A British computer scientist found a way to unlock an iPhone 5c, spending just less than £80 on a cheap tool that managed to trick the handset in a matter of two days.
The technique called "NAND mirroring" takes about 40 hours and tricks that Apple handsets into forgetting how many incorrect passwords were entered. In an interview with The Telegraph, senior researcher associate in the Security Group at the Computer Laboratory of the University of Cambridge, Dr. Sergei Skorobogatov, explained that the technique bypasses the self-lock feature of Apple when incorrect passwords are entered six times.
Skorobogatov managed to rewire iPhone 5c's hardware using a cheap equipment available in electronic shops, or Amazon and eBay. He cloned the NAND chip storage system of Apple devices and modified an iPhone 5c unit so that the clones may be unplugged and reconnected.
The cloned chips are then used to set the failed pin attempt to zero, allowing unlimited chances of entering passwords and combinations. This means all 10,000 potential four-digit combinations may be tested within 40 hours. Skorobogatov claims that the technique takes a lot of work, but the method may be used to crack phones with six-digit codes. Cracking newer models such as iPhone 6s, iPhone 7 and 7 Plus, however, would require a more sophisticated hardware.
Earlier this year, the Federal Bureau of Investigation asked assistance from Apple to help break into the phone of Syed Rizwan, gunman who killed 14 people in a Claifornia shooting. However, the tech giant company refused to help, citing that it violates their customer's privacy.
Yahoo reported that FBI Director James Comey dismissed the possibility of tricking the iPhone device using the NAND tool. After months in court, they dropped the case with Apple and hired a private company to crack the device. The institution ended up paying £1 million to unlock the handset.
Security researchers and experts claim that Skorobogatov's method proves that there are many ways to assist law enforcement in decrypting devices, and that authorities should have a better understanding of these options.