Hacking an iPhone is not easy, and after several unsuccessful attempts, the FBI asked for Apple’s help to unlock an iPhone 5c that was found as evidence in the San Bernardino shooting. At that time, the iPhone 5c NAND mirroring trick was talked about a lot, but FBI claimed that it wouldn’t work. The process required replacing the passcode protection system on the iPhone firmware on the smartphone using NAND mirroring, and the authority thought that this could cause permanent damage to the iPhone. The FBI later managed to enter into the iPhone of the dead terrorist through other methods, and the iPhone 5c NAND mirroring technique inadvertently took a back seat. However, University of Cambridge researcher Sergei Skorobogatov has now proved the FBI wrong and managed to successfully remove the passcode protection, and then proceeded to brute-force the passcode to hack the iPhone.
(Also see: Apple vs FBI: What Happened?)
Of course the entire process is quite delicate and intricate, and requires deep knowledge about mobile technology, but surely FBI’s forensics team is equipped enough. Skorobogatov demonstrated a part of the process on video, and has even published a detailed paper for everyone to assess. While Skorobogatov’s process is just a proof of concept, it is enough to prove all FBI’s worries wrong. The FBI was being cautious about the NAND mirroring process, as it could potentially damage key evidence in the San Bernardino case. “Despite government comments about feasibility of the NAND mirroring for iPhone 5c it was now proved to be fully working,” the paper says.
In any case, this experiment proves that it wouldn’t be impossible to construct an emulator that could hack iPhone units in the future. While FBI feared that the NAND chips could get fried while removing, Skorobogatov claims that anyone who knows how to de-solder can master it. He adds, “If one researcher can accomplish this relatively quickly, I would think a team of FBI forensics experts with the right hardware and resources could do it even faster.”
As mentioned, Skorobogatov has published a paper giving step by step details on how he managed to do it, and you can read the full thing here. He claims that he used low-cost, off-the-shelf parts for the hack.