https://apple.slashdot.org/story/16/09/17/0434213/how-the-fbi-mightve-opened-the-san-bernardino-shooters-iphone-5c
https://arxiv.org/abs/1609.04327

"Remember the San Bernardino killer's iPhone, and how the FBI
maintained that they couldn't get the encryption key without Apple
providing them with a universal backdoor?" quotes Bruce Schneier: Many
of us computer-security experts said that they were wrong, and there
were several possible techniques they could use. One of them was
manually removing the flash chip from the phone, extracting the
memory, and then running a brute-force attack without worrying about
the phone deleting the key. The FBI said it was impossible. We all
said they were wrong. Now, Sergei Skorobogatov has proved them wrong.
Sergei's new paper describes "a real world mirroring attack on the
Apple iPhone 5c passcode retry counter under iOS 9." The process does
not require any expensive and sophisticated equipment. All needed
parts are low cost and were obtained from local electronics
distributors. By using the described and successful hardware mirroring
process it was possible to bypass the limit on passcode retry
attempts... Although the process can be improved, it is still a
successful proof-of-concept project.

Reply via email to