A computer security expert was able to bypass the security of the iPhone 5c to $ 100 and 40 hours, where the FBI had spent a million dollars to achieve the same end.
Why spend a million dollars when it is possible to achieve the same goal for 100 dollars? This is the question that Sergei Skorobogatov, a computer security expert from Russia to the British University of Cambridge, comes indirectly ask the FBI.
September 15, bypassing the security of the iPhone 5C, the same model as that used by Syed Farook, the author of the shooting in San Bernardino in California who had killed a dozen people in February 2016, he succeeded where the famous American intelligence service had failed.
100 $ of equipment and the right idea
Eager to enter the suspect's smartphone to conduct the investigation without risking erase sensitive information, the FBI had first ordered Apple to help, sparking a media war around the respect for private life. Then, against the repeated refusal of the Apple brand to deliver its secrets, the agency had paid over a million dollars a specialized company - probably Israel - to achieve this end in March 2016.
Late last week, Sergei Skorobogatov demonstrated in a scientific article on the Arxiv website that US spies could have avoided to pass for Big Brother in trying to force Apple to give him a key able to hack any iPhone, but also needlessly spend money. Everything the FBI needs is $ 100 for equipment and a brain well.
Investigators faced in effect with the following problem: how to guess the correct password to unlock the iPhone Syed Farook having a limited number of trials? In case of multiple failures in fact, Apple's security system is designed to clear the smartphone.
To work around this thorny issue, Sergei Skorobogatov has bought an iPhone 5C on eBay and made some manipulations, described in a video posted on YouTube, to clone the RAND memory, that is to say the equivalent of the disc hard iPhone that contains information saved on the phone. After this first operation, the scientist was able to get into the business of long-term comprising guess the right password.
As soon as it exceeded the allowed number of tests, he could insert the clone instead of the original memory and start over. "As I can make as many clones as I want, I can try as many combinations as needed to reach my goal," he says in the video.
Contradict the boss of the FBI
To find a password of four digits, which is the standard for iPhone 5C, it took him forty hours. The FBI, which has battled more than a month to achieve its purpose, therefore could save time and more money.
Sergei Skorobogatov says his technique to clone the RAND memory also works for iPhone 6 still available unlike 5C model. It is, however, not sure he could do the same for even newer models like the iPhone or the iPhone 6s 7.
This demonstration is particularly important that the FBI Director James Comey, had said in March 2016 that the technique of cloning memory RAND was impossible iPhone Syed Farook. Adding that it was urgent for the same reason, to legislate that Apple, Google & Co. to assist the authorities in the most sensitive cases like terrorism cases.
The head of the intelligence agency so wrong. For the American law expert Susan Landau cybersecurity, which analyzed the work of Sergei Skorobogatov, "the moral of the story is that the solution is not, as the FBI said, to use a legislation that would restrict our personal freedoms, but better trained investigators to questions of security and encryption of communications and devices. "
Source
0 comments:
Post a Comment