LAPD Hacked An iPhone 5s Before The FBI Hacked San Bernardino Terrorist's iPhone 5c (latimes.com) 47
According to recently released court papers, Los Angeles police investigators found a way to break into a locked iPhone 5s belonging to April Jace, the slain wife of "The Shield" actor Michael Jace. The detectives were able to bypass the security at around the same time period the FBI was demanding Apple unlock the iPhone 5c belonging to San Bernardino terrorist Syed Rizwan Farook. LAPD detective Connie Zych wrote on March 18, the department found a "forensic cellphone expert" who could "override the locked iPhone function," according to the search warrant. There's no mention of how the LAPD broke into the iPhone or what OS the iPhone was running (Note: iOS 8, which features improved encryption and security features, came out months after the killing). The information stored on the iPhone should help in the criminal case against Jace's husband, who is charged with the May 19, 2014, killing.
Michael Jace was several years ago. (Score:5, Insightful)
https://en.wikipedia.org/wiki/... [wikipedia.org]
I just looked it up because of this article, that was nearly a full 2 years ago. I imagine several significant holes in iOS have likely been patched by now.
Apple are seemingly getting close to having an airtight phone, assuming you have it locked of course with a reasonable pass / pin. This seems like a good thing for the consumer.
Re: (Score:2)
Are you saying Apple's programmers are now able to create a computer program as complex as an operating system with no bugs and no flaws whatsoever?
This is a good point in general, however the kind of security we're talking about here is restricted to the "login screen", not the general purpose OS. That's a much smaller attack surface. Once you've logged in, and are running third-party code on the device, you're much more likely to be able to break something.
It's reasonable to say that GP's claim of them "getting reasonably close to having an airtight phone, assuming you have it locked" is accurate. There will always be workarounds (decapping the chips
Re: (Score:2)
but short of a screw-up on Apple's side, the practical options for bypassing the lock screen via a hack are getting more and more limited.
There's no way you can know that and it's just historically untrue. This is a complex proprietary system, so it's already less secure than mature industry standards. Also, this system relies on an obfuscated process to allow the user to encrypt data with a weak pin. So you have fundamentally weak security (pin code), on an unproven closed system, relying on security through obscurity principles - I would not assume an iPhone is ever more secure than any volume secured with simple software encryption and a
Re: (Score:2)
This is a complex proprietary system, so it's already less secure than mature industry standards.
Oh, you mean like those "Mature industry standards" ssl [slashdot.org] and ssh [securityweek.com]?
Re: (Score:2)
Re: (Score:2)
Yes I do. Now this will be the last response I'll give to someone that has chosen the name "macs4all" when talking about the inherent weakness of proprietary systems.
Promise?
Re: (Score:2)
Re: (Score:2)
Are you saying Apple's programmers are now able to create a computer program as complex as an operating system with no bugs and no flaws whatsoever?
Are Apple's programmers aliens from another planet with superior intelligence? Is this why Apple's new HQ looks like a "spaceship"?
Shhh! Don't tell anyone...
Re: (Score:2)
My understanding as a total encryption and technical newbie (compared to most of slashdot) is the 5c is a weaker, simpler phone, the 5s with it's thumbscanner has some kind of hardware encryption key (or some such?) between each component, so replacing a component to fake thumb prints or something like that isn't possible.
I'm not sure EXACTLY how the c was hacked to be honest but TLDR, my understanding is the s is vastly more secure, going forward obviously for newer models too.
I see downsides to it, defini
Re: (Score:3, Informative)
Yes, iOS 7 was vulnerable to a very simple hardware hack:
(1) Hook up your own battery emulator to replace the battery
(2) Try a passcode, if it fails, cut power before the phone has a chance to write down the failure attempt
(3) Profit (seriously, these hack-boxes were like $50k each while they worked)
The solution on the phone side is reordering the events -- first execute failedAttempts++ and make sure it's synced to persistent storage, then evaluate the passcode and, if it's good, write failedAttempts=0 and
Re: (Score:1)
Yes, iOS 7 was vulnerable to a very simple hardware hack:
(1) Hook up your own battery emulator to replace the battery
(2) Try a passcode, if it fails, cut power before the phone has a chance to write down the failure attempt
(3) Profit (seriously, these hack-boxes were like $50k each while they worked)
The solution on the phone side is reordering the events -- first execute failedAttempts++ and make sure it's synced to persistent storage, then evaluate the passcode and, if it's good, write failedAttempts=0 and
Re: (Score:3)
No, there are easier hacks in iOS7 - there have been many lock screen hacks that let you in without consuming attempts on your passcode.
Just google for iOS7 lock screen bypasses and there's an ugly list of 3-4 different bugs. I believe even iOS 8 has similar lockscreen bypasses. Heck, even iOS9 had one using Siri until Apple fixed it server-side.
Re: (Score:2)
Yes, but those only get you access to Class C and D files. You need the actual passcode to unlock the Class A and Class B files, because the encryption key for those is actually derived from the passcode itself [slashdot.org].
So you need to be able to make 1000 attempts on the passcode, and to do that, you need to be able to revert the counter of failed attempts.
The files are in the computer (Score:2)
Re: (Score:1)
How stupid are the editors? (Score:4, Insightful)
IOS 8 was released Sept of 2014. Or four months after the killing.
The phone would have been running iOS 7at best.
Let's have a big headline and dupe idiots into thinking it was hard.
Re: (Score:2)
parent deserves +5
Re: (Score:2)
parent deserves +5
For pointing out the specific details of a statement that was generalized in TFS?
(Note: iOS 8, which features improved encryption and security features, came out months after the killing).
Re: (Score:2)
Exactly then why make abig deal of it today? Because the phone was only hacked recently.
It is making a big deal of Android 4.0 being hacked. Hence the sensational headline.
Now if someone hacks ios9 phone then go for it.
Re: (Score:1)
Inmates? (Score:1)
They probably just asked inmates to help out: they have experience and time.
Laos budget (Score:2, Informative)
Lapd has enormous budget, saw a documentary which said they had people stationed internationally. Mission creep on overdrive.
Can please you get provenance correct? (Score:1)
"belonging to San Bernardino terrorist Syed Rizwan Farook". No, it belonged to the county of San Bernardino.
precedent (Score:2)
Eh (Score:2)
Re: (Score:2)
The problem with fingerprints is they can force you to unlock it (with a warrant).
Forcing you to say your password has 5th Amendment implications.
Crime (Score:2)
Illegal unless you're one of the good guys.
Can I please have an unencrypted phone? (Score:2)
There's nothing on my phone worth encrypting. If there was, I'd encrypt it. However there's lots on my phone that I'd never want to lose. I do backups, but I don't get to it every day, every we
Re: (Score:2)
Why not get the best of both worlds and have automated backups and an encrypted phone?
If you're not comfortable with Google's various backup options (e.g. Google Photos' cloud backup), that's fine: there's alternatives. I use BitTorrent Sync to sync the camera folders on my and my wife's smartphones with our various computers and NAS. Not only does this make it easier to share photos and video with family (I find it easier to share from a computer, rather than from a phone), but it runs continuously so ther
Re: (Score:2)
Re: (Score:2)
Encrypted storage these days works quite well, and is built into Windows and MacOS at no cost. When we have employees working in insecure areas (such as shared offices) we encrypt their hard drives, and there's no noticeable performance impact. If they forget their credentials they lose access to their hard drive, but they also can't get to their email, calendar, file servers, etc., so that's hardly insurmountable.
And the value of encrypting storage is pretty high - if a laptop is lost or stolen, encrypting
Re: (Score:2)
so it's worth doing
I never said it wasn't. The problem is there's also many instances where encrypting data is worth NOT doing, and on many of these mobile platforms there is no option for that. Forced encryption is bad design, likely intended to encourage users into using cloud services, not to protect them - of course that's how they'll sell it though.
A few points (Score:2)
There are a dew distinct aspects to this (IMO):
- There's a fundamental difference between "police can hack into iPhones" and "Apple puts a backdoor into iPhones so that iPhones are trivially hackable by anyone with the key", because Apple's role in the process matters. If Apple's job is to make iPhones secure, the police (and criminals) can of course still hack phones, but any vulnerabilities are treated as bugs to be fixed, and the iPhone gets more and more secure over time. If the police can force Apple t