Bypass an iPhone 5c’s passcode lock for $100

Graham Cluley

Iphone5c thumb

Bypass an iPhone's passcode lock for $100

BBC News reports:

IPhone passcodes can be bypassed using just £75 ($100) of electronic components, research suggests.

A Cambridge computer scientist cloned iPhone memory chips, allowing him an unlimited number of attempts to guess a passcode.

The work contradicts a claim made by the FBI earlier this year that this approach would not work.

The FBI made the claim as it sought access to San Bernardino gunman Syed Rizwan Farook’s iPhone.

You’ll remember, of course, that the FBI paid over $1.3 million to hack into Farook’s iPhone 5c.

So, being told that they could have done it for just $100 has must smart a little, and may raise some eyebrows in the accounts department…

The BBC News report is based upon a newly-published paper by Dr Sergei Skorobogatov, who describes how the iPhone 5c’s NAND flash chip could be removed, and its data cloned onto another chip to bypass the limit on passcode retries… with no risk of the original data being wiped.

Skorobogatov says that the parts needed for the exercise are “low cost and were obtained from local electronics distributors,” and made a video of the attack in action:

It’s impressive that Skorobogatov has done this, but it’s not a huge surprise to many in the security community who have been mooting just such a method for months.

iOS researcher Jonathan Zdziarski, for instance, put together a simple demo of how a NAND mirroring attack could allow for unlimited passcode attempts way back in March during the FBI/Apple kerfuffle.

Zdziarski even made a couple of videos of the NAND mirroring concept in action.

Unlike Skorobogatov, Zdziarksi didn’t rip the NAND chip out of one of his iPhones but instead proves the concept of the attack would work with help from a jailbreak.

Zdziarksi found that he was able to enter multiple passcodes, without any risk that the device would wipe itself automatically or introduce any additional time delays between unlocking attempts.

Which begs the question why the FBI felt the need to threaten Apple into building a backdoor to grant them access into Farook’s iPhone, and why they spent over a million dollars doing something that researchers believed (and have now proved) could be done much more cheaply?

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Bypass an iPhone 5c’s passcode lock for $100”

    1. But they can't, that's the point. And the 5 series are no longer being manufactured.

      It's a hardware problem that can't be fixed by software.

      From the 6S onwards it's more difficult but the simple solution is to use a complex passcode.

  1. So not market forces in action? Perhaps the company that put the backdoor in had charged what they could get away with rather then what the job is worth.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.