Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
IOS Security Apple

Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (vice.com) 55

Posted by msmash from the cat-and-mouse-race dept.
Lorenzo Franceschi-Bicchierai, reporting for Motherboard: On Monday, at its Worldwide Developers Conference, Apple teased the upcoming release of the iPhone's operating system, iOS 12. Among its most anticipated features are group FaceTime, Animoji, and a ruler app. But iOS 12's killer feature might be something that's been rumored for a while and wasn't discussed at Apple's event. It's called USB Restricted Mode, and Apple has been including it in some of the iOS beta releases since iOS 11.3.

The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones. "That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."

Apple Is Testing a Feature That Could Kill Police iPhone Unlockers More | Reply

Apple Is Testing a Feature That Could Kill Police iPhone Unlockers

Comments Filter:

  • Cludge fix? (Score:2, Informative)

    by sinij ( 911942 )
    I admit, I don't know exactly how GrayKey and Cellebrite work. However, if viewed from proper access control and privileges point of view, it shouldn't be possible to siphon the kinds of data (e.g. contacts, calls) that it is reportedly capable of doing.

    So, could someone explain to me why they went with a solution that still leaves 1 hour window of opportunity to compromise a phone instead of fixing, what I guess are overly permissive privileges within the file system?
    • I too was thrown by the 1 hour window. How often outside of sleepy time does one's phone remain unlocked for an entire hour?

      • Re: (Score:2, Funny)

        by Anonymous Coward

        I too was thrown by the 1 hour window. How often outside of sleepy time does one's phone remain unlocked for an entire hour?

        When the police seize it.

      • It would be smarter if that one hour window only applies to unlocks that grant USB access, not all unlocks. Much like an unlocked phone still requires confirmation for an app store purchase.

      • How often outside of sleepy time does one's phone remain unlocked for an entire hour?

        Every evening, when I leave it in the bedroom and I'm watching something in the movie room. I don't let my phone be a cybershackle out of business hours.

        Want me? Call me! Otherwise I'll get back to you whenever.. if ever.

        Weekends? Many hours pass without me looking at it or unlocking it. I just don't caaaaaaaaare about constant connectivity, in fact, the older I get the more I loathe it.

      • The time from when a cop takes it from you, and when they get a judge to sign a search warrant allowing them to look at it.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      I'm not sure this change will affect GrayKey and Cellebrite anyway. My understanding is that they attack the phone's bootloader. It's a special bit of firmware that loads at boot time and is designed to make recovery from a broken OS image possible. It seems that they found some vulnerability in it that they can exploit to disable the passcode attempt limit and then automatically try passcodes until they find the right one.

      Also, this fix doesn't seem to be enough... On my Pixel you always have to unlock to

    • They work by cracking the passcode, basically. Supposedly, they found a way to repeatedly test the passcode without triggering the cooldowns, or something similar. Once the phone is unlocked, obviously, all the data is available to whoever wants it.

    • The American Government probably requires Apple to have backdoor access to phone data via USB. If it wasn't deliberate they would have blocked the access by fixing the USB bug. They should also block software updates without unlocking the phone, to prevent the FBI getting a court warrant to force Apple to make "unlock assistance" software.

  • Hyperbole much? (Score:3)

    by Jason1729 ( 561790 ) on Tuesday June 05, 2018 @10:07AM (#56730540)
    "Apple Is Testing a Feature That Could Kill Police iPhone Unlockers. " Um, the feature you describe will prevent current unlockers from working on an iPhone with the feature enabled. But it's not going to kill the unlocker. That conjures up imagery of something that will detect the unlocker and fire high voltage into it or some such.

    I guess my 4-digit pin kills anyone who tries to casually snoop at my phone.

  • It could be so much easier! (Score:3)

    by idji ( 984038 ) on Tuesday June 05, 2018 @10:15AM (#56730606)
    What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone.
    Or what if left-right-left unlocked and left-right-right wiped?
    • I too want to destroy my phone every time I accidentally pick it up with the wrong hand.

    • Re: (Score:2)

      by OzPeter ( 195038 )

      What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone.

      Or what if left-right-left unlocked and left-right-right wiped?

      Given that Apple is moving to Face ID for phone unlocking I don't see any changes based on finger prints happening. Plus the possibility of accidentally wiping a phone would have Apple really nervous about lawsuits.

    • What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone. Or what if left-right-left unlocked and left-right-right wiped?

      I'm hoping this is tongue in cheek ... humans are far too unreliable to make it this easy to accidentally wipe your phone.

  • Image the underlying flash, wire to wire. Boot the image on a new phone, cache writes to delta, attempt unlock till limit. Reboot state, clear delta, attempt next set of codes, get combo. 6 digit passcodes are the norm and useless against this attack. USB access be damned.

    • Re: (Score:2)

      by tsa ( 15680 )

      Every criminal knows this so they use longer passwords.

    • That is a much less trivial attack though, and not 100% reliable-- the secure enclave should be able to limit the effectiveness.

  • Does anybody know? What was the holdup? Certainly it couldn't have been difficult to implement, could it?
  • Sounds pretty much like it works in Android

  • and in china they will have an unlock code for government.

  • It seems like killing police for unlocking an iPhone would get Apple in trouble.

  • Reading this one instead: https://www.truthdig.com/artic... [truthdig.com] .

  • I take it that the USB device the phone is connected to can not be just any USB device but one that the phone knows?

  • ..That Could Kill Police iPhone Unlockers (Score:3)

    by kiviQr ( 3443687 ) on Tuesday June 05, 2018 @10:40AM (#56730784)
    If they really wanted to kill unlockers they should have included capacitor based USB Killer.

Slashdot Top Deals

He who has but four and spends five has no need for a wallet.

Close