Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Security Apple

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature (vice.com) 128

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

This discussion has been archived. No new comments can be posted.

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature

Comments Filter:
  • by TheFakeTimCook ( 4641057 ) on Thursday June 14, 2018 @02:26PM (#56785346)

    Talk is cheap.

    Show us a video, or it's just bullshit.

    • by Anonymous Coward

      You're not their target audience, and it's probably not in their best interest to post a video.

    • by Anonymous Coward

      I don't know who I am rooting for here. The crooked cops, or the rabid fanbois.

      I suppose I should just get the popcorn and enjoy the show.

    • Talk is cheap.

      Actually talk is worth $15000 a pop in this case.

    • by antdude ( 79039 )

      Video can be fake. Let's see it in person and instructions! Prove it basically.

    • www.iphoneasyunlock.com

      If you are in the United States of America
      Unlocking Consumer Choice and Wireless Competition Act now repeals former DMCA ruling making once again legal to unlock your cell phone devices.Thanks to the efforts of groups such as fix the DMCA

      • www.iphoneasyunlock.com

        If you are in the United States of America
        Unlocking Consumer Choice and Wireless Competition Act now repeals former DMCA ruling making once again legal to unlock your cell phone devices.Thanks to the efforts of groups such as fix the DMCA

        I don't think "unlock" means what you think it does in this context.

    • they had me at "...cops are confident hackers..." el-Mao
  • by account_deleted ( 4530225 ) on Thursday June 14, 2018 @02:30PM (#56785378)
    Comment removed based on user account deletion
    • by Anonymous Coward

      And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?

      Oh they have a tool for that also, but I don't think you are going to enjoy it much...

      It's called "GraySkull".

      They have the power.

    • For those people who do not have iPhones, they implant a similar system inside one of their teeth. That is the sources of the voices I hear in my head.
      • by slew ( 2918 )

        For those people who do not have iPhones, they implant a similar system inside one of their teeth. That is the sources of the voices I hear in my head.

        Something like this [youtube.com]? ;^)

    • by nnet ( 20306 )
      your pants.
      your grits.
      your mom.
      etc, ad infinitum.
    • by Agripa ( 139780 )

      And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?

      That is obstruction of justice and resisting arrest.

      • Comment removed based on user account deletion
        • by Agripa ( 139780 )

          And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?

          That is obstruction of justice and resisting arrest.

          Just for fun, is not actually committing any crime whatsoever classifiable under our new dystopian oligarchy as obstruction and resisting arrest?

          There is always a crime. They just have to find it.

  • by Anonymous Coward
    The work around is by setting the clock back via the cellular network.
  • Not only cops ... (Score:5, Insightful)

    by b0s0z0ku ( 752509 ) on Thursday June 14, 2018 @02:34PM (#56785418)

    How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data. Charge-only without authentication and permission should be default behavior for all phones.

    Also, this isn't only about the US government and US police trying to unlock phones. This also protects US citizens against abuses by foreign governments -- i.e. the Chinese or Venezuelans confiscating someone's phone at an airport and "working on it."

    Not to mention that not all US law enforcement are the good guys. Plenty of corrupt cops out there who want to snoop without a warrant.

      • "People" being the average worker bee, not a tech-savvy Slashdotter.
    • How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.

      If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.

      Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.

      • by slew ( 2918 )

        How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.

        If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.

        Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.

        And hope your phone doesn't have the blueborne vulnerability [androidcentral.com] which renders all of your efforts moot.

  • Bluff = Stupidity (Score:5, Insightful)

    by Rick Zeman ( 15628 ) on Thursday June 14, 2018 @02:48PM (#56785520)

    "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"

    Umm, if true, how stupid of them to say it.

    • by eth1 ( 94901 )

      "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"

      Umm, if true, how stupid of them to say it.

      Or.... they HAVEN'T figured it out, and are trying to get Apple to change something to "fix" it, and possibly introduce a bug/way in with the additional changes...

  • by InvalidsYnc ( 1984088 ) on Thursday June 14, 2018 @03:07PM (#56785662)

    Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on

    Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)

    • by slew ( 2918 ) on Thursday June 14, 2018 @03:29PM (#56785874)

      Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on

      Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)

      A more "rational" explanation is that Grayshift is sitting on (or at least wants people to believe they are sitting on) a few-zero day exploits that they think will keep them in business for the foreseeable future...

      Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...

      • by Anonymous Coward

        You say potato, I say potato. You say zero-day exploit, I say backdoor.

      • by ksw_92 ( 5249207 )

        Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...

        ...and we know that ex-spooks and ex-Apple employees are all-knowing and all-powerful and that Apple will *never* change out the current interfaces for something different, right?

        The problem with zero-day xploits is that they have a "best by" date and once you open them up they tend to get fixed q

    • Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on

      Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)

      Whenever I hear some corporate drone use words like 'leveraged' and 'synergised' I immediately suspect them to be full of shit.

  • DMCA (Score:4, Insightful)

    by cob666 ( 656740 ) on Thursday June 14, 2018 @03:40PM (#56785976)
    How is this not a violation of the DMCA? Couldn't Apple simply bury these companies under mountains of lawsuits to make them go away?
    • law enforcement is dmca exempt!

      • by Anonymous Coward

        Does the exemption extend to a non government software vendor?

        • by Anonymous Coward

          They aren't a US company. True, by selling to US persons they are availing themselves of US law but I suspect that the law enforcement exemption covers the sales to law enforcement and the law doesn't reach their R&D activity in Israel.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Thursday June 14, 2018 @04:08PM (#56786236)
    Comment removed based on user account deletion
  • Companies such as GreyKey should be sanctioned and their owners and developers brought up on hacking charges! They have no right to circumvent security technologies PERIOD! We as a society need to embrace security, even if that means that some bad guys will go free. We must not allow ourselves to fall prey to the machinations of those who would see an Orwellian world made manifest.
  • by Anonymous Coward

    I bet they are just giving out little USB dongle type devices that a cop would connect to the phone upon arrest. This would likely keep the USB port unlocked passed the timeout...

  • by nehumanuscrede ( 624750 ) on Thursday June 14, 2018 @09:45PM (#56787780)

    is for the next person who gets arrested and has their phone subjected to such hacking measures is to simply challenge it in court and demand to see everything about the extraction / bypass process.

    After all, since you ARE hacking into the phone, we need to verify it's doing nothing nefarious and / or corrupting the data contained within it.

    Much like how the LE Community will drop charges without revealing how / when / where they are using Stingrays, they'll drop the charges before they're forced to show their hand here as well.

  • by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Thursday June 14, 2018 @10:08PM (#56787834)

    I wonder how long it will be until somebody figures out how to implement a "dead man's switch" requiring a code to be entered at user-determined intervals, or the device would use all its remaining battery power to commit suicide.

    I have a feeling it wouldn't be easy to extract data from a phone that decided to do its very best impression of a Note 7.

    Added bonus: potential havoc at the cop shop.

  • This has always struck me as a dumb implementation. Why not simply require passcode to enable USB data mode with no timer? Plug in USB, get prompted for passcode. No passcode, no data.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...