Apple Deluged By Police Demands To Decrypt iPhones

New submitter ukemike points out an article at CNET reporting on a how there's a "waiting list" for Apple to decypt iPhones seized by various law enforcement agencies. This suggests two important issues: first, that Apple is apparently both capable of and willing to help with these requests, and second, that there are too many of them for the company to process as they come in. From the article: "Court documents show that federal agents were so stymied by the encrypted iPhone 4S of a Kentucky man accused of distributing crack cocaine that they turned to Apple for decryption help last year. An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms and Explosives, 'contacted Apple to obtain assistance in unlocking the device,' U.S. District Judge Karen Caldwell wrote in a recent opinion. But, she wrote, the ATF was 'placed on a waiting list by the company.' A search warrant affidavit prepared by ATF agent Rob Maynard says that, for nearly three months last summer, he "attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock' an iPhone 4S. But after each police agency responded by saying they 'did not have the forensic capability,' Maynard resorted to asking Cupertino. Because the waiting list had grown so long, there would be at least a 7-week delay, Maynard says he was told by Joann Chang, a legal specialist in Apple's litigation group. It's unclear how long the process took, but it appears to have been at least four months."

Re: Is Apple being compensated?

Now you know and knowing is half the battle. Don't buy iPhone.

Brute-forcing the lock code

[Verteiron]

Brute-forcing an iPhone's lock code is relatively trivial with freely available tools. This puts the device in DFU mode, so "Erase device on X unlock attempts" doesn't take effect. That version of the tools only bruteforces lockcodes, but there's no theoretical reason you couldn't try at least a dictionary attack on a password, too. Since it's also possible to dump the hardware key and a complete (encrypted) image, I imagine an offline attack on the image is possible, too. You wouldn't have to rely on the relatively slow hardware in the iPhone.

Using those tools I have successfully bruteforced the 4-digit lockcode to an iDevice running 6.0.2, and that's with no prior experience with or knowledge of iOS. I even used an emulated Mac to compile the necessary firmware patch. And that's just what I was able to do in with a few hours of fiddling. There are people who do this for a living, and tools dedicated specifically to extracting data from mobile devices. Are these PDs really saying they can't get into devices with simple lock codes?