Afinal é mesmo possível recuperar o código de acesso num iPhone 5c

Depois do atentado de San Bernardino, o FBI garantiu que não conseguia desbloquear o iPhone 5c de um dos atiradores, e exigiu que a Apple criasse um backdoor no iOS, o que originou a polémica disputa entre o FBI e a Apple.

Agora o Dr. Sergei Skorobogatov, investigador na área da segurança, veio provar o contrário. O FBI, afinal tinha o poder para conseguir desbloquear o iPhone usando técnicas que vários forenses computacionais já tinham indicado, durante a disputa.

O Dr. Sergei Skorobogatov, escreveu no abstract do seu artigo:

This paper is a short summary of a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9. This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol. The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts. This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5c. Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection. Also some reliability issues related to the NAND memory allocation in iPhone 5c are revealed. Some future research directions are outlined in this paper and several possible countermeasures are suggested. We show that claims that iPhone 5c NAND mirroring was infeasible were ill-advised.

The bumpy road towards iPhone 5c NAND mirroring [Dr. Sergei Skorobogatov]
Recovering an iPhone 5c Passcode [Bruce Schneier]