Researcher demos how FBI could've easily unlocked San Bernardino iPhone sans Apple
Skorobogatov used an attack known as NAND mirroring to unlock the iPhone.
Cambridge University researcher Sergei Skorobogatov recently published a paper demonstrating a method the FBI could have used to unlock the San Bernardino shooter's iPhone 5c using cheap and easily available technique.
Skorobogatov's technique, known as NAND mirroring, was performed by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol, according to the paper.
Earlier this year, the FBI claimed that there were no other options to break into the device other than for Apple to create a back door before suddenly backing off after the agency was able to unlock the phone without Apple's help, presumably using work done by the Israeli firm Cellebrite.
Cellebrite presumably “captured the NAND memory of the phone and ran an offline attack,” Oliver Lavery, director of research at IMMUNIO, told SCMagazine.com earlier this year via emailed comments.