Skorobogatov used a technique called NAND mirroring to bypass the passcode-retry limit set by Apple on iPhone 5c. Skorobogatov demonstrated the iPhone 5c hack using store-bought equipment for just $100. From the equipment, he created copies of the phone’s flash memory to generate more tries to guess the passcode.
Skorobogatov detailed the whole process in a new paper and was able to gain entry into a locked iPhone 5c using the NAND mirroring technique. Users may remember FBI had emphatically said in March that NAND mirroring technique can’t be used on Apple products, especially, iPhone 5c. “It doesn’t work,” FBI Director James Comey said back in March. To gain access the San Bernardino shooter’s iPhone 5c, the FBI instead resorted to reportedly paying an Israeli contractor around $1.3 million. Apple’s iPhone 5c is passcode protected with a limiter for passcode tries and has an auto-erase function that would activate after 10 failed tries, deleting all the data inside. Skorobogatov’s paper, published on Thursday, provides a working prototype on how to pull off the hack. The equipment he used consisted of off-the-shelf components, and his tests involved iPhone 5cs updated with the latest 9.3 version of iOS.