Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com) 98
Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.
The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.
The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.
what is it? (Score:2)
Re: (Score:2)
If you set the iPhone to wipe after ten failed tries, then even with a four-digit random passcode there's only a 0.1% chance it can be brute-forced. All of this is in the Secure Enclave for iPhone 5Ss and later, and I find it extremely improbable that the police are reading that. If you want your iPhone to be secure, turn fingerprint recognition off, randomize your code, and set ten-tries-to-wipe. I'm perfectly willing to believe that the 5C and earlier can be cracked.
Re: (Score:2, Informative)
You're wrong. They've managed to get around the 10 limit - and without opening the phone to get at individual hardware components for replacement. The details are extremely secret NDA stuff but they demonstrated they can do it even on 8.
Re: what is it? (Score:1)
If you set it to wipe after 10 tries, then the first time your kid gets ahold of your phone you'll have the joy of a freshly factory wiped phone.
Re: what is it? (Score:1, Insightful)
or you can teach your kid not to touch your shit. eh, i'm sure that's child abuse, though. My kids are all semi-normal characters, and they know that you don't touch mommy's $1,000 electronics. they actually can be taught that, and still be happy and healthy, or in the case of daughters, miserable and healthy.
Re: (Score:2)
Or, you could just backup your data. If you do a wired and encrypted backup to iTunes, it's protected both by Filevault and its passphrase and an additional round of encryption in iTunes, on which you could (and should) use a different passphrase.
Then, if your kid (or you, of you suffer from a bad case of butterfingers) wipes your device, it's a minor inconvenience and nothing more. Hell, you could create and load a custom security profile and crank it down to wipe the phone after only 2 failed attempts.
Re: what is it? (Score:2)
Re: (Score:2)
Re: what is it? (Score:2)
It simply brute forces the thing. From the description, a 4 digit passcode can take a few hours, 6 digits a few days. They probably found a way around the deadswitch by powering off the chip before it's locked or simply too many people don't set the 10-time lockout.
Re: what is it? (Score:3, Informative)
The Secure Enclave responds slower and slower to each unlock request..This is not a user setting. Read the Apple security white paper. Very detailed and enlightening
Use longer passwords. (Score:2)
iOS does not restrict your passcodes to 6 digits. That's just the default. Set a strong Alpha-Numeric password and the GrayKey will take hundreds of years to unlock your iPhone.
Re:what is it? (Score:5, Interesting)
Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?
If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.
I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for one of these".
Re:what is it? (Score:5, Insightful)
Re:what is it? (Score:4, Insightful)
It is not about accessing the phone when it is in their possession, with a search warrant, that is a lie. It is all about accessing the phone when it is in your possession without your knowledge and sometimes without a warrant. That is why a backdoor, nothing what so ever to do with legal access via a warrant, all to do with fishing expedition access without your knowledge. Now add in more reality, also about spying on the opposite sex, competitors and revenge. The more power some people have, the more power they want.
Re: (Score:1, Insightful)
I agree with you in principle.
But I feel obligated to point out that people think they need smartphones WAY more than they actually do.
There may be a tiny handful of people who, due to the nature of their business, need to remain connected to the Internet at all times.
For the other 99%, it's just a luxury and an addiction.
For God's sake, if you are worried about privacy, don't use an IPhone. This isn't rocket science.
I have a dumbphone. It has my contacts and a calendar app. Let the police crack it, ther
Re:what is it? (Score:5, Interesting)
Couldn't a victim of a Greykey demand to see the source code at their trial? How else could the cops demonstrate that the device doesn't also plant evidence or alter the phone in some other way? It clearly alters the device being unlocked in some way, which seems to make it dubious as evidence.
Re:what is it? (Score:4, Funny)
Because you have to trust the cops. Even the ones filmed planting evidence, beating confessions out of people and stealing stuff. All the prosecutor has to say is "Yes, please disallow the evidence that the police have been filmed planting, but you have no reason to disallow the rest of the evidence, regardless of how untrustworthy the police have proven to be."
Re: (Score:1)
You could. But it ultimately depends on jurisdiction, and in most cases, the judge. It's whether or not a 'fair trial', is something they care about.
In a perfect world, you and I would be able to call for the source code with no questions asked. Sadly, that isn't where we live.
Look up 'breathalyzer' source code, as well as 'red light camera' source code cases.
The former, involves lack of 'calibration' incidences, while the latter, often includes intentional malfeasance for greater result of 'offenders' incr
Re: (Score:2)
The same way they currently demonstrate, they don't plant it through traditional means, such as during traditional court-sanctioned searches... I don't know, how — or if — they do that, but the problem you allude to is hardly new.
More importantly, prosecution does not even need to present the evidence found in the phone — indeed, I suspect, such evidence rarely plays part in an actual trial.
The information gleam
Re: what is it? (Score:2)
Re: (Score:2)
Brands from all over the USA and the world (with the ability to work with US law enforcement) consider the complexity and their costs and respond with the services.
The generations of phone products get worked on and data is extracted ready for police to use.
Re: what is it? (Score:2)
Re:Exploitz (Score:1)
Re: (Score:2)
Well, given it's running its own code, it involves jailbreaking. And yes, there is the Electra jailbreak for iOS11. The only difference is this unit's jailbreak need only involve tethered jailbreaks, which are far more plentiful than untethered jailbreaks like Electra (which was one of the first since iOS 8 or 9).
We also know that it's likely involving elevated permissions - perhaps going so far as to
Re: what is it? (Score:2)
Re: (Score:1)
Preventative detention will increase, indefinite detention will be the norm (see sex offenders registry and civil committment) and no more possibility of a people's revolt, given the ability to sidetrack troublemakers BEFORE they start.
Re: (Score:3)
Re: (Score:2)
Well, we *could* monitor everyone's posts to see the ones who are saying dodgy things. Or we could, I dunno, make it more difficult to buy a fucking gun. That might work.
Re: (Score:2)
lemme get this right, the government safeguards against a crazy person getting a gun fail.. and your answer is.. we need more government safeguards? yeah.. im sure this time it'll be enough.
Maybe we start looking at this "recent" "uptick" in this crap and start looking for actual reasons it's happening now that we(the US) are the most regulated when it comes to firearms that we've ever been in the past? Maybe it's parenting drugs that are basically low dose meth(yeah, we win the award for most prescribed an
Re: (Score:2)
There *are* no government safeguards against a crazy person getting a gun. Apart from that, you got everything else wrong too. Well done!
Re: (Score:2)
well then, I guess i can just leave this here and point to question 11 a-i.
https://www.atf.gov/firearms/d... [atf.gov]
Re: (Score:2)
FFS. There are no *meaningful* safeguards. They didn't fail -- they worked as designed by the NRA. They are designed to allow everyone who wants a gun to get a gun.
Re: Good (Score:2)
Looks like you cracked the case.. the NRA intended for the FBI to not actually bother to look at the information submitted to them requesting a background check.
That darned NRA, I hear they require the FBI to wear blind folds while they are runner stamping background checks.
Re: (Score:2)
Come back to me with your wit when you can write the term "rubber stamping" without making an error.
Re: Good (Score:2)
At least you are able to admit that your ignorance is willful, I feel we made some progress here.
Re: (Score:2)
I see your ability to infer accurately is as your spelling.
Re: (Score:2)
Physical access (Score:1)
trumps everything.
Maybe not everything: a 256bit symmetric encryption purely in software with a true 256bit passphrase aka actual meaningful encryption. Which is pretty much much impractical for use with a phone: enter 256bit of passphrase everytime you want to use it, make a call? Pure masochism.
So there is no practical way to secure your phone and you have to act accordingly for any data you want to be protected. Either destroy your phone: is there a market for phones with thermite inside? Or don't use th
Re: (Score:2)
Thats what so many people don't think about.
The police/security services can look at every phone in a area in real time, over hours, days, weeks, months, years.
A phone turned off before entering an area and on again later after been in the area? Thats logged.
Two people talking for 5 minutes will get tracked due to location and time.
A new phone used in one area calling a set of other new phones in the same area and only for a few hours, days of use?
Th
Re: "relatively cheap tools" (Score:2)
Not the tool wanted (Score:5, Insightful)
What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.
Re:Not the tool wanted (Score:4, Interesting)
This is a very good point. Unlocking a phone that has already been confiscated just helps with a prosecution. Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that politicians could then use the backdoors to quash dissent, target political opponents, and manipulate the citizenry. The general opinion in law enforcement seems to be that those aren't real concerns, and the only reason one could have for privacy is to commit crimes.
Re:Not the tool wanted (Score:4, Insightful)
Re: (Score:3)
Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.
The country is full of people who think that we can trust law enforcement with this kind of thing - often the self-same people who think that we cannot trust the government IN ANY OTHER AREA OF LIFE.
And in the wrong hands (Score:2)
Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that {...}
And also, they don't think that in the wrong hands, such tools could mean real-time hacking/stealing/etc. of people's phone, while they are attempting to conduct normal business :
A government-mandated backdoor that enable any random law-enforcement (be it with correct search warrant in order, or in abusive invasive state) to snoop in real time,
is also an entry point that could be abused by an attacker to steal personnal information of an unsuspecting user, divert money while they perform online-banking/onli
Re: (Score:2)
Re: (Score:2)
Simple 4-6 digit passcodes. Not complex passcodes (Score:5, Informative)
Don't keep sensitive info on your phone (Score:1)
Re: (Score:2)
Re: (Score:2)
/sarcasm Presumably on the internet [bitoffun.com]
Re: (Score:2)
Re: (Score:2)
I don't know, do you use email on your phone? Cloud storage? All those are exposed through your phone. I guess you can revoke access remotely, but until you revoke access, you have a leak, unless you don't use a smartphone like a smartphone.
Re: (Score:2)
What about incriminating info? Which can be anything, so wipe your phone every few seconds?
Or are you under the impression only guilt people are searched, and only guilty people have ever been arrested, or that only guilty people have ever been convicted?
Comparing enough peoples data, to enough data from a significant amount of crimes will find false positives. Even if the odds are 1 in million, that means 300 people in the US would match, and 1 in a million convicts.
Worst thing is, you likely have little
Re: Don't keep sensitive info on your phone (Score:1)
Re: (Score:1)
If only everyone were like you, the world would be free of problems, and mankind could be at peace once and for all. Because you're you. And you-ness is everything. If only people could see. If only people could see ...
Yes it would be a beautiful thing, bus alas poor Yorick, it is not to be!
Caught lying, Jail the liar! (Score:1)
Sounds like the fellow may have committed the crime 18 U.S.C. 1001 [wikipedia.org] (Making False Statements) on matters within the federal jurisdiction, regarding law enforcement activities....
Encryption Backdoors? (Score:2)
Re: (Score:1)
Richest 62 people as wealthy as half of world's population [theguardian.com]
How else would they manage to keep this up?
Constant distraction, divide and conquer (there has to be an enemy – always), continuous buttering up by the media...
Even then, occasionally somebody sets out to make the world a better place. That's what they fear. They want to be able to stop it, before it becomes a dynamic movement.