FBI Was Wrong - Hacking San Bernardino Shooter's iPhone Was Possible

Information technology's been over half dozen months since the FBI first ordered Apple to assistance bypass encryption on the iPhone 5c that belonged to the San Bernardino shooter. The bureau eventually paid over $1 million to an unidentified party to get access to the contents. A security researcher has now demonstrated how information technology was possible to bypass iOS passcode limit for less than $100.

Apple tree vs FBI encryption boxing: "FBI was defective in its research and due diligence"

When forcing Apple to help the agency, FBI had claimed it had no other way of accessing device contents. The FBI tried to convince a judge to force Apple tree to create a backstairs to the passcode-protected iPhones. Apple tree refused. During the menstruum when this battle between Apple tree and FBI was sending shockwaves through the industry, many forensic experts suggested a NAND mirroring technique to the FBI. James Comey, FBI's director, said during a press conference that the technique would not work. "I don't experience defensive. I practice experience strongly when someone accuses the Department of Justice or the FBI of existence dishonest. That is something that cannot be let to lie, to sit there," Comey had said in reply to a reporter'due south question.

While the agency did manage to hack into the shooter'due south iPhone 5c using undisclosed techniques, it reportedly had to pay over $i meg to an unidentified third-party

Now, Cambridge Academy security researcher Sergei Skorobogatov has published a newspaper detailing the technique. Proving the agency wrong, Skorobogatov has demonstrated the technique does indeed work with an iPhone 5c. Despite the FBI'southward claims that technique does not work, Skorobogatov just had to use store-bought equipment to create copies of the phone's flash memory to generate more attempts to guess the passcode. "Because I can create as many clones as I want, I tin echo that process many, many times," he said in a video.

iPhone 5c NAND mirroring

Skorobogatov has provided a working prototype on how to pull off this hack using merely off-the-shelf components. The hack was tested on an iPhone 5c running iOS ix.3.

Total scan of all possible 4-digit passcodes will take about twoscore hours or less than two days

Susan Landau, a faculty fellow member in the Worcester Polytechnic Plant Department of Social Science and Policy Studies commented that constabulary enforcement needs to improve its cyber security expertise.

"The moral of the story? Information technology'southward not, as the FBI has been requesting, a beak to brand it easier to access encrypted communications, as in the proposed revised Burr-Feinstein bill. Such "solutions" would make us less secure, not more so. Instead we need to increase police enforcement's capabilities to handle encrypted communications and devices," Landau noted.

Jonathan Zdziarski, a noted iPhone forensics and security expert, said that the latest demonstration "actually shows the FBI was lacking in its research and due diligence." "Setting the precedent was more important than doing the research."

Source [PDF]

Source: https://wccftech.com/expert-proves-fbi-wrong/

Posted by: romeroforer1992.blogspot.com

Share this post