iPhone passcode bypassed with NAND mirroring attack

Enlarge (credit: Sergei Skorobogatov/YouTube)

Passcodes on iPhones can be hacked using store-bought electronic components worth less than $100 (£77), according to one Cambridge computer scientist.

Sergei Skorobogatov has demonstrated that NAND mirroring—the technique dismissed by James Comey, the director of the FBI, as unworkable—is actually a viable means of bypassing passcode entry limits on an Apple iPhone 5C. What's more, the technique, which involves soldering off the phone's flash memory chip, can be used on any model of iPhone up to the iPhone 6 Plus, which use the same type of LGA60 NAND chip. Later models, however, will require "more sophisticated equipment and FPGA test boards."

In a paper he wrote on the subject, Skorobogatov, a Russian senior research associate at the Cambridge Computer Laboratory's security group, confirmed that "any attacker with sufficient technical skills could repeat the experiment," and while the technique he used is quite fiddly, it should not present too much of an obstacle for a well-resourced branch of law enforcement.

Read 13 remaining paragraphs | Comments

Like iOS 5? Thank a Hacker

Apple fans hypnotized by their shiny new iPhones and mobile operating systems owe thanks, in part, to the work of jailbreakers whom Apple once said would destroy its business model.

That’s because the new iPhone 4S launched Friday and its new iOS 5 mobile-operating system’s Wednesday roll-out likely never would have come to fruition if Apple’s protests over legalizing phone tinkering had been heeded.

Judging by Apple’s own words, the iPhone should be defunct by now because of the U.S. Copyright Office’s decision last year legalizing mobile-phone hacking, known as jailbreaking.

That’s what the gadget maker told the Copyright Office in 2009 — when Apple shares were $127 — as it lobbied against calls by the Electronic Frontier Foundation to legalize jailbreaking.

Now the blockbuster iOS 5 incorporates some of the great hacks introduced by jailbreakers who modified unlocked iPhones when doing so was illegal. Among others, those hacks include pulldown notifications, home-screen camera access and wireless syncing.

Greg Joswiak, Apple’s iPhone marketing czar, publicly claimed in 2009 when iOS 3.0 was the rage that legalizing jailbreaking would gut its business strategy.

“This would severely limit our ability to continue what we are doing as well as innovate for the future,” Joswiak told the U.S. Copyright Office during a public hearing on the issue.

Thankfully for Apple the government sided with the tinkerers.

Jailbreaking — and there’s plenty of jailbreak hacks out there for all manners of smart phones — allows users to tweak a phone’s operating system and also run apps not included in official app stores.

Two years after Joswiak’s comments, Apple’s stock closed Friday at $422, an all-time high. Its iPhone sales have mushroomed from 30 million units sold to 129 million. Analysts expect 4 million iPhone 4Ses to be sold this weekend alone.

What’s more, 1 billion apps from Apple’s iTunes had been downloaded when Joswiak uttered his statement. Now, more than 18 billion apps have been downloaded, and Apple predicts 1 billion app downloads a month.

The Digital Millennium Copyright Act forbids circumventing encryption technology to copy or modify copyrighted works — in this instance encryption protecting the bootloader connected to the iOS operating system itself. The Copyright Office granted an exemption to the law (.pdf) for mobile phones thanks to the petition filed by the EFF.

That said, performing a similar hack on videogame consoles remains a civil or criminal offense, and prosecutors have gone after hackers for simply modifying hardware so it can run unsigned code.

But every three years the Copyright Office entertains proposals for DMCA exemptions, and the next round is right around the corner.

It’s clear that jailbreakers promote innovation as they exercise their freedom to tinker. Now it’s time for videogame-console modding to get an exemption too.

Photo: patrick h. lauke/Flickr