FBI Spent $1 Million to Unlock San Bernardino Shooter’s iPhone, Here’s How a Professor Did It for $100

Now we’re all confused as to why the FBI spent over $1 million unlocking the San Bernardino shooter’s iPhone 5c.

Dr. Sergei Skorobogatov, a computer scientist at Cambridge, has unlocked an iPhone using store-bought components costing around $100, which are available on Amazon, eBay, and Alibaba. While the electronics may have been cheap, that isn’t to say anyone could have accomplished Skorobogatov’s feat.

The technique he used, known as NAND mirroring, allows intruders to access any iPhone model up to the iPhone 6, including the iPhone 5c. FBI Director James Comey notably dismissed NAND mirroring as an ineffective technique, remarking that a tailored solution would be required.

In a video posted on Youtube, Skorobogatov demonstrates how he was able to remove the NAND memory chip from an iPhone and clone it by reverse-engineering how the NAND chip communicates with the phone.

If you can clone a phone’s memory chip an infinite number of times, you basically have an infinite number of password guess attempts, allowing you to break into an iPhone using brute force. Skorobogatov notes on his video that running through all 10,000 possible combinations of a four-digit passcode takes less than 2 days. A six-digit passcode would ostensibly take hundreds of hours to unlock. This technique can also be applied to more recent iPhone models, although more sophisticated hardware would be required.

Susan Landau, a prominent security researcher, notes in a blog post on Lawfare that going forward law enforcement agencies should develop their own cyber-security and decryption capabilities rather than endorsing legislation that weakens encryption.

“Skorobogatov was able to do what the FBI said was impossible,” she said.