Professor proves NAND mirroring attack thwarts iPhone 5c security protocols
A Cambridge computer scientist used $100 of hardware to clone an iPhone 5c's NAND memory chip in a successful attempt at bypassing the handset's encryption lock, seemingly proving correct theories lobbed in the aftermath of Apple's encryption fight with the FBI.
Source: iFixit
As reported by the BBC, University of Cambridge professor Sergei Skorobogatov worked for four months on a NAND cloning and passcode testing rig to successfully bypass the security protocols Apple built into iPhone 5c. That same phone model was at the heart of a contentious debate between Apple and the U.S. government concerning the public's right to encryption.
Last week, Skorobogatov published his findings in a research paper and posted a proof-of-concept video of the process to YouTube. In practice, the method thwarts Apple's passcode counter, which limits the number and frequency of passcode attempts to safeguard against brute force attacks. An iPhone can also be configured to wipe its onboard data cache after a certain number of unsuccessful tries.
To circumvent Apple's protections, the professor first desoldered the handset's NAND flash chip and reverse engineered Apple's proprietary bus protocol, the latter of which is used to communicate with the A6 processor. Using an external harness connected to the A6 SoC, Skorobogatov was able to run through the maximum number of passcode entry attempts on a first NAND chip, then swap in a fresh NAND clone and try again.
"Because I can create as many clones as I want, I can repeat the process many many times until the passcode is found," he said.
A four-digit passcode took about 40 hours to crack, Skorobogatov said, adding that a six-digit code could take hundreds of hours. Apple estimated similar numbers when the FBI obtained a court order forcing Apple to access an iPhone 5c tied to last year's San Bernardino terror attack.
At the time, FBI and U.S. Justice Department experts claimed unlock methods like NAND mirroring are ineffective against Apple's built-in security protocols. To gain access to potential mission critical data, Apple would need to engineer a bespoke bypass tool, the FBI said. Security researchers theorized that NAND mirroring was a viable attack vector, but cautioned against the hardware-based hack, citing a high potential for data loss.
Apple fought the U.S. government's unlock request in a highly public court battle, saying the bypass tool would undeniably create a backdoor, thereby putting millions of iOS devices at risk. Discussion ended when the FBI commissioned technology from a third party to crack into the target iPhone.
As for Skorobogatov's NAND mirroring technique, the professor says the procedure can be applied to more recent iPhone models like the iPhone 6. Those claims are questionable, however, as the iPhone 5c was the last iPhone to go into production without Touch ID and corresponding Secure Enclave technology, both of which offer hardened protection against hacks.
Source: iFixit
As reported by the BBC, University of Cambridge professor Sergei Skorobogatov worked for four months on a NAND cloning and passcode testing rig to successfully bypass the security protocols Apple built into iPhone 5c. That same phone model was at the heart of a contentious debate between Apple and the U.S. government concerning the public's right to encryption.
Last week, Skorobogatov published his findings in a research paper and posted a proof-of-concept video of the process to YouTube. In practice, the method thwarts Apple's passcode counter, which limits the number and frequency of passcode attempts to safeguard against brute force attacks. An iPhone can also be configured to wipe its onboard data cache after a certain number of unsuccessful tries.
To circumvent Apple's protections, the professor first desoldered the handset's NAND flash chip and reverse engineered Apple's proprietary bus protocol, the latter of which is used to communicate with the A6 processor. Using an external harness connected to the A6 SoC, Skorobogatov was able to run through the maximum number of passcode entry attempts on a first NAND chip, then swap in a fresh NAND clone and try again.
"Because I can create as many clones as I want, I can repeat the process many many times until the passcode is found," he said.
A four-digit passcode took about 40 hours to crack, Skorobogatov said, adding that a six-digit code could take hundreds of hours. Apple estimated similar numbers when the FBI obtained a court order forcing Apple to access an iPhone 5c tied to last year's San Bernardino terror attack.
At the time, FBI and U.S. Justice Department experts claimed unlock methods like NAND mirroring are ineffective against Apple's built-in security protocols. To gain access to potential mission critical data, Apple would need to engineer a bespoke bypass tool, the FBI said. Security researchers theorized that NAND mirroring was a viable attack vector, but cautioned against the hardware-based hack, citing a high potential for data loss.
Apple fought the U.S. government's unlock request in a highly public court battle, saying the bypass tool would undeniably create a backdoor, thereby putting millions of iOS devices at risk. Discussion ended when the FBI commissioned technology from a third party to crack into the target iPhone.
As for Skorobogatov's NAND mirroring technique, the professor says the procedure can be applied to more recent iPhone models like the iPhone 6. Those claims are questionable, however, as the iPhone 5c was the last iPhone to go into production without Touch ID and corresponding Secure Enclave technology, both of which offer hardened protection against hacks.
Comments
That; why Apple changed it later.
It's not an easy attack though; if a person is doing that to your phone, I'm guessing you can spring for an Iphone 7...
Wouldn't this NAND mirroring attack work on most/all Android devices since they seem to prefer emulating the security (cloud storage of payment credentials for example) rather than actually having it?
2) Can this system even discern that the system wants complex over simple? I assume there would be an unprotected marker since the iOS keyboard changes to account for this change.
Apple could have helped the FBI and then said "sorry guys, as much as we'd like to, we can't help you with any newer handsets" . Doing so would have been likely to have strengthened their case against future law enforcement demands and saved the public purse a shed load of money.
Apple was just to set a precedent so Apple couldn't refuse to help them in the future.
That's also why the FBI used a phone in PR that they knew had absolutely nothing of value on it.
I would argue that unless the Secure Enclave is using also the NAND device ID in its data protection, this method should work as well.
What am I missing...
aàáâäæãåāsßśšdfghjklł
zžźżxcçćčvbnñńm
QWEÈÉÊËĒĖĘRTYŸUÛÜÙÚŪIÎÏÍĪĮÌOÔÖÒÓŒØŌÕP
AÀÁÂÄÆÃÅĀSŚŠDFGHJKLŁ
ZŽŹŻXCÇĆČNÑŃM
1234567890 °
-/:;()$&@" –—• \ ₽¥€¢£₩ § ”“„»«
.,?!' … ¿ ¡ ’‘`
[]{}#%^*+= ‰
_\|~<>€£¥•
Space Bar
I count 180. That's a lot of options even before you consider that's only for the US English keyboard, that emoji are Unicode which could be added at anytime to the complexity of the keyboard options, along with many other characters.
180^n is a lot. Even a 4 character passcode is over 1 billion options.
That is regardless of with/without Secure Enclave.
The time delayed after every missed guess. That is built into the secure enclave, not the OS, and does not reset when the limit is reached and the data is deleted in the NAND. And does not reset after rebooting the iPhone. When a new clone NAND is put in after 10 guesses, the time delay remains and guesses can only be inputed at a rate of maybe 1 every hour (or so). So theoretically, this technique may work, but it will take a lot, lot, lot, lot, lot, longer to brute force the code. So even a 4 digit passcode may take years to hack.