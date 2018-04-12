Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com) 18
Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.
The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.
If you set the iPhone to wipe after ten failed tries, then even with a four-digit random passcode there's only a 0.1% chance it can be brute-forced. All of this is in the Secure Enclave for iPhone 5Ss and later, and I find it extremely improbable that the police are reading that. If you want your iPhone to be secure, turn fingerprint recognition off, randomize your code, and set ten-tries-to-wipe. I'm perfectly willing to believe that the 5C and earlier can be cracked.
You're wrong. They've managed to get around the 10 limit - and without opening the phone to get at individual hardware components for replacement. The details are extremely secret NDA stuff but they demonstrated they can do it even on 8.
It simply brute forces the thing. From the description, a 4 digit passcode can take a few hours, 6 digits a few days. They probably found a way around the deadswitch by powering off the chip before it's locked or simply too many people don't set the 10-time lockout.
Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?
If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.
I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for
Preventative detention will increase, indefinite detention will be the norm (see sex offenders registry and civil committment) and no more possibility of a people's revolt, given the ability to sidetrack troublemakers BEFORE they start.
trumps everything.
Maybe not everything: a 256bit symmetric encryption purely in software with a true 256bit passphrase aka actual meaningful encryption. Which is pretty much much impractical for use with a phone: enter 256bit of passphrase everytime you want to use it, make a call? Pure masochism.
So there is no practical way to secure your phone and you have to act accordingly for any data you want to be protected. Either destroy your phone: is there a market for phones with thermite inside?
What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.
