Skip to main content

You can hack almost any iPhone with just $100 worth of electronics

The FBI made headlines when it paid security contractors an estimated $1.3 million to unlock an iPhone 5C last year, but as it turns out, bypassing the security on Apple’s top-of-the-line headset doesn’t necessarily require a truckload of money — or the expertise of one of the world’s largest law enforcement agencies. A U.K.-based computer scientist demonstrated an exploit that requires no more than $100 worth of off-the-shelf equipment… and plenty of patience.

In a YouTube video posted Monday morning, Cambridge University’s Dr. Sergei Skorobogatov, a Russian senior research associate, said he’d successfully designed a hardware backdoor that allows any user to bypass the iPhone’s PIN security. Normally, iOS limits the number of incorrect PIN entries to six before locking for incrementally longer periods of time, but Skorobogatov’s solution allows a theoretically unlimited number of attempts. “I can repeat the process many many times until the passcode is found,” he said.

Recommended Videos

The exploit leverages vulnerabilities within the iPhone’s Nand, the chip responsible for the phone’s internal storage. Dr. Skorobogatov modified a target iPhone to accept chips from an external motherboard. He then detached the old Nand module, used off-the-shelf hardware components to digitally mirror the files it contained, and copied the resulting “clone” to a fresh chip. The iPhone couldn’t tell the difference — and after Skorobogatov seated and rewired the new chip in the phone’s board, the PIN attempt attempt counter reset to zero.

From that point, guessing the PIN is a trivial, albeit arduous, process. Dr. Skorobogatov said that a four-digit PIN took about 40 hours, and that a six-digit pin could potentially take hundreds of hours.

It’s not a holistic exploit. Dr. Skorobogatov said that iPhones newer than the iPhone 6 Plus would require a “more sophisticated” set-up — newer methods of encryption could make it “more challenging to analyse and copy,” he said. And Dr. Skorobagatov said that in fringe cases, the process could require “an advanced team of researchers” to undertake successfully. But other iOS devices are likely vulnerable. “iPads use very similar hardware, hence models which are based on A6 SoC or previous generations should be possible to attack,” Dr. Skorobogatov said. “Newer versions will require further testing.”

Dr. Skorobogatov’s work seems to contradict statements made by FBI Director James Comey. In March, he told press that Nand vulnerabilities “[wouldn’t] work” on the iPhone 5C the bureau was targeting.

But it’s not the first time the veracity of the FBI’s claim has come into question. In May, the Los Angeles Police Department managed to break into a locked iPhone 5S. And the Indian government claims it has a mobile forensics tool that can “[handle] smartphones including Apple phones.”

The FBI’s analysis of an iPhone 5C owned by Syed Farook, one of two shooters who perpetrated an attack in San Bernardino, California that left 14 people dead, made global headlines when the agency mounted legal action against Apple. It sought a court order requiring the Cupertino company to create a tool to bypass the iPhone 5C’s PIN protection.

Apple argued that such a backdoor would pose an omnipresent threat to the “privacy” and “security” of its customers — a sentiment echoed by hundreds of tech companies, privacy advocates, and human rights groups, as well as legal, tech, cryptology, and cybersecurity experts.

The FBI dropped its case after a team of anonymous hackers demonstrated a successful bypass of the phone’s security, but not before publicly condemning encryption technologies like those employed on Apple’s iOS devices. “[It’s the] essential tradecraft” of terrorists like the Islamic State, Comey told Reuters in July. He singled out WhatsApp, a messaging platform that enabled secured messaging and calling by default, as a platform “affecting the criminal work (of the FBI) in huge ways.”

In September, a group of publishers including the Associated Press, Vice Media, and Gannett Media, filed a freedom of information lawsuit against the FBI for failing to disclose the vulnerability — and consultants — it used in bypassing the iPhone 5C’s security. The case is currently pending before a circuit court judge.

Please enable Javascript to view this content

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
iPhone 17 Pro may get a wild, must-have accessory that beats a case
Render of iPhone 17 Pro Max.

The Apple iPhone 17 Pro may get an unusual customization option, if an image showing a wild new accessory type is accurate. Instead of just wrapping your phone in a case or a skin, the iPhone 17 Pro’s distinctive camera module may support colorful panels to spice up the look of the phone, and make good use of all that blank space we expect to see around the cameras.

Anyone who has seen early renders of the iPhone 17 Pro’s possible design will have been struck by the large camera module on the back, which appears flat and houses three main cameras on the left, with a flash unit and another sensor on the right. The space between them is entirely unused, and that’s where the rumored panels come into play.

Read more
The iPhone should copy this Android phone’s shortcut button feature, here’s why
The buttons on the iPhone 16e

The iPhone is renowned for its ability to start entire trends and drive the smartphone industry in new directions. 

Beginning with the launch of the original iPhone in 2007, which transitioned the industry from resistive to capacitive touchscreens and eliminated the need for a stylus, the iPhone also defined the current smartphone with the introduction of the App Store and the app economy.

Read more
iPhone theft victim sues Apple. It sparks a new hope for others, too
The iPhone 16 sticking out of someone's pocket.

Smartphones are the center of our digital existence. Not just because they open the doors for communication and social connection, but also due to their role as gatekeepers of our financial and professional lives. 

Needless to say, a stolen iPhone can upend your life in many ways, but it’s even harder to recover those precious files stored on the device. A few victims of iPhone theft may finally have a chance, thanks to a lawsuit against Apple over not offering enough help in recovery efforts.

Read more