achieved with cheap, off-the-shelf equipment. “All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts,” he wrote.
Skorobogatov points out that data mirroring is widely used in disaster recovery systems, such as in standard RAID systems. After pulling apart the iPhone 5c, the process involved backing up its NAND storage to another NAND chip, which was used to restore data in the original NAND chip after several password attempts.
“The process of NAND mirroring is relatively simple,” explains Skorobogatov “Once the backup copy is created and verified, the original chip is plugged back into the iPhone 5c. After the power up, which takes about 35 seconds, we enter the passcode 6 times. Then the phone is powered down by holding the power button and sliding the power off message.”
“Once the phone is powered up and the screen is slid the passcode can be entered six times until the delay of one minute is introduced again. Then the process of mirroring from backup can be repeated again and again until the correct passcode is found. On average each cycle of mirroring for six passcode attempts takes 90 seconds. Hence, a full scan of all possible 4-digit passcodes will take about 40 hours or less than two days.”
As Skorobogatov notes, it’s pretty hard explaining on paper exactly how the attack works, so he made a video demonstrating the attack, which is shown below.
Susan Landau, a security researcher at the Worcester Polytechnic Institute Department of Social Science and Policy Studies, said Skorobogatov’s work showed the FBI should, instead of pushing for dangerous mandated backdoors, boost their own security capabilities.
“We need to increase law enforcement's capabilities to handle encrypted communications and devices. This will also take more funding as well as redirection of efforts. Increased security of our devices and simultaneous increased capabilities of law enforcement are the only sensible approach to a world where securing the bits, whether of health data, financial information, or private emails, has become of paramount importance,” she wrote on the LawFare blog.