Since the Federal Bureau of Investigation (FBI) hacked the iPhone from the San Bernardino shooting, several security specialists have weighed in with their hack suggestions. According to The Daily Dot, as revealed by a Las Vegas computer security conference survey, 52 percent of cyber-security experts confirmed that they would be willing to help the FBI for paycheck of $1 million to $50 million and beyond. Contrarily so, one out of every four respondents also agreed with Apple's refusal to comply with the FBI's request.
However, as it turns out, the FBI paid the the third-party hacker $1.3 million for cracking a code that University of Cambridge's associate researcher Dr. Sergi Skorobogatov can solve with less than $100 using NAND mirroring.
So, how does NAND mirroring work?
First, Skorobogatov removed the NAND chip from the iPhone 5C, which is a tense process on its own. Then, he cracked the memory system's communication routes in order to clone the chips that would allow him to try out as many passcodes as possible, reported BBC.
As Vice News explains, it takes 90 seconds to complete each set of six guesses, which totals to 10,000 combinations tested over a period of 41 hours. Cracking a four-digit code results in around 40 hours of work, but finding a six-digit code may take hundreds of hours.
"The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors," Skorobogatov said in his paper and explained in his YouTube video.
The NAND mirroring method can successfully crack passcodes of older iPhones up to the iPhone 6, but with the use of advanced hardware, Skorobogatov believes the same method may work for the iPhone 6s and even the brand new iPhone 7.
In April, the FBI claimed they were unaware of any alternative methods to cracking the iPhone, but by March, they had dropped their lawsuit against Apple. Three major news networks responded by collectively suing the FBI for hacking details. Hopefully this can explore the broader, more serious issues at hand, like what this means for Apple's security features – specifically, the encryption of user data.
The debut of the iPhone 7 intitially raised a chorus of complaints at the lack of a headphones jack, but as users have come to realize, this makes the iPhone 7 all but impossible to physically hack. To strengthen their virtual frontier as well, Apple incorporated the hyper-encrypted iOS 10. The FBI's iPhone 5 passcode crack provoked Apple to take drastic measures in ensuring their customers a guarantee of privacy. If people no longer trust Apple's security system, they would be highly unlikely to use Apple's new services, such as the iCloud Keychain, which stores user passwords and credit card information into the smartphone, comments The Sacramento Bee.
To reinstate their credibility as a lauded tech company, Apple security expert Ivan Krstic presented a primer of iOS 10's features at the BlackHat USA hacker conference in Las Vegas. Craig Federighi, a senior vice president of software engineering, also assured fellow developers that Apple "is committed to the highest level of encryption."
But this still leaves the main question up in the air: when and where will Congress draw the line between the FBI's national security concerns and Apple's privacy rights?
