Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Iphone Encryption Government IOS Privacy Security

Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com) 98

Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

Cops Around the Country Can Now Unlock iPhones, Records Show

Comments Filter:
  • Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?
    • It simply brute forces the thing. From the description, a 4 digit passcode can take a few hours, 6 digits a few days. They probably found a way around the deadswitch by powering off the chip before it's locked or simply too many people don't set the 10-time lockout.

      • Re: what is it? (Score:3, Informative)

        by Anonymous Coward

        The Secure Enclave responds slower and slower to each unlock request..This is not a user setting. Read the Apple security white paper. Very detailed and enlightening

        • iOS does not restrict your passcodes to 6 digits. That's just the default. Set a strong Alpha-Numeric password and the GrayKey will take hundreds of years to unlock your iPhone.

    • Re:what is it? (Score:5, Interesting)

      by 93 Escort Wagon ( 326346 ) on Thursday April 12, 2018 @07:26PM (#56427845)

      Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

      If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.

      I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for one of these".

      • Re:what is it? (Score:5, Insightful)

        by demonlapin ( 527802 ) on Thursday April 12, 2018 @08:04PM (#56428049) Homepage Journal
        Hell, the criminals will have an easier time of it than Apple. The criminals already know crooked cops who will, for a fee, order one for them.
      • Re:what is it? (Score:4, Insightful)

        by rtb61 ( 674572 ) on Thursday April 12, 2018 @09:19PM (#56428303) Homepage

        It is not about accessing the phone when it is in their possession, with a search warrant, that is a lie. It is all about accessing the phone when it is in your possession without your knowledge and sometimes without a warrant. That is why a backdoor, nothing what so ever to do with legal access via a warrant, all to do with fishing expedition access without your knowledge. Now add in more reality, also about spying on the opposite sex, competitors and revenge. The more power some people have, the more power they want.

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        I agree with you in principle.

        But I feel obligated to point out that people think they need smartphones WAY more than they actually do.

        There may be a tiny handful of people who, due to the nature of their business, need to remain connected to the Internet at all times.

        For the other 99%, it's just a luxury and an addiction.

        For God's sake, if you are worried about privacy, don't use an IPhone. This isn't rocket science.

        I have a dumbphone. It has my contacts and a calendar app. Let the police crack it, ther

      • Re:what is it? (Score:5, Interesting)

        by AmiMoJo ( 196126 ) <mojoNO@SPAMworld3.net> on Friday April 13, 2018 @04:21AM (#56429651) Homepage Journal

        Couldn't a victim of a Greykey demand to see the source code at their trial? How else could the cops demonstrate that the device doesn't also plant evidence or alter the phone in some other way? It clearly alters the device being unlocked in some way, which seems to make it dubious as evidence.

        • by JabrTheHut ( 640719 ) on Friday April 13, 2018 @07:40AM (#56430055)

          Because you have to trust the cops. Even the ones filmed planting evidence, beating confessions out of people and stealing stuff. All the prosecutor has to say is "Yes, please disallow the evidence that the police have been filmed planting, but you have no reason to disallow the rest of the evidence, regardless of how untrustworthy the police have proven to be."

        • by Anonymous Coward

          You could. But it ultimately depends on jurisdiction, and in most cases, the judge. It's whether or not a 'fair trial', is something they care about.

          In a perfect world, you and I would be able to call for the source code with no questions asked. Sadly, that isn't where we live.

          Look up 'breathalyzer' source code, as well as 'red light camera' source code cases.
          The former, involves lack of 'calibration' incidences, while the latter, often includes intentional malfeasance for greater result of 'offenders' incr

        • by mi ( 197448 )

          How else could the cops demonstrate that the device doesn't also plant evidence

          The same way they currently demonstrate, they don't plant it through traditional means, such as during traditional court-sanctioned searches... I don't know, how — or if — they do that, but the problem you allude to is hardly new.

          More importantly, prosecution does not even need to present the evidence found in the phone — indeed, I suspect, such evidence rarely plays part in an actual trial.

          The information gleam

        • This is why this is all Apple's fault their security is weaker, not stronger. So instead of just trusting ONLY Apple have a way in with Apple's lawyers providing some back pressure on warrants, but everyone with just relatively few bucks now has full access. Unlocking is fucking cheaper than a new phone.
    • by AHuxley ( 892839 )
      Your nation, state, city puts out a request for someone with skills to open a cell phone within a set contract and for a set amount of payment.
      Brands from all over the USA and the world (with the ability to work with US law enforcement) consider the complexity and their costs and respond with the services.
      The generations of phone products get worked on and data is extracted ready for police to use.
    • as in plural... :)
    • by tlhIngan ( 30335 )

      Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

      Well, given it's running its own code, it involves jailbreaking. And yes, there is the Electra jailbreak for iOS11. The only difference is this unit's jailbreak need only involve tethered jailbreaks, which are far more plentiful than untethered jailbreaks like Electra (which was one of the first since iOS 8 or 9).

      We also know that it's likely involving elevated permissions - perhaps going so far as to

  • trumps everything.
    Maybe not everything: a 256bit symmetric encryption purely in software with a true 256bit passphrase aka actual meaningful encryption. Which is pretty much much impractical for use with a phone: enter 256bit of passphrase everytime you want to use it, make a call? Pure masochism.
    So there is no practical way to secure your phone and you have to act accordingly for any data you want to be protected. Either destroy your phone: is there a market for phones with thermite inside? Or don't use th

    • by AHuxley ( 892839 )
      Re "Or don't use them for anything incriminating."

      Thats what so many people don't think about.
      The police/security services can look at every phone in a area in real time, over hours, days, weeks, months, years.
      A phone turned off before entering an area and on again later after been in the area? Thats logged.
      Two people talking for 5 minutes will get tracked due to location and time.
      A new phone used in one area calling a set of other new phones in the same area and only for a few hours, days of use?
      Th
  • by sit1963nz ( 934837 ) on Thursday April 12, 2018 @07:25PM (#56427825)
    This is NOT the tool wanted. This tool means they have to have physical access to the phone.

    What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.
    • by RazorSharp ( 1418697 ) on Thursday April 12, 2018 @08:10PM (#56428079)

      This is a very good point. Unlocking a phone that has already been confiscated just helps with a prosecution. Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that politicians could then use the backdoors to quash dissent, target political opponents, and manipulate the citizenry. The general opinion in law enforcement seems to be that those aren't real concerns, and the only reason one could have for privacy is to commit crimes.

      • by b0s0z0ku ( 752509 ) on Thursday April 12, 2018 @08:40PM (#56428171)
        Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.
        • by shess ( 31691 )

          Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.

          The country is full of people who think that we can trust law enforcement with this kind of thing - often the self-same people who think that we cannot trust the government IN ANY OTHER AREA OF LIFE.

      • Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that {...}

        And also, they don't think that in the wrong hands, such tools could mean real-time hacking/stealing/etc. of people's phone, while they are attempting to conduct normal business :

        A government-mandated backdoor that enable any random law-enforcement (be it with correct search warrant in order, or in abusive invasive state) to snoop in real time,
        is also an entry point that could be abused by an attacker to steal personnal information of an unsuspecting user, divert money while they perform online-banking/onli

      • Almost immediately after this happens the US will turn into a police state, with the NSA and FBI snooping on politicians' phones and leaking everything illegal, or legal and politically damaging on the first couple who say no to them. After that the remaining politicians will fall into line.
      • by houghi ( 78078 )

        This is not about them being able to catch them committing a crime. This is about data collection that might be used when the case goes to court. Obviously they can just disregard it if it shows evidence the person was innocent.
        This because the interest is in closing cases and getting convictions, not about solving cases correctly.
        Having a lot of information will make it easier to let people admit to a crime they have not done.

  • by JoeyRox ( 2711699 ) on Thursday April 12, 2018 @07:29PM (#56427855)
    Based on the quoted time to crack the exploit is likely using brute-force - the purpose of the device is to guess those while also disabling the usual 10-guess iOS limit before the device is locked. However, iOS supports complex passcodes [apple.com] as well, up to at least 90 alphanumeric characters, and these are are unlikely to be cracked.
  • Or do like me and NOT keep sensitive info of you frigging phone!
    • So, where do you keep your kitty porn?
    • by novakyu ( 636495 )

      I don't know, do you use email on your phone? Cloud storage? All those are exposed through your phone. I guess you can revoke access remotely, but until you revoke access, you have a leak, unless you don't use a smartphone like a smartphone.

    • What about incriminating info? Which can be anything, so wipe your phone every few seconds?

      Or are you under the impression only guilt people are searched, and only guilty people have ever been arrested, or that only guilty people have ever been convicted?

      Comparing enough peoples data, to enough data from a significant amount of crimes will find false positives. Even if the odds are 1 in million, that means 300 people in the US would match, and 1 in a million convicts.

      Worst thing is, you likely have little

    • If only everyone were like you, the world would be free of problems, and mankind could be at peace once and for all. Because you're you. And you-ness is everything. If only people could see. If only people could see ...
      • If only everyone were like you, the world would be free of problems, and mankind could be at peace once and for all. Because you're you. And you-ness is everything. If only people could see. If only people could see ...

        Yes it would be a beautiful thing, bus alas poor Yorick, it is not to be!

  • Sounds like the fellow may have committed the crime 18 U.S.C. 1001 [wikipedia.org] (Making False Statements) on matters within the federal jurisdiction, regarding law enforcement activities....

    Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption

  • No one should have the right to see what you don't want them see, it's simple, it's easy and if the government / state disagrees, they can go fuck themselves.
    • Newsflash: They've been fucking you/us forever - and they prefer it that way.
      Richest 62 people as wealthy as half of world's population [theguardian.com]

      How else would they manage to keep this up?
      Constant distraction, divide and conquer (there has to be an enemy – always), continuous buttering up by the media...
      Even then, occasionally somebody sets out to make the world a better place. That's what they fear. They want to be able to stop it, before it becomes a dynamic movement.

Only God can make random selections.

Working...