Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Says iPhone Is So Secure They Can't Crack It

Posted by samzenpus on from the too-hard dept.

zacharye writes "In the five years since Apple launched the iPhone, the popular device has gone from a malicious hacker's dream to law enforcement's worst nightmare. As recounted by the Massachusetts Institute of Technology's Technology Review blog, a Justice Department official recently took the stage at the DFRWS computer forensics conference in Washington, D.C. and told attendees that the beefed up security in iOS is now so good that it has become a nightmare for law enforcement."

12 of 454 comments (clear)

  1. I don't believe it by 1s44c · · Score: 1, Interesting

    As far as I know the iphone doesn't use full disk encryption. It's not that difficult to get all the data off it.

    What 'law enforcement' means is that it's not convenient to steal people's data.

    1. Re:I don't believe it by mshenrick · · Score: 4, Interesting

      Unlike Android (when enabled), it doesn't prompt for the key before booting the OS, so it's only partly encrypted. Yes the OS is mounted read only on iOS (as on Android by default) jailbreaking changes this, as does rooting, but you can't if it's fully encrypted

  2. Now you know for certain by turbidostato · · Score: 5, Interesting

    The iPhone sports a master encryption key and DOJ has access to it.

  3. Re:Government Computer Skillz by spire3661 · · Score: 3, Interesting

    Its a problem, they just choose to ignore the human side of the law. The position the British have taken on this is untenable.

    --
    Good-bye
  4. encryption laws by Sebastopol · · Score: 4, Interesting

    Can somebody explain how if the iPhone is so uncrackable/breakable that Apple can still export it? I seem to recall some kind of PGP problem where exporting something that was too secure was a violation of US laws. Or maybe I'm mixing reality with a bad Nicholas Cage movie, which is entirely possible.

    --
    https://www.accountkiller.com/removal-requested
  5. What if they had said it was easily crackable? by Brannon · · Score: 3, Interesting

    would that still be a misdirection?

    Oh, I see, anything which is said in favor of iPhone security is "reverse psychology", anything critical of iPhone security is "speaking truth to power".

    You guys crack me up.

  6. Re:mod TFS by Just+Some+Guy · · Score: 5, Interesting

    This is purely anecdotal, but... I was recently on a flight next to a highway patrolman flying back from a conference for computer detectives (my words, not his; I don't remember what the actual job title was). He showed me the modified Ubuntu distro DVD they were passing out - "Look, it has a password cracker!" "Is that John the Ripper?" "You've heard of that?!?" - and we had a pretty nice chat.

    During the conversation, I mentioned that iPhones are encrypted now. I asked, "OK, hypothetically, suppose I'm a mafia drug dealer and you get my encrypted cell phone. How screwed am I?" He said that they'd get a subpoena for my house, show up with a search warrant, and read the backup off my Mac's hard drive, "and then we run this app [opens it to show it to me] and have full access to all your data!" I told him that was pretty impressive, "but... what if I turn on FileVault and encrypt my whole hard drive?" He looked like I'd kicked his puppy and said that most criminals aren't smart enough to do that, but in that case, yeah, there was nothing he could do.

    Feel free to take that with a grain of salt, but I had a detective tell me - in an unguarded two-geeks-talking moment with no apparent motive or visible sign of deceit - that the only way they could recover an encrypted iPhone's contents was through examining the unencrypted backup from an unencrypted hard drive. Now this was a state highway patrol guy and not an NSA analyst, and maybe the higher-up guys have access to emergency use stuff they're not talking about, but my takeaway was that the state-level police really don't have any way to defeat the encryption.

    --
    Dewey, what part of this looks like authorities should be involved?
  7. Re:mod TFS by Shakrai · · Score: 5, Interesting

    Now this was a state highway patrol guy and not an NSA analyst, and maybe the higher-up guys have access to emergency use stuff they're not talking about, but my takeaway was that the state-level police really don't have any way to defeat the encryption.

    Without talking about bad implementation (e.g., weak passwords) or side channel attacks (keystroke loggers and the like) it seems exceedingly unlikely that any law enforcement agency would have the ability to defeat modern encryption algorithms. Even if the NSA has such an ability (the math geeks can comment on the likelihood of this) it would be far too valuable to waste on something as mundane as a criminal prosecution. National Security concerns trump the incarceration of child molesters, drug dealers, murderers, and other common criminals.

    Far more interesting than the technical aspect will be the evolution of 5th amendment case law as it relates to encryption. There is no definitive legal precedent in the United States as to whether or not you can be compelled to disclose an encryption password. There have been a few cases that have danced around the edge of this question, but none have directly addressed it, nor have they made it to SCOTUS.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  8. Re:mod TFS by mark-t · · Score: 3, Interesting

    "....most criminals aren't smart enough to do that"

    I can't seem to help but read that as ".... criminals who are smart enough to do that will probably get away."

    --
    File under 'M' for 'Manic ranting'
  9. Re:Government Computer Skillz by mark-t · · Score: 4, Interesting

    So.... if you really *DID* forget the password, you could be looking at spending the rest of your life in prison, even if you never did anything wrong... simply because somebody thought you were guilty, and you had a faulty memory?

    --
    File under 'M' for 'Manic ranting'
  10. Re:TWO WORDS by 93+Escort+Wagon · · Score: 4, Interesting

    OF COURSE they have a key. Any cloud-based data you can access through a web browser requires as much - whether it's with Apple, Amazon, Dropbox, Google...

    And per one of your links, right after they say "of course Apple has a decryption key":

    Still, vice president of products for cloud security firm Echoworx, Robby Gulri, noted that Apple is following best practices used throughout the industry. "Apple has taken the right steps to protect users' data and privacy as far as a widely public service like iCloud goes," he told Ars. "For example, data is transmitted using SSL, data is encrypted on disk using 128-bit keys, and Apple has stopped letting developers use individual UDIDs."

    --
    #DeleteChrome
  11. Re:Political Correctness Censorship... by PeanutButterBreath · · Score: 3, Interesting

    Why? This is part of history, and people should know what attitudes were publicly held and presented to see how much we've changed over the years.

    We haven't changed over the years. Those attitudes are still common, but they are no longer publicized. So, by self-censoring itself in public, Disney is accurately reflecting racial attitudes in American society.

    So, is Disney to teach us about history? Or the present?