Slashdot Mirror
Cops Can Crack an iPhone In Under Two Minutes
Sparrowvsrevolution writes "Micro Systemation, a Stockholm-based company, has released a video showing that its software can easily bypass the iPhone's four-digit passcode in a matter of seconds. It can also crack Android phones, and is designed to dump the devices' data to a PC for easy browsing, including messages, GPS locations, web history, calls, contacts and keystroke logs. The company's director of marketing says it uses an undisclosed vulnerability in the devices it targets to run a program on the phone that brute-forces its passcode. He says the company's business is 'booming' and that it's sold the devices to law enforcement and military customers in 60 countries. He says Micro Systemation's biggest customer is the U.S. military."
undisclosed vulnerability
Maybe the delay between login attempts in only in the UI, and using API level access they can brute force the combinations without the delay from wrong passcodes, making it much quicker?
I can crack any smart phone in under 15 seconds.
With a sledgehammer...
"My brand of comfort isn't so much 'There-there' as it is 'There's a boot, pardon me while I connect it with your ass!'"
What happens when these vulnerabilities are fixed and the kits become useless? I assume our overlords will have to pay for a new version.
If the manufacturers (Apple and Google) were truly interested in patching these "undisclosed" vulnerabilities, they could purchase this software and run it on test/dev devices to see how it's done.
sig: sauer
Weren't we reading just two weeks ago about how the FBI utterly failed in cracking an Android phone's gesture lock, and had to go demanding Google to help them?
http://yro.slashdot.org/story/12/03/14/2222229/fbi-tries-to-force-google-to-unlock-users-android-phone
Um, why do these even exist on the phones in the first place?
I'm pretty sure they're just using interfacing with it the same way consumers do to transfer messages, photos, etc to a computer. Maybe the software being used is different, and displays other folders that are usually hidden from novice users and maybe it does it automatically. Not much different that what happens at the store when you upgrade your cell phone.
10000 possible passcodes... most systems can try that many in a few seconds. What slow ass computer are they using that it takes 2 minutes?
Never say never. Ah!! I did it again!
Once you have physical access, compromise is only a matter of time. For legitimate warranted arrests and seizures let the pigs have their point and click exploit tools to catch the dumb criminals.
What we need to guard against is having some ruggedized handheld handheld pig fob handed out to every meter maid and traffic cop. Imagine being stopped for a traffic violation and having the fucker ask for "license registration, and your phone please" and have him snoop/dump your device while he runs your plates.
iOS (and I guess Android) have another layer of passcode lock that's more secure than the 4-digit PIN, though it requires a bit more work. They're basically passwords (or pass phrases?) and while they're a pain, they are supposedly much stronger than the PIN.
How does this thing fix that?
Also - it seems if they can run a program using it, it's a perfect jailbreak hole. Because the standard kernels now in iOS don't allow running unsigned programs. So either the dongle has to inject code into the kernel or other already-running process (if you can do that, it's a jailbreak avenue) in order to disable the signature check functionality, or they're running some sort of secret signed code ...
Unclear from the article is whether this hack would get anything if the 10-wrong rule for wiping everything is in effect.
Well, iphones are often set to wipe "automatically" after 4 failed attempts.
like the alphanumeric passcode on the iPhone
Mark Anthony Collins
If any Joe Shmoe can crack an iPhone/Android, it might put public pressure on device manufacturers to close these holes.
AccountKiller
The process is identical to what you do to jailbreak an iPhone - which makes sense. In both cases, the device would need to be put in DFU (eg, the "help, I'm broken, iTunes please fix me") mode. You have to wonder if these guys actually do the R&D for the iPhone, or just take the work that's already been done by others like the iPhone Dev Team.
Since this is pretty much a guaranteed vulnerability anyway (at least, every iOS up to now can be jailbroken with a tether), a much more interesting question is how much harder is a longer/more complicated password to break? If this is literally a bruteforce enumeration, a reasonable password (that could be used for a computer) would be fairly safe.
I'd be much more interested in how they're getting around that feature. That requires memory access or code injection, and as others have mentioned, it's a jailbreak or blatantly intentional.
..don't panic
We need versions of the android OS and apple iOS that are designed from the ground up to be secure. Full drive encryption would be a good start.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
That may not happen if they've jailbreaked and are hacking it from internally.
Does it actually wipe it, or merely disable your ability to unlock it without help from Apple?
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
The attack boots an alternative firmware onto the device. I doubt an unsuccessful attempt lock is much use...
I believe these two options in iOS will make it a bit more secure
1) Strong passcode option (alphanumeric and more than 4 characters)
2) Delete all data after 10 incorrect passcode attempts
isn't this a violation of the (grossly over-broad) DMCA, in "bypassing a protective measure"?
I mean, technically, aren't they hacking it and selling an exploit?
It would be refreshin to see that law used to protect some of the public for once.
I work for the Department of Redundancy Department.
... or android.
Though typing out a proper password every time you want to unlock the phone gets annoying FAST.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I'm curious how they managed to crack the Android phones. All of the rooting methods that I know of involve manually enabling Debug mode on the phone and then rooting around on the command line. If you have a screenlock enabled and have not left debug mode enabled, then I don't see any simple way to get access to the phone to even start to mess with exploits.
Then there's the question of how this relates to the FBI publicly having to go beg Google for help to get into some low-level criminal's Android phone that had the pattern lock enabled, which some have previously complained wasn't really all that secure. Are these guys blowing smoke about how easy it is to crack Android? Were the FBI guys working on this particular case just not on the ball? Has the Government decided not to break out their coolest tricks to solve a relatively minor crime? Did this guy have some particular model that's much harder to crack?
I don't reply to ACs
Android 4.x includes the option to encrypt the filesystem.
Well, iphones are often set to wipe "automatically" after 4 failed attempts.
And people who do this probably find their iPhones wiped quite often ...
And this software probably bypasses that anyways.
Certainly. Even an iPhone allows you to set any password of any length that you like. The 4 digit passcode is the default but you don't have to use it. I always set at least an 8 character code.
From TFA:
In short, longer passwords tougher to crack by brute force and potentially not worth the time. Seriously this is a non-story other than the fact that there should be a warning on all mobile phones that a 4 digit pin is this decades WEP.
If you can brute force the passcode because it is only a 4 digit number it's not much use to have secure encryption.
I believe these two options in iOS will make it a bit more secure
1) Strong passcode option (alphanumeric and more than 4 characters)
2) Delete all data after 10 incorrect passcode attempts
Probably strong passcode option, but I'm guessing that this is done at a low enough level to bypass that other feature of iOS.
How to make phone operating systems more secure:
1. Remove the mechanism by which a forgotten password can be bypassed. Forgot your password? Tough shit. Now that you've bricked your phone, maybe you won't be so forgetful next time.
2. No USB access of any kind when the phone is locked. It's a huge vulnerability.
3. Full disk encryption. Granted, the phone spends most of its time operating with the key in memory, but...
4. Phone turns off when you remove the back cover or otherwise try to get inside of it. Not hard to do.
An extremely dedicated attacker could potentially bypass these measures, but not your average traffic cop or border patrol agent on a fishing expedition.
Instead, phones are designed to make it inconvenient for John to pick up Suzie's phone and read her text messages, and to make sure Suzie can easily reset her password so her carrier doesn't have to deal with a whiny tech support call.
What you can do, however, if you have a reasonably user-serviceable phone, is cut the data lines going to the USB jack. It'll charge slower (500mA limit), but plugging in a USB cable won't grant a casual snoop any access. File transfer can be handled via wi-fi.
If they're somehow imaging the drive it's easy - Just run every attempt against the same image instead of the one counting fails.
He's getting rather old, but he's a good mouse.
If you can brute force the passcode because it is only a 4 digit number it's not much use to have secure encryption.
While if you have a 40 character passphrase you have enter everytime you want to unlock it, its not terribly useful as a mobile phone.
Not really sure what the solution is. Some sort of balanced approach... 4 digits to unlock the basic functionality... place and answer calls... use preselected apps...
full passphrase to get deeper in...
with some user options to control where exactly the boundary is...
but this is of course "complicated" which disqualifies it from being ideal too... so I'm not really sure what the solution is.
My password is one, two, three, four, five.
Remember when they only cracked your skull?
"Flyin' in just a sweet place,
Never been known to fail..."
I thought it was 10 attempts for the iPhone?
You got 5 tries, then had to wait a minute for the 6th, five minutes for the 7th, 15 minutes for the 8th, 30 minutes for the 9th, and an hour for the final (10th) attempt. If that fails then you can either have the phone lock itself until connected to its home iTunes account OR the option to go full nuclear and wipe the device.
?
Biometric auth perhaps? .. Not perfect of course..
// MD_Update(&m,buf,j);
On a decent device, the PIN should be stored in specialized hardware. When you get it right, it releases the encryption keys to your data. If you guess wrong several times, the key (and therefore your data) should be destroyed. If the OS internally has easy-access to all the data without your PIN, we can expect data to be easily compromised using the vulnerability of the day. A secure design would use full-disk encryption to facilitate fast remote-wipe operations. But to protect the data when a wipe hasn't happened, the user data should be encrypted with the PIN as I described initially. The encryption key could be available to encrypt income mail and data while the handset is locked. Then, when unlocked, the phone can finish merging the new data into the email/whatever database. As soon as you lock your phone, it shouldn't be possible to brute force the PIN to access your mail due to the max number of guesses enforced by hardware.
But in addition to this, if the device doesn't require a PIN to unlock the full-disk encryption on boot, it's vulnerable to viruses being installed on the device. Then that could monitor the device and record any PIN entered by the user. I don't really know of any phones that actually implement a really good security scheme. Your best bet is to avoid having sensitive data on your phone. For example, you could use HTTPS to access gmail rather than adding the account to the phone itself. Of course, for most of us non-criminals, we don't really care. It's usually our employers who own the IP saved in our phone.
I have my phone set to autowipe itself after 10 wrong passcode attempts. Does this avoid that auto deletion? Because someone doing it by hand would trigger that and the phone would theoretically wipe itself. (Not tested, but it will start to make dire warnings about wiping the device after several failures.)
If my phone had to be secure enough so that it'd couldn't be cracked if I lost it or it got stolen, then the device would be a fucking pain to use!!
Why? Good security doesn't have to get in the users way.
Required reading for internet skeptics
My Motorolal Atrix has a fingerprint reader. Combine that with a long password, encrypted filesystem and it's getting pretty secure.
ayottesoftware.com
What do you define as "specialized hardware," exactly? The iPhone doesn't exactly keep the PIN on a USB drive...by definition it is specialized hardware, in and of itself. And what you describe as what should happen if the PIN is incorrectly entered enough times is already a native iPhone feature.
And of course the OS has to have access to your data without the PIN; how is it going to tell you that you got a new text, email or phone call? How will it tell you the name of who is calling based on their phone number? How will it let you know that you have that meeting coming up in 15 minutes, like you want it to do? And most of all...how will it know that the PIN you gave it is the right one? There are ways to make devices more secure against side-channel attacks, but what you're describing is infeasible, impractical and pretty much impossible anyways.
It doesn't matter where you keep the PIN, hardware-wise, in this case since the problem is software related. And you don't encrypt anything with a PIN; a PIN that any human could ever remember has WAY too short a length and too little entropy to be useful. The PIN is nothing more than an authentication factor.
And if you don't know of any phones that implement a really good security scheme, it's either because you don't know what a Blackberry is, or because you don't know how to build security around a mobile device. I'm betting on the latter...
For your security, this post has been encrypted with ROT-13, twice.
Wipes after sufficient failures should be an option that can be disabled, though. Anyone with kids who ever get their hands on their phone will likely prefer that. Hell, my son managed to dial emergency services once by mistake, WHILE MY PHONE WAS LOCKED, and I didn't know until they called me back, just by mashing buttons. (Apparently, holding down zero long enough would dial 911, even when locked. Not so cool when you manage to sit on the phone wrong, or the kid decides to hold your locked phone Just Right.)
Android 4's face recognition, plus having to enter a pattern drawn on screen, seems like a great pairing. I am assuming you can use both, of course.
When this sort of thing is actually designed for security, there is a dedicated crypto coprocessor with some memory that is write-only from the perspective of the rest of the system. You write the key to it once, and then it will encrypt or decrypt data that you pass to it. The decoder chip can be locked and you must supply the correct passcode to enable its access to the stored key. If you provide the wrong key a preset number of times, it deletes the internal copy of the key and the only way you can get at the data is by restoring the key from another device (typically a backup stored in a safe). Even if the entire OS is compromised, it can't get at the key unless it provides the correct passcode to the decryption chip (actually, it can't get at the key then either, but it can instruct the crypto chip to do it). Some ARM SoCs incorporate this functionality.
I am TheRaven on Soylent News
Sooooo.... what would it take to get truecrypt to put out a custom android rom?
TC doesn't have any backdoors, does it? I mean, being open source and all.
Flappinbooger isn't my real name
Android 4.x includes the option to encrypt the filesystem.
As does iOS if you enable it:
http://support.apple.com/kb/HT4175
http://images.apple.com/iphone/business/docs/iOS_Security.pdf
Generally speaking though, only Blackberrys (and much of the related software (BES)) has received any kind of certification for security. Specifically FIPS 140-2 and EAL 4+:
http://us.blackberry.com/ataglance/security/certifications.jsp
It is probably "good enough" for most businesses, but isn't rated for the 'real' security levels: Classified, Secret, and Top Secret.
I work someplace where we have a lot of personal health information, and the IT director (CISSP et al.) only allows Blackberrys for portable devices. He has an iPhone for his personal stuff, but carries a BB for work because iOS just isn't up to our needs yet when it comes to data security.
it's a matter of attempts. Blackberries and iPhones (don't know about Android) has the ability to erase all data after 10 failed attempts to log-in. So unless they can bypass the counter entirely, I'm not too concerned about the security level of 4 numbers (assuming you don't use 0000 1111 1234 or some other common ones).
Biometric auth perhaps? .. Not perfect of course..
You can't do much except finger print realistically on a phone... nobody is going to tolerate a retinal scan to make or answer text messages and phone calls.
And it would need to work reliably (low false accept rate / accepting photos of the finger, fingerprints lifted with gummy bears off the phone itself, etc.. or its not secure...with a near zero false reject rate or it would be unacceptable to users...
And to top it off it has to work to those tolerances under a wide range of temperatures and humidity levels and while at least moderately dirty...after all its a phone in your pocket... not a checkpoint in a well controlled environment.
A final nail in biometrics coffin for this sort of application is that you can very easily be coerced to unlock it... from criminals, to law enforcement, to the psycho you fell asleep next to on the plane... all just need to touch your finger to the handset to unlock it...
Getting a pass phrase out of you runs from "we need a wrench" to "we need a judge willing to throw out the 5th" ... which is of course doable, but the bar is a bit higher... for now at least.
You could have a soft and hard lock. A soft lock could be done with a short simple pin. When you believe that you are in danger of having your device taken you put it in a hard lock that clears the decrypted encryption key from the memory and requires the full password to unlock. Not perfect but a compromise.
I'm not certain about Android, but iPhone offers the option (Settings -> General -> Passcode Lock) to wipe your phone after 10 attempts. This is the same area where you can disable the 'simple' passcode 4 number pin. I'm assuming this method of hardware brute force cracking the phone allows them to bypass that of course. Sufficient for casual folks trying to hack into your phone at least. I assume Android has similar options.
Why? Good security doesn't have to get in the users way.
Any security, good or bad, adds complication to the system and thus "gets in the user's way", compared to no security at all. What kind of security did you have in mind that wouldn't get in the way?
Right now, to access my phone, I push the wake up button on the top and slide my finger across the screen. To access my tablet, I push the same kind of button and then have to play connect the dots. I can get onto my phone much easier than getting onto my tablet. (Add into that that my tablet is a "Cruz" reader that will power itself off when the battery gets low or you don't use it for an hour or so, so pressing the "wake up" button often requires a full reboot to get to the connect the dots stage.) Yes, it's a pain to get into the tablet, and the only reason I have the "connect the dots" is because I got tired of the tabled turning on by itself and running the battery all the way down, so I turned on gesture unlock with the hope it would prevent that from happening.
can you place or answer calls without unlocking it? Holding it up for "face recognition" while driving would be illegal in an increasing number of places.
I'm also not convinced that the pattern drawn on screen is really more secure than a short digit password. I admit I don't know a lot about it.
But as a programmer I'm imagining ways that it would be implemented...
After factoring in that the recognition has to be loose enough to accept anything "pretty close", there aren't -that- many different designs you can "draw" in a short number of strokes... well under a million I think... which is roughly equivalent to a 6 digit passcode... yikes.
Agreed. There's only 10! (3.6 million) ways to connect the dots, max, and even then most people won't use all of them. It increases if you can visit a node twice, but even then that's only like 10^N for N edge endpoints, right? (I'm probably off by one on that...)
Requiring a more detailed login (google login) is a good counter after a few failures, but honestly looking at the smudge pattern on the screen probably would be a HUGE hint. (There are probably even microscopic wear patterns that are more common over your swipe pattern, in fact. I bet it'd be really neat to look at some images of those.)
IIRC a long time ago (early 1980s?) an IBM Research Fellow published a paper about signature recognition (for the same essential purpose of authentication). He/she found that the actual strokes were not so important but the acceleration was. IOW, your actual signature varies quite a bit from one to another, but the series of accelerations are more similar.
So, I think this could be used. You could just 'sign' our phone. A reasonable 'signature' would have to my mind at least 50 data points of acceleration or deflection. Since we do vary the sig, some kind of fuzzy matching with the accepted vector would be required - say 90%. Then if it matches, the signature recognizer could use the correct data as the key to the decryption.
Thus, we would not need to remember a long key, just let our muscle memory do its thing.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
Like shutdown. Long code on power up. Short code on unlock.
And it would need to work reliably [...] with a near zero false reject rate or it would be unacceptable to users...
My current Android phone fails the fingerprint recognition about three times in five (possibly more like six times in seven; it's definitely more than one in two, though, because almost always it fails the first swipe, and often the second as well). It's still much better than typing a (ridiculously easy to crack) 4-digit PIN, though. Of course, the fallback is a 4-digit PIN, but thanks to this discussion I'm looking into the available settings (I've already added the encryption setting, so thanks, seriously). Then I read the rest of your post, and I'm not so sure I want to have detachable fingers...
I feel fantastic, and I'm still alive.
An example would be end to end encryption on messages, which would need not be different from the users perspective than the same message sent as plain text.
The bit I didn't understand was "then the device would be a fucking pain to use!!" I don't really see how good security would significantly impact the user experience. Sure, in your example entering a password is a roadblock getting started, but it otherwise doesn't impact usability from that point forward. Just to take my earlier point a bit further, if you replaced the slide to unlock on your phone with a slide over a fingerprint-scanner you'd gain security without adding additional complexity.
Required reading for internet skeptics
The easiest workaround, if you are doing something questionable with your smartphone, is to carry a dumb phone, with an appropriate number of contacts: Mommy, a pastor, the local animal rescue shelter, etc. and hand that to the LEOs. They aren't going to ask "Is this the only phone?" They look, they see that you are Mr. Citizen of the Year and you're on your way...
"If stupid things work...then they are not stupid."
Good luck dialing for help when you slice your hand open on a table saw...
I can't speak for Apple users but as an Android user I only ever need to connect the USB on my phone for charging, everything else I do wirelessly. I also have a user changeable battery so could survive without USB at all.
So if by chance the USB connector becomes damaged or in someway disabled at a hardware/low level this approach would be rendered useless and they would have to fall back to the "Tell me or else" approach
Which does pretty much nothing once they're running under your credentials after having brute forced your passcode.
Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.
This is correct.
I saw some video of a guy once who rigged up a cellphone to a thermite charge in his hard drive, meaning he could blow his laptop at any time. Maybe someday cellphones will have the same thing. But I think the easiest way to do it would be to have a certain text message that you determine (essentially a 160 character pass code) remote wipe the phone.
I'd want it to have a self destruct mechanism. Take my phone and it destroys itself... no one, not even me, not even apple, can get at the data after that point.
So you would install Windows Mobile on it? That would destroy it for sure.
Anyone with kids who ever get their hands on their phone will likely prefer that.
After 3 failed attempts, the phone starts imposing a waiting period before you can attempt the passcode again.
By the time you get to 6 failed attempts, you have to wait ~1 hour before trying again.
Your kid could do 10 attempts to wipe your phone, but only if you are so careless to leave the phone with them for an extended period. Besides, your phone gets backed up every time you sync it.
I would suggest having two methods: (1) Tap the power button 3 times or power off, to engage full lock manually. (2) an RFID or bluetooth "leash" concealed somewhere about your body; if the phone is within range and then suddenly taken more than a certain distance from your RFID transponder, the new distance will be calculated by the units, and when the threshold is exceeded, the "hard lock" engages automatically.
This way if you drop your phone, or someone steals it, the hard lock will engage.
The bluetooth leash could also have a remote lock button on it, and be designed to automatically signal a lock if the leash is removed from your body, or if a sufficient "sudden jolt motion" or downward motion is detected by an accelerometer on the leash (indicating that someone grabbed it real fast), or you were forced to drop it.
That's not much use if they brute force the password.
And all that would slow the phone down, make it run hot and kill the battery life. The vast majority of people don't care. If you're really carrying around secret stuff on your phone then you should have one that has better security.
"Not really sure what the solution is."
Don't keep secret stuff on your phone. Or, if you have to, keep it separately encrypted. There are lots of apps that are fine for moderately secure stuff that use encryption and long passwords.
WinMo 6.5 (and possibly earlier as well) had a nice option. After the limit - 1 attempts, you had to correctly answer a basic (for an adult) math question correctly to try again. There was also a warning about this being a final attempt and any more bad guesses would delete all the data. That took care of young kids and friends who don't realize that failed attempts wipe the device. I've had my ipad wiped a number of times at parties and such when someone picks it up and enters a few pins out of boredom.
I never owned one of those older windows mobile phones.. but I hear people (ahem, parents) who've upgraded complain about that on occasion.
Dickman also noted that long passwords were easier to crack if the phone belongs to a Slashdot user, because the password always turned out to be "Natal13 Pr0tman"
Today's Sesame Street was brought to you by the number e.
You may have missed the point that all data on most phones is already fully encrypted. Hardware encryption/decryption doesn't use that much power. It's also not slow. Another example: intel's 320 line of SSDs. They're still the very low 0.1-0.2 watt SSDs (compared to around 1-2 watt for a standard laptop hard disk) with awesome SSD perf.. they have full-disk hardware encryption built in as well. Basic encryption is only expensive when done in software.
You can also use a password (most secure), pattern unlock (not very secure, though new screens are less smudge prone), or face recognition (fun gimmick, not secure at all).
Though I cant imagine having to type hunter2 into my phone every time I unlock it.
PocketPermissions Android Permission Guide
Yup, that's what I meant.
To elaborate, on the PC side, that 'dedicated hardware' would be a TPM chip. You find those in most business-class notebooks now. If you have one, you can use bitlocker with just a numerical pin. The TPM chip will hold the full encryption key and only provide it to the OS when the correct key is provided. Too many failed attempts would wipe the key. And, as you suggest, you can have the full key saved securely somewhere else as a backup. You might need it if you forget your key, enter it in a bunch of times, or need to recover the data from the disk using a different machine.
"You may have missed the point that all data on most phones is already fully encrypted."
I didn't miss it because you made it up. Data on most phones is not encrypted. The data on some smartphones (iOS 4 and higher and Android 4 and higher, apparently, plus probably all Blackberries) may be encrypted. Even then, it looks like they don't encrypt everything anyway.
Regardless, if you have special hardware that manages encryption it's going to take up extra space, power, time and manufacturing cost. For something that the vast majority of these company's customers couldn't care less about. And no, your example of a desktop SSD isn't really relevant.
Which does pretty much nothing once they're running under your credentials after having brute forced your passcode.
if they can brute force your passcode, use something more than a 4-character numeric passcode and it isn't exactly trivial.
you mean a government backdoor.
I have no problems with the NSA having this information, I just don't know how I feel about the local PD having it.
They're using their grammar skills there.
TFA notes an un divulged vulnerability. That would indicate something which does not rely on a password of any length be it 4 or 400 characters.
The article also notes that it uses a brute force attack to crack the four pin code. It also states as has been pointed out that increasing the number of characters in the password makes the brute attack take much longer or nearly impossible given a complex enough password.
Sorry, I meant most every smart phone currently on the shelves for purchase employs full-disk encryption. In most cases, manufactures implement it to allow corporate exchange email access. If the device supports exchange, it typically has full-disk encryption (early iphones were an ugly exception..). One of the exchange activesync requirements is that the device supports a secure remote-wipe. iphone 3GS and newer have full hardware encryption. Android 3.0+ devices use hardware encryption, and all WP7 devices use it. I'm sure blackberry does as well but I don't know their history very well. So the result is that these devices all support the remote wipe feature. That means if you enter the pin wrong a number of times or remotely trigger the wipe, the encryption key is deleted. That way, it doesn't take hours to securely delete all the data from the disk. The only thing that needs to be deleted is the encryption key. The flash always has some encryption key set. That's why setting up the remote-wipe or PIN-based wipe doesn't require you to spend an hour reformatting and encrypting your entire flash storage.
PINs are less secure than patterns.
Both are vulnerable to smudging, though patterns that don't cross themselves are slightly more vulnerable.
There are 5040 4-digit pins, 151200 6-digit pins, 604800 7-digit pins, and 1814400 8-digit pins.
There are 362880 9-dot patterns (use the whole pattern). There are 986400 total possible patterns.
IF patterns are easier to memorize for you, then choosing an 8 or 9-spot pattern will provide better security than a 6-digit PIN.
It's also harder to have a pattern of your birthday than it is to have a PIN of the same.
Not a sentence!
It basically wipes the decryption key from any memory on the device. The key is not stored with Apple and I doubt Apple has a 'universal collision key' on their encryption as they use RSA if I'm not mistaken which AFAIK doesn't have a universal collision key. Same goes for Android/Google and most encryption, encryption with spare keys is easy to detect and crack.
Custom electronics and digital signage for your business: www.evcircuits.com
The iPhones encryption is weak. The ability to pull a copy of the whole file system in DFU mode via USB is also sad from a security standpoint. iPhone's offer no native pgp support. Security restrictions are not pushed securely to the device as in the case of blackberry + bes. So if u desire security take a look at the blackberry that succeeds in many of the ways that the iPhone fails when it comes to security. I use iPhone myself, but have used blackberries in the fast and via BES they can actually be locked down pretty well. Also to those who say its just a phone, what difference does it make, phones now store emails, photos, and all sorts of other information. I use my email for slightly sensitive stuff all the time, if my phone got compromised I wouldn't want to have to worry bout a bank account number or ss number being compromised. I really would prefer that my mail be stored in a secure environment. So as one person said, if u really need to keep secret something your doing on your iPhone, setup your own mail server with https access for a web mail that works well on iPhone, and conduct your shady business through that so that nothing actually stored on the device.
Three:
One to crack the iPod, and one to confuse the issue.
"Flyin' in just a sweet place,
Never been known to fail..."
That works unless they put the phone in a shielded bag. Then it won't receive text messages.
Android 4.x includes the option to encrypt the filesystem.
For obvious reasons, our goonware friends are a bit vague on how their mechanism works; but encryption only saves you if the attack is unable to get access to the phone as the user(since the filesystem has to be mounted and visible to you and your process as plaintext).
Encryption is excellent against the class of attacks where the attacker attempts to circumvent the OS's access control by obtaining direct access to the block device and using an OS they control to read it out. However, if the attack is directly against the OS's access control, it isn't nearly so useful, since things are usually set up to grant trivial plaintext access to the user.
They are:
Foxtrot42
42b8dfedd5
Not sure what the point of "obscuring" if you can see them anyway.
If you guess wrong several times, the key (and therefore your data) should be destroyed
Three guesses what I'm going to do with your phone the instant you set it down.
On second though, no, you don't get three guesses.
that prevents logging of any information? Or least erases any logged information as its written?
A four digit pin only has 10,000 possible combinations. If one can get access via software that is trivial to brute force.
Cops plug the phone in and push a button, they can't understand, grasp or crack shit.
"If any question why we died, Tell them because our fathers lied."
Why do you always assume base 10?!?!
There are two types of people in the world: Those who crave closure
There are 5040 4-digit pins, 151200 6-digit pins, 604800 7-digit pins, and 1814400 8-digit pins.
No, there are 10,000 4-digit PINs, 1,000,000 6-digit PINs, 10,000,000 7-digit PINs and 100,000,000 8-digit PINs. Unlike with patterns (as implemented by Android, at least), you're not restricted from re-using digits.
There are 362,880 9-dot patterns (use the whole pattern)
Not quite that many. You're assuming you can pick the nine dots in any sequence, but some patterns are impossible (or at least very difficult) because you can't get from one dot to the next in the pattern without touching a dot in between. It would be tedious, but not difficult, to enumerate the feasible set of patterns, and the likely set is even smaller, since people tend to choose connected sequences.
I'd say a longish pattern (6+ dots) is roughly equivalent to a four-digit PIN, but even a maximal-length pattern barely reaches the strength of a five-digit PIN.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Isn't one of the nice things about Android all about how you can muck around it?
Why not make a secure version of Android like SE Linux?
Random Thoughts From A Diseased Mind (Not For Dummies)
On phones the dedicated hardware would be a "Secure Element", an embedded smart card chip of the sort used to secure NFC transactions (e.g. Google Wallet). They're actually more secure than typical TPMs, and more secure than the ARM SoC "TrustZone". There are a small number of Android phone models that have SEs now, and more coming. Rumor has it that the iPhone5 will have NFC, which very likely means it will have an SE also.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
This is complete nonsense.
How many companies have you been fired from for implementing this?
Ooh! I love the non-sequitur game!
Good luck entering a PIN so you can call 911 when you're being physically assaulted.
Your turn.
I mean that all would be trivial to solve if phones would boot from external memory. You could then have 2 micro SD cards, one with your unsuspicious OS, and the other one with an encrypted other operating system. Everything stored on the phone does not reside in Flash, but ROM so they cannot install some sort of keylogger into the bootloader.
That would also make replacing a broken phone just as simple as replacing a broken computer. Just pop out your storage and put it into the new one. (Works at least when you have the the same kind of hardware, and with common operating systems)
All I see is a bunch of pew pew and QQ. All these features iPhone and Android either just got, don't have, or might get in the next release are all the same secure feature Blackberry has had forever. Why do droves of idiots flock to iPhone and Android? Malware ridden, data snooping/stealing/selling, billboards in your pocket that you pay a premium for just sounds horrendous!
I guess 5000 fart apps and 1000 apps that when I shake my phone sounds like a shotgun is worth it?....
Visit my Forums?
the story is a an undisclosed vulnurability that let's them try unlimited amount of brute forcing with just sw
world was created 5 seconds before this post as it is.
being able to dial emergency services without sim, with locked phone, used to be a required feature of _phones_.. I suppose it still is. it might save your life if your kid doesn't have his own phone when you're getting a stroke.
but the failed attempts... well, the iphone has a bug for that. they're exploiting it with their sw.
world was created 5 seconds before this post as it is.
So, I think this could be used. You could just 'sign' our phone. A reasonable 'signature' would have to my mind at least 50 data points of acceleration or deflection. Since we do vary the sig, some kind of fuzzy matching with the accepted vector would be required - say 90%. Then if it matches, the signature recognizer could use the correct data as the key to the decryption.
a) A lot of peoples signatures vary by WAY more than 10% each run... I can sign twice in a row, and the two are barely the same. For my own signature ... sometimes I make a tiny loop for the e, sometimes its just a little pointed bump like an undotted i, sometimes... its just not there at all. There are some definite "features" that my signature consistently has, but other parts are highly variable.
b) The reason signature analysis works at all is because its analyzing a muscle memory motion that we've already committed, so there is consistency. A child doesn't have a signature; they still draw their name out letter by letter each time.
Any sort of "sign your phone" process would have the same problem... we don't have a "swipe motion" we can use... sure we can make one up... but it will take weeks? months? years? of repetition before it has that characteristic rhythm like a signature. At the start we will be like children drawing it out each time...with no muscle memory rhythm.
Thus, we would not need to remember a long key, just let our muscle memory do its thing.
Unfortunately i think we'd need to remember a long key as well... as a backup in case there was problem with these other methods. Your "signing it" example could render your phone otherwise inaccessible by getting a nasty paper cut that made you much more careful and conscious moving your finger... or inducing you to use a different finger than usual ... both which would prevent you from matching your characteristic rhythm.
Then I read the rest of your post, and I'm not so sure I want to have detachable fingers...
For the record, the reason I said it was was so easy to defeat for criminals, law enforcement, and psychos on planes was that all they had to do was grab your hand and swipe your finger over the reader...
This is much easier to do to an unwilling you than coercing a pass code/phrase, they can simply overpower you and force you to do it, or knock you unconscious and do it, or wait for you to fall asleep. even without resorting to severing your fingers. Although of course... they could do that too.
I eventually RTFA (and movie), They appear to be 'unbricking' the iPhone with a custom bootloader from the USB. Once they've done this they can grab the flash and post it to the PC. For a PC brute forcing a 4 digit passcode is a millisecond job (hell, a 20digit passcode is just an annoying little pause).
It's very much a dumb user tool, if your fingers are too fat to properly push the iPhone's buttons they even have special recovery options for when you mess up.
Don't keep secret stuff on your phone.
Depending on circumstances...
your call history
text message history
could all be "secret".. not necessarily illegal but maybe the fact that you happen to be good friends with a guy who you know smokes up regularly, and another guy who pissed on a dumpster in an alley at 2am walking home from the bar and is now a registered sex offender...
maybe you don't want border patrol hassling you about them, or extra because of them... again... simply because they're friends of yours... during a routine stop crossing the border to visit family... or whatever hypothetical situation law enforcement has for grabbing at your stuff this time.
If they can stick your phone on a box... and analyze it for "criminality" links... they will.
We need to
a) make it technically not possible through security.
b) make it clearly unreasonable search and an invasion of privacy short of a warrant relating to suspicion of an actual crime instead of going on a fishing expedition on everyone who wants to do anything beyond hide in their own house their whole life.
The Guardian Project aims to create easy to use apps, open-source firmware MODs, and customized, commercial mobile phones that can be used and deployed around the world, by any person looking to protect their communications and personal data from unjust intrusion and monitoring.
https://guardianproject.info/
Here is a link to their February project update to give you an idea what they are working on: https://guardianproject.info/2012/02/09/february-2012-project-update/
This is complete nonsense.
So what you say is complete nonsense? Strange that is hasn't been modded insightful yet!
We need TrueCrypt for mobiles
My "balance" is a >10 digit alphanumeric + characters. I can even enter it without having to look at my phone's keypad since there's a small tab on the 5 key which lets me know which button I'm hitting in relation to it. Doesn't work if you have a touchscreen though.
You might try actually reading your links. The iOS file system is always encrypted. All the links talk about is setting a pin to protect the encryption keys. There is no functional difference between BB and iOS encryption. You can easily force the use of pin codes as well.
You can just feel the freedom!
Yep, I realized that -- but I still like the over-the-top "scoop the eyeball out with a spoon for the retinal reader" (I forget the name of film, it scarred me at a young age).
I feel fantastic, and I'm still alive.
You can call 911 without entering your pattern/passcode on Android.
So the moment they fix that, the company is out of business?
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Security Industrial Complex
Don't get caught! ;)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Forgive me for not taking something Apple says at face value, numbnuts.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
That specialized hardware already exists in every phone, its called a SIM card.
In my mind it doesn't even matter if cut off body parts are actually usable for biometric authentication. Any self-respecting thug who has seen Demolition Man, Minority Report, or one of the many others, will have to try the trick for himself just in case the people who said it didn't work were just trying to keep the competition in the dark..
I like that. A long code on powerup would give you the option of just yanking your battery.
Neat idea. It could sit on a keyring and work just like the keyless transponders for cars.
The secret plans to solve the world economy (and hunger) problem or a device which allows you to communicate?
It all sounds great to have; but; you got to think more global. Something which works for a phone, might work for a wallet, keys or anything (more important) which needs to be protected against pickpockets .. my 2 cents ..
Ok, it has my personal data on it, but the burden to replace every single card in my wallet (while I keep this one thing streamlined as possible) or replacing all my keys costs me more trouble (and money) than a phone backup restoration.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
I actually wrote a program to enumerate all the possibilities during a slow work day. The tricky part is that you can conditionally connect to a non-adjacent dot, but only if the intervening dot has already been used in an earlier part of the pattern (otherwise that intervening dot will be chosen as the next dot in the pattern). Assuming I understand all the requirements of the patterns correctly, here are the results:
4 dots: 1624
5 dots: 7152
6 dots: 26016
7 dots: 72912
8 dots: 140704
9 dots: 140704
For a total of 389112 possible combinations, assuming any possible 4-dot to 9-dot pattern. A 5-6 dot pattern is about equivalent to a 4-digit pin as far as the number of possibilities. Note that the 8 and 9 dot patterns have the same number because they are the same patterns, just picking the last remaining dot or not.
just trying to keep the competition in the dark..
With the retinal scanner... I see what you did there... :)
I feel fantastic, and I'm still alive.
all mobile phones can dial the national emergency number while locked, it's a legal requirement in several countries so say if i come across an accident and borrow the injured persons phone I can dial for an ambulance.
Cool! Very interesting. Care to share your code?
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
The attack involves rooting the phone and flashing custom firmware onto it in order to bypass the passcode. Encryption defeats this attack since they will only see encrypted data.
It is a 4 digit numerical password, not exactly advanced cryptanalysis there. On top of that, most people that choose passwords, usually choose something stupid.
We found an iPhone at a cabin we rented for a stag party a few years ago. The previous girl left her whole wallet. The guy who broke it, only had to try exactly twice, and probably took less than a minute, and no fancy software was involved.
Try # 1: 1234
nope
Opened wallet, and looked at drivers licence. Mused aloud, lets see how dumb this chick is:
Try #2: Birthday (can't remember was either day/month, or month/day, either way got it first shot)
yup.
We did mail it and all the contents of her stuff back to her however.
Point to me.
Remember, your responses must have nothing to do with the previous comment.
Now to resume: I am a banana!
I make no claims to the awesomeness or non-awesomeness of this. As I said I threw it together pretty quickly. PHP is the major language at my work so that's what I used.
.= $this->name; // still walking // first check conditional edges // now check normal edges // end of a path // when done with the walk, clear visited
Essentially I made a class to represent a node that represents a dot of the pattern. That node can have direct edges to other nodes. Additionally it can have a set of conditional edges, which are the edges that can only be traversed if "intervening" nodes have already been used (visited) earlier on any given path (walk). The walk() method basically traverses all edges and any available conditional edges of the current node, then continues the walk recursively for each node being visited. The whole time a global counter gets updated, counting the total paths.
class Node{
private $visited = false;
private $name;
private $edges = array();
private $condEdges = array();
public function __construct($name){
$this->name = $name;
}
public function addEdge($node){
$this->edges[] = $node;
}
public function addCondEdge($targetNode,$skipNode){
$this->condEdges[] = array('target'=>$targetNode, 'skip'=>$skipNode);
}
public function visit(){
$this->visited = true;
}
public function isVisited(){
return $this->visited;
}
public function unVisit(){
$this->visited = false;
}
public function walk($steps,$path=''){
$this->visit();
$path
if ($steps > 0){
foreach ($this->condEdges as $condEdge){
if ($condEdge['skip']->isVisited() and (!$condEdge['target']->isVisited()))
$condEdge['target']->walk($steps-1,$path);
}
foreach ($this->edges as $edgeNode){
if (!$edgeNode->isVisited())
$edgeNode->walk($steps-1,$path);
}
}
else{
$GLOBALS['count']++;
echo "#{$GLOBALS['count']}: path: $path\n";
}
$this->unVisit();
}
}
Then I build the actual set of nodes making up the Android dots, e.g. (if numbering the dots left to right, top to bottom 1-9):
$node1 = new Node('1');
$node2 = new Node('2');
$node3 = new Node('