Earlier this year, the FBI claimed that you could not simply clone an iPhone in order to hack it.
That claim was amidst the bureau failing to break into an iPhone 5c belonging to one of the San Bernardino killers back in 2015 (according to the FBI, they later did manage to get into the phone via an unknown method.)
However, a security researcher at the University of Cambridge proved them wrong. According to the researcher, all you need is around $100 worth of equipment.
It’s another twist to the encryption vs. surveillance debate (we discuss it here) and a concerning development for any of those that worry about digital privacy.
The security researcher, Dr Skorobogatov, used a process known as Nand mirroring, where he was able to clone the Nand chip (used by Apple iPhone’s for storage) in an iPhone 5c, and bypass any built-in security features, including the passcode.
The entire process required detailed knowledge and research regarding how the innards of the iPhone 5c worked and how it communicated with the Nand chip inside, so this isn’t something your average data thief would be able to achieve. To put it into perspective, this is something even the top security experts at the FBI couldn’t do. You can watch his video demonstrating the complex process below.
There are limits to how effective the technique is as well. For those iPhones that use complex, long passcodes, the bypassing technique can still take months or even years, though Dr Skorobogatov proposed some time-saving solutions for those with the necessary resources (that he himself didn’t have.)
This does – of course highlight that with enough knowledge and know-how, as well as enough time, no matter how secure you think your data is, nothing digital is ever 100% safe.
Dr Skorobogatov’s technique will work on an iPhone 5c, but not more recent models. However Skorobogatov believes the technique can be modified to work on other models of iPhone as well.