Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature (vice.com) 128
Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.
That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.
That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.
Demo or it didn't happen (Score:5, Insightful)
Talk is cheap.
Show us a video, or it's just bullshit.
Re: Demo or it didn't happen (Score:2, Insightful)
You're not their target audience, and it's probably not in their best interest to post a video.
Re: (Score:2)
I don't know who I am rooting for here. The crooked cops, or the rabid fanbois.
I suppose I should just get the popcorn and enjoy the show.
Re: (Score:2)
Yeah, sometimes it seems like you're on the Titanic....
Rooting for the iceberg.
Re: (Score:2)
Talk is cheap.
Actually talk is worth $15000 a pop in this case.
Re: (Score:2)
Video can be fake. Let's see it in person and instructions! Prove it basically.
Re: (Score:2)
Video can be fake. Let's see it in person and instructions! Prove it basically.
True enough!
Re: (Score:1)
www.iphoneasyunlock.com
If you are in the United States of America
Unlocking Consumer Choice and Wireless Competition Act now repeals former DMCA ruling making once again legal to unlock your cell phone devices.Thanks to the efforts of groups such as fix the DMCA
Re: (Score:2)
www.iphoneasyunlock.com
If you are in the United States of America
Unlocking Consumer Choice and Wireless Competition Act now repeals former DMCA ruling making once again legal to unlock your cell phone devices.Thanks to the efforts of groups such as fix the DMCA
I don't think "unlock" means what you think it does in this context.
Re: (Score:1)
Re: (Score:2)
they had me at "...cops are confident hackers..." el-Mao
LOLOL! You're right; that IS hysterical!!!
Comment removed (Score:3)
There is a plan for that (Score:1)
And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?
Oh they have a tool for that also, but I don't think you are going to enjoy it much...
It's called "GraySkull".
They have the power.
Re: (Score:2)
It's called the "pear of anguish"... don't look it up.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
For those people who do not have iPhones, they implant a similar system inside one of their teeth. That is the sources of the voices I hear in my head.
Something like this [youtube.com]? ;^)
Re: (Score:2)
your grits.
your mom.
etc, ad infinitum.
Re: (Score:2)
And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?
That is obstruction of justice and resisting arrest.
Re: (Score:2)
Re: (Score:2)
And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?
That is obstruction of justice and resisting arrest.
Just for fun, is not actually committing any crime whatsoever classifiable under our new dystopian oligarchy as obstruction and resisting arrest?
There is always a crime. They just have to find it.
Re: (Score:2)
Re: (Score:2)
controlling something remotely is different then accessing it once it is off the network and shut off.
Still, if you are going to do something illegal , it is best not to create a record of it. ( and probably better just not to do it).
If you are in a country where you feel the need to engage in acts of civil disobedience in the modern age. Good luck and God bless.
Also, find a way to get a some cheap disposable mobile phones and don't keep them long term.
Re: (Score:1)
Re: (Score:3)
PRISM https://en.wikipedia.org/wiki/... [wikipedia.org] showed the USA and UK had ways in. Direct and for years. That US brands made junk crypto code to help the NSA.
The software and device and brand, all 'approved' updates then becomes a part of a NSA collect it all network.
End-to-end encryption is offered to keep gov workers and police under internal affairs investigation trusting their new devices.
Without repeated and updated reassuring tech news that the brand is still safe
Re: (Score:1)
I get everything you are saying, the problem is all this is making it really difficult for legitimate hackers to get into peoples phones.
Re: (Score:2)
That was a joke. The irony of acknowledging how serious what AHuxley has posted - which kind of makes it funnier considering who wants access to your phone. Tough crowd.
Little birdy says (Score:1)
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
All it takes is a StingRay and a 6 dB advantage over the cellular network to achieve FM capture. No Faraday cage required!
Re: (Score:1)
GPS also has timestamps. source: fighting a GPS module on an embedded board ~8 years ago.
Re: (Score:1)
GPS timestamp rolls over every 1024 weeks.
Re: (Score:2)
After 20 years, they can have my data.
what about an very local tower with Emergency call (Score:2)
what about an very local tower with some kind of Emergency call mode that unlocks stuff?
Not only cops ... (Score:5, Insightful)
How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data. Charge-only without authentication and permission should be default behavior for all phones.
Also, this isn't only about the US government and US police trying to unlock phones. This also protects US citizens against abuses by foreign governments -- i.e. the Chinese or Venezuelans confiscating someone's phone at an airport and "working on it."
Not to mention that not all US law enforcement are the good guys. Plenty of corrupt cops out there who want to snoop without a warrant.
Re: Not only cops ... (Score:1)
I never have.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And it is highly unlikely that I am statistically insignificant. There are not a lot fo public chargers here. Never actually seen one.
Charging from public outlets (Score:1)
How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.
If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.
Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.
Re: (Score:2)
How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.
If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.
Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.
And hope your phone doesn't have the blueborne vulnerability [androidcentral.com] which renders all of your efforts moot.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You seem to have a five minute life. Anything that happened ten minutes ago is background blur to you.
Re: (Score:2)
That is exactly what i do with my iPhone 6(hopefully it lasts a while, new models suck)
Bluff = Stupidity (Score:5, Insightful)
"Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"
Umm, if true, how stupid of them to say it.
Re: Bluff = Stupidity (Score:2)
Re: (Score:2)
"How is it stupid? "
Because the OS is still in beta, it means Apple can fix/change how it works before release.
5 bucks says Apple either has/has access to a Graykey.
Re: (Score:2)
"Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"
Umm, if true, how stupid of them to say it.
Or.... they HAVEN'T figured it out, and are trying to get Apple to change something to "fix" it, and possibly introduce a bug/way in with the additional changes...
GrayShift has time machines! (Score:3)
Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on
Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)
Re:GrayShift has time machines! (Score:5, Insightful)
Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on
Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)
A more "rational" explanation is that Grayshift is sitting on (or at least wants people to believe they are sitting on) a few-zero day exploits that they think will keep them in business for the foreseeable future...
Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...
Re: (Score:1)
You say potato, I say potato. You say zero-day exploit, I say backdoor.
Re: (Score:1)
Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...
...and we know that ex-spooks and ex-Apple employees are all-knowing and all-powerful and that Apple will *never* change out the current interfaces for something different, right?
The problem with zero-day xploits is that they have a "best by" date and once you open them up they tend to get fixed q
Re: (Score:2)
Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on
Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)
Whenever I hear some corporate drone use words like 'leveraged' and 'synergised' I immediately suspect them to be full of shit.
Re:Confused (Score:5, Insightful)
Since hacking is illegal, why are cops buying from Grayshift instead of raiding their offices?
Because in practice it's only illegal to hack those whom the State favors. Hacking those who are not in the State's (and the corrupt individuals in power's) good graces for whatever reason is A-OK, especially if the State gets the benefit of obtaining the data in readable form. The only real exception to this is if the hacker(s) in question are also not seen favorably by those in power.
Strat
Re:Confused (Score:4, Insightful)
Also, GreyShift is an Israeli company, and historically the US government kowtows to Israel like nobody's-fucking-business.
DMCA (Score:4, Insightful)
law enforcement is dmca exempt! (Score:3)
law enforcement is dmca exempt!
Re: (Score:1)
Does the exemption extend to a non government software vendor?
Re: (Score:1)
They aren't a US company. True, by selling to US persons they are availing themselves of US law but I suspect that the law enforcement exemption covers the sales to law enforcement and the law doesn't reach their R&D activity in Israel.
Comment removed (Score:4, Insightful)
Re: (Score:3)
+1 to Apple sending DMCA/CFAA notices to police departments across the nation...
Re: (Score:2)
Actually, that's exactly how lawsuits are won. https://www.law.cornell.edu/we... [cornell.edu]
Re:Wait a tick... (Score:4, Insightful)
I guess the cops don't see the irony in their cheering for lawbreakers.
Shut them down! (Score:1)
Portable USB device to Extend Timeout (Score:1)
I bet they are just giving out little USB dongle type devices that a cop would connect to the phone upon arrest. This would likely keep the USB port unlocked passed the timeout...
Well, the fastest way to put a stop to this (Score:3)
is for the next person who gets arrested and has their phone subjected to such hacking measures is to simply challenge it in court and demand to see everything about the extraction / bypass process.
After all, since you ARE hacking into the phone, we need to verify it's doing nothing nefarious and / or corrupting the data contained within it.
Much like how the LE Community will drop charges without revealing how / when / where they are using Stingrays, they'll drop the charges before they're forced to show their hand here as well.
Coming soon... (Score:3)
I wonder how long it will be until somebody figures out how to implement a "dead man's switch" requiring a code to be entered at user-determined intervals, or the device would use all its remaining battery power to commit suicide.
I have a feeling it wouldn't be easy to extract data from a phone that decided to do its very best impression of a Note 7.
Added bonus: potential havoc at the cop shop.
Why Wait An Hour? (Score:2)
This has always struck me as a dumb implementation. Why not simply require passcode to enable USB data mode with no timer? Plug in USB, get prompted for passcode. No passcode, no data.