Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government IOS Privacy Security Apple IT Technology

Apple Just Killed The 'GrayKey' iPhone Passcode Hack (forbes.com) 85

Apple's newest version of iOS has rendered the GrayKey hacking tech useless, a report said Wednesday. How Apple pulled it off wasn't immediately clear, but it would have a huge implication for the law enforcement agencies around the world that have relied on GrayKey to break into locked iPhones. Forbes reports: Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what's called a "partial extraction," sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.

Previously, GrayKey used "brute forcing" techniques to guess passcodes and had found a way to get around Apple's protections preventing such repeat guesses. But no more. And if it's impossible for GrayKey, which counts an ex-Apple security engineer among its founders, it's a safe assumption few can break iPhone passcodes. Police officer Captain John Sherwin of the Rochester Police Department in Minnesota said of the claim iOS 12 was preventing GrayKey from unlocking iPhones: "That's a fairly accurate assessment as to what we have experienced."

This discussion has been archived. No new comments can be posted.

Apple Just Killed The 'GrayKey' iPhone Passcode Hack

Comments Filter:
  • Go, Apple! (Score:5, Insightful)

    by TheFakeTimCook ( 4641057 ) on Wednesday October 24, 2018 @04:24PM (#57531895)

    Apparently STILL the only phone OEM STILL looking out for the USER'S Privacy...

    • Apparently STILL the only phone OEM STILL looking out for the USER'S Privacy...

      Is that true?

      Does anyone know how Pixel stands up against like tools?

      • Re:Go, Apple! (Score:4, Insightful)

        by Highdude702 ( 4456913 ) on Wednesday October 24, 2018 @05:03PM (#57532137)

        Its a phone made by google. I wouldn't bet too much on privacy. Who knows about encryption though..

        • depends on who you are meaning privacy from. Microsoft is huge on handing things over to big G without permission, google historically gives the absolute minimum required by law. Google absolutely sucks at privacy in terms of what they keep for themselves, but for the most part they aren't eager to hand it out.
          • Either... Unfortunately that sounds like most companies these days. Its hard out here in the streets of the interweb.

      • last I read, only IOS had the entire file system encrypted

        • Starting with iOS 4, Apple included a âoedata protectionâ feature to encrypt all data stored a device. But unlike Android, Apple doesn't use the full-disk encryption paradigm. Instead, they employ a file-based encryption approach that individually encrypts each file on the device.Nov 24, 2016

          https://www.google.com/search?q=does+android+encrypt+file+system&ie=utf-8&oe=utf-8&client=firefox-b-1
          • Starting with iOS 4, Apple included a âoedata protectionâ feature to encrypt all data stored a device. But unlike Android, Apple doesn't use the full-disk encryption paradigm. Instead, they employ a file-based encryption approach that individually encrypts each file on the device.Nov 24, 2016

            https://www.google.com/search?... [google.com]

            Yep, that's an option in APFS, which iOS uses.

      • It's Android. From Google. It was compromised before you even opened the box.
      • Apparently STILL the only phone OEM STILL looking out for the USER'S Privacy...

        Is that true?

        Does anyone know how Pixel stands up against like tools?

        Well, considering there isn't such a tool for Android phones, I'd say that is your answer.

    • by AmiMoJo ( 196126 )

      Are there any high end phones that aren't encrypted by default now? Has anyone cracked the latest Galaxy S or Pixel phones?

      Apple is obviously the biggest target and thus gets the most attention from crackers.

      • Are there any high end phones that aren't encrypted by default now? Has anyone cracked the latest Galaxy S or Pixel phones?

        Apple is obviously the biggest target and thus gets the most attention from crackers.

        Doesn't that statement fly directly in the face of all you Slashtards CONSTANTLY crowing about how ANDROID has the most marketshare, and thus would also be the BIGGEST TARGET?

        You idiots are just like Trump: You'll say ANYTHING to advance whatever LIE du jour...

        • by AmiMoJo ( 196126 )

          iPhones are the most common type of phone that law enforcement are likely to encounter, simply because there are so few models and they all share common software. After that it's probably Samsung Galaxy phones.

          Overall Android is the large majority of the market, but there are so many different handsets all with different techniques needed to unlock them, if it can be done at all...

          • iPhones are the most common type of phone that law enforcement are likely to encounter, simply because there are so few models and they all share common software. After that it's probably Samsung Galaxy phones.

            Overall Android is the large majority of the market, but there are so many different handsets all with different techniques needed to unlock them, if it can be done at all...

            Nice try.

            Bullshit.

  • It still could be useful to pull out some un-encrypted content - I think maybe recent photos would not be encrypted for example, and any app that did not specify to encrypt app storage with app not active would not have encrypted databases either (though many do).

    Not sure if the contact database would be encrypted, but probably...

    • by Anonymous Coward

      No, all "content" is encrypted. It's the meta data (file sizes, folder structure) that is unencrypted.

      No photos, videos, etc, are left unencrypted.

      • No, all "content" is encrypted. It's the meta data (file sizes, folder structure) that is unencrypted.

        Everything is encrypted at least with a key built into the CPU, and a key stored on the flash drive. The key on the flash drive means that the whole iPhone can be erased in a millisecond by erasing that key. _Most_ things use the passcode as an additional key.

        Things that don't use the passcode are those that Apple wants to be available even if you don't unlock your phone. For example, you can _take_ photos without unlocking the phone, and those photos could be extracted until you unlock your phone and th

    • by MachineShedFred ( 621896 ) on Wednesday October 24, 2018 @05:17PM (#57532203) Journal

      When you activate a PIN / Touch ID / FaceID it uses the computed has as an encryption key for the entire user filesystem. Everything gets encrypted, and has for years.

      • No, not exactly. But close.

        Those hashes are used to reverse a hash of a master key for your system which unlocks the file system. That way, both that hash and your pin code work. You need a master key, and then your authentication vectors re-encrypt the master key. You therefore have multiple avenues of logging in and authenticating, because each way provides you with a key you can unlock

    • by Anonymous Coward

      For 6+ year, everything on iOS is encrypted all the time and you can't turn it off.

      All that changes is policy around how the key material is managed - some of that policy is mandatory access controls and some of it is discretionary.

  • Today's edition of slashdot: "Everything mobile - phone edition"
  • by taustin ( 171655 ) on Wednesday October 24, 2018 @05:52PM (#57532337) Homepage Journal

    I'd be wondering right now whether they actually can't crack my iPhone, or if they're just saying that so that I will keep using it, thinking it's "safe."

    • I'd be wondering right now whether they actually can't crack my iPhone, or if they're just saying that so that I will keep using it, thinking it's "safe."

      If I were a terrorist I wouldn't be keeping anything on my phone, i or otherwise.

    • If you were a tech savvy terrorist, you would've started using a much longer passcode a long time ago. The system only worked quickly on 4-digit passcodes (6.5 minutes), and 6-digit codes were reportedly up to 11 hours, which is 660 minutes or 10 times longer. Even if we assume that simple pattern held (every 2 digits increases the time by a factor of 10), a 10 digit code would be 1100 hours or 45 days, and a 14 digit code would be 12.5 years. In all likelihood, the rate of increase was considerably worse t

  • I thought they already addressed [theverge.com] Graykey in iOS 11.4.1

No spitting on the Bus! Thank you, The Mgt.

Working...