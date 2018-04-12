Slashdot is powered by your submissions, so send in your scoop

 


Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com) 23

Posted by msmash from the bottoming-things-out dept.
Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

  • Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

    • It simply brute forces the thing. From the description, a 4 digit passcode can take a few hours, 6 digits a few days. They probably found a way around the deadswitch by powering off the chip before it's locked or simply too many people don't set the 10-time lockout.

    • Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

      If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.

      I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for

      Your nation, state, city puts out a request for someone with skills to open a cell phone within a set contract and for a set amount of payment.
      Brands from all over the USA and the world (with the ability to work with US law enforcement) consider the complexity and their costs and respond with the services.
      The generations of phone products get worked on and data is extracted ready for police to use.

  • trumps everything.
    Maybe not everything: a 256bit symmetric encryption purely in software with a true 256bit passphrase aka actual meaningful encryption. Which is pretty much much impractical for use with a phone: enter 256bit of passphrase everytime you want to use it, make a call? Pure masochism.
    So there is no practical way to secure your phone and you have to act accordingly for any data you want to be protected. Either destroy your phone: is there a market for phones with thermite inside? Or don't use th

      Re "Or don't use them for anything incriminating."

      Thats what so many people don't think about.
      The police/security services can look at every phone in a area in real time, over hours, days, weeks, months, years.
      A phone turned off before entering an area and on again later after been in the area? Thats logged.
      Two people talking for 5 minutes will get tracked due to location and time.
      A new phone used in one area calling a set of other new phones in the same area and only for a few hours, days of use?
  • This is NOT the tool wanted. This tool means they have to have physical access to the phone.

    What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.
  • Based on the quoted time to crack the exploit is likely using brute-force - the purpose of the device is to guess those while also disabling the usual 10-guess iOS limit before the device is locked. However, iOS supports complex passcodes [apple.com] as well, up to at least 90 alphanumeric characters, and these are are unlikely to be cracked.
  • Or do like me and NOT keep sensitive info of you frigging phone!

