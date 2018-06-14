Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature (vice.com) 40
Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.
That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.
That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.
Demo or it didn't happen (Score:2)
Talk is cheap.
Show us a video, or it's just bullshit.
Oh YEAH?!? (Score:3)
CHECK, AND MATE, COPPERS!
(LOL... like I could really live without this damned thing...)
There is a plan for that (Score:1)
And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?
Oh they have a tool for that also, but I don't think you are going to enjoy it much...
It's called "GraySkull".
They have the power.
Re: (Score:2)
Re: (Score:2)
For those people who do not have iPhones, they implant a similar system inside one of their teeth. That is the sources of the voices I hear in my head.
Something like this [youtube.com]?
;^)
Re: (Score:2)
controlling something remotely is different then accessing it once it is off the network and shut off.
Still, if you are going to do something illegal , it is best not to create a record of it. ( and probably better just not to do it).
If you are in a country where you feel the need to engage in acts of civil disobedience in the modern age. Good luck and God bless.
Also, find a way to get a some cheap disposable mobile phones and don't keep them long term.
Re: (Score:2)
Re: (Score:1)
Not only cops ... (Score:2)
How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data. Charge-only without authentication and permission should be default behavior for all phones.
Also, this isn't only about the US government and US police trying to unlock phones. This also protects US citizens against abuses by foreign governments -- i.e. the Chinese or Venezuelans confiscating someone's phone at an airport
Re: Not only cops ... (Score:1)
I never have.
Re: (Score:2)
Charging from public outlets (Score:1)
How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.
If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.
Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.
Re: (Score:2)
How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.
If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.
Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.
And hope your phone doesn't have the blueborne vulnerability [androidcentral.com] which renders all of your efforts moot.
Re: (Score:2)
Bluff = Stupidity (Score:2)
"Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"
Umm, if true, how stupid of them to say it.
GrayShift has time machines! (Score:2)
Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on
Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)
Re: (Score:2)
Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on
Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)
A more "rational" explanation is that Grayshift is sitting on (or at least wants people to believe they are sitting on) a few-zero day exploits that they think will keep them in business for the foreseeable future...
Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...