This paper is a short summary of a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9. This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol. The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts. This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5c. Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection. Also some reliability issues related to the NAND memory allocation in iPhone 5c are revealed. Some future research directions are outlined in this paper and several possible countermeasures are suggested. We show that claims that iPhone 5c NAND mirroring was infeasible were ill-advised.
翻译:本文简短地总结了一个真实的世界,反映了对IOS 9. iOS 下的苹果 iPhone 5c 密码重置柜台的攻击。这是通过拆卸一台试样电话的NAND闪存芯片,以便实际连接 SoC 和部分反向工程其专有公共汽车协议而实现的。这一过程不需要任何昂贵和尖端的设备。所有所需的部件都是低成本的,并且都是从当地电子经销商那里获得的。通过使用所描述和成功的硬件镜像程序,有可能绕过密码重试的极限。这是对iPhone 5c 工作原型和iPhone 5c 真实硬件反射过程的第一次公开演示。尽管这一过程可以改进,但它仍然是一个成功的概念证明项目。了解反射的可能性肯定有助于设计更好的保护系统。与iPhone 5c 的NAND记忆分配有关的一些可靠性问题也暴露了。本文概述了一些未来的研究方向,并提出了几种可能的对策。我们表明,iPhone 5c NAND 镜是无法实现的。
相关内容
微信扫码咨询专知VIP会员