Slashdot Mirror
Apple Can Extract Texts, Photos, Contacts From Locked iPhones
Trailrunner7 (1100399) writes "If law enforcement gets hold of your locked iPhone and has some interest in its contents, Apple can pull all kinds of content from the device, including texts, contacts, photos and videos, call history and audio recordings. The company said in a new document that provides guidance for law enforcement agencies on the kinds of information Apple can provide and what methods can be used to obtain it that if served with a search warrant, officials will help law enforcement agents extract specific application-specific data from a locked iOS device. However, that data appears to be limited to information related to Apple apps, such as iMessage, the contacts and the camera. Email contents and calendar data can't be extracted, the company said in the guidelines."
All the things listed, are synced to the iCloud. Sounds to me like they are not accessing the phone, but the contents of the cloud server, which have push/pull access to selected apps. Wonder if this is true if you disable cloud access or simply don't sign into it.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
How about google, hotmail, facebook etc passwords from Safari's settings? Thats what law enforcement always look for. That is cop gold right there. Who gives a crap about the data in the calendar app, thats all hosted on apples cloud anyway.
If you want real, audited & certified security, get a blackberry.
Based on sales for the last few years, it looks like the market just doesn't care about security. As people put more & more of their life on their phone, you might think people would care.
Sad.
There's a built in file manager for the iphone?
Weird... Had no idea...
"Helping to keep you two steps ahead of the Thought Police!"
The news is the Apple has received enough LEA requests for information that they've put together guidelines as a pre-emptive against being bothered about things they can't do.
I suppose we could be heartened that it specifically states upon receiving a warrant thus-and-such are available? Until a three-letter agency gives them a Sekrit Not-A-Warrant Order requiring the information. And that, Government, is the whirlwind you reap when you play fast and loose with the Constitution - there should be no trust of you, ever.
Ah, I can do this also. It was helpful during my divorce. If the device is locked the encrypted data is unreadable without a recovery key. The encrypted is still accessible if you can get to it. (through jailbreaks, exploitable boot-loader, or physically reading the ram chips.)
How much is threat post paying timothy to drive up their traffic with these half ass stories?
The summary fails to mention that the phone must be in their possession and the both the phone and the search warrant must be delivered to Apple's headquarters which is the only place Apple will perform the extraction.
If anything I applaud Apple for both publicly disclosing their policy for dealing with law enforcement and requiring a search warrant with more detail than "suspect's phone". They require the model number, phone number, serial of IEMI number and FCC ID number.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Whoever owns the system, owns the system.
The page states that they can only access information which is not encrypted, and is "active", whatever that means. Reading between the lines, it seems they can get at information that's currently in RAM.
No kidding!!! What do you say at this point?
if served with a search warrant
Nothing to see here.
https://support.apple.com/kb/h...
If passcode-protected whole phone encryption is enabled, no one should be able to access that without the key. I guess they know how it works more than I do. They've even redefined encryption. It's "encrypted" just like everything else these days. I guess it's still technically encrypted even if everyone has a key.
"iMessage" is a message transport. The app is "Messages". The document from Apple specifically says "SMS": it does not mention either Messages or iMessage. While it's possible that Apple leaves iMessages unencrypted on the device, it would be surprising given how much trouble they go through to protect then in transit. So while this document doesn't explicitly say iMessages are safe, it also doesn't say they're vulnerable.
Given that Apple, like Google, can push apps to the phone, what's to stop them from just pushing a custom app that just copies everything to a designated place?
Taking apart an iPhone 4(S) is fairly straightforward and the various connectors on the boards inside appear to be pretty much "standard". The various flavors of 5 shouldn't be too far off. I would expect some levels of the law enforcement to even have the know-how and equipment to connect to those ports and access an iPhone's internals beyond the device's standard operation - and I don't think it's anything wrong with that. By the user experience it seems that the iPhone's memory is not scrambled.
Assuming anyone would use that, at least we can hope now that such an expensive phone will still be functional when the process is done.
Sort of like they've been doing with cash.
Give it a few years, maybe a decade, and people who don't regularly use a smartphone/messaging system to interact and/or exchange paper notes will be viewed as highly suspicious.
It's been known for a while that their "Filevault" has a corporate key (allegedly for employees but wouldn't it work for anyone?) to unlock it.
Of course if you're a smart criminal you aren't using this sort of tech or if you are you have a second level of protection.
Considering the timing of the Apple "bugs" such as the SSL fiasco why would anyone think they are protected in any way while using using Apple gear?
http://www.dailymail.co.uk/sci...
http://daringfireball.net/2014...
"If any question why we died, Tell them because our fathers lied."
Hey, let's link to the actual document in question! What a novel concept!
http://www.apple.com/legal/mor...
Good news:
- Apple cannot track a phone via GPS, nor forcibly enable Find My Friends/Find my iPhone
- Apple cannot monitor FaceTime or iMessage conversations since they are end-to-end encrypted
- Apple cannot provide third-party app data that is encrypted since the files are encrypted with the user's passcode.
- It appears if the user does a remote wipe before law enforcement can get a warrant and ship the phone to Apple (or fly it there), then there is nothing that can be done. I wonder if they power up the device in an anechoic chamber so it can't receive the remote wipe signal? I would guess no because most people aren't smart enough to do an immediate wipe.
- We already knew the only trick they have as far as encrypted files goes is a custom firmware that bypasses the max attempt auto-erase and rate limit feature, so it can attempt to brute-force passcodes quickly. However it requires the attempt be made on-device, since the keys are stored in the secure storage with no facility to get them off-device. So even a moderately complex passcode is effectively unbreakable, let alone a good strong password.
Questionable:
- user generated active files (this is what SMS/call logs/photos/etc are listed under). Normally if a device is powered off and rebooted, I was under the impression that these things were not available because the files are encrypted. It seems that iMessage is at least encrypted here, but I would be curious to find out what the situation is. Everything except photos, videos, and recordings is a moot point because you can get stuff like SMS history and call logs from the carrier anyway so those are the only ones I'd be concerned about.
There are some definite good points here - Apple has chosen not to build themselves backdoors or workarounds, presumably because they can't be ordered to disclose information they don't have access to... same reason they built iMessage the way they did. A court would have to order them to refactor their software before it could order them to intercept messages, and at least in the US there is no precedent or law that can compel them to do so.
However I would expect the âoeuser generated active filesâ to be encrypted after a device reboot until the passcode is entered. If that is not the case, Apple should fix it pronto.
I would also expect Apple to refactor the storage of those things to be segmented, given the NSA revelations and increasingly authoritarian behavior of law enforcement; for example, photos pending background upload could be kept unencrypted, but once uploaded they should be rewritten as encrypted so they require the passcode to access. They already have the ephemeral key tech and per-file key support so you can generate a key for the unencrypted file while the device is unlocked, then toss the passcode key when the device locks and only hold onto the file key until the upload is finished, then toss it. Thus no risk to the main key but you can still encrypt the file in the background.
I won't bother discussing Android phones - they are almost all trivial to break and access all the user's data, when people like Samsung aren't coding back doors directly into the firmware.
Natural != (nontoxic || beneficial)
MS on the other hand, really don't know how to build a filemanager for their phone, so they gave up.
I'm honestly surprised when someone on MSDN knows the precise reason something works or does not, their own code probably looks like muck to them, too. Keep going through these exercises of "try this..."
OT - I'm not surprised. Is anyone surprise? Apple is the private sector equivalent to the NSA.
A feeling of having made the same mistake before: Deja Foobar
All phones probably use the same salt so it's a backdoor it also means that someone out there will find that backdoor.
Do not look at laser with remaining good eye.
If at this point people are still surprised that this is possible then they are just naïve. Privacy in public forums (internet being the biggest forum of all) is not possible in this current age. Other than my personal information I don't care what people know or get from me. Some people have a dark past and don't want information to leak but I honestly have nothing to hide so I don't care.
Think of it this way: We are all Truman in the Truman show. The public is watching and so are the officials. Crooks will be caught and honest people LOLd if dumb moments make it online...
Sorry, I was too brief. Apple doesn't include a file manager because thy want to try to control the experience. (Bad enough). MS doesn't include a file manager because they can't do it without totally destroying security on the device. At least that is their official story. I think the real answer is much worse.
The AC nailed it; this is an utter non-story. Last time I checked, locking an iPhone does not enable full -disk encryption. Raise your hand if you thought the iPhone contains some magical Steve Jobs fart that would prevent someone with hardware access (leave alone Apple with hardware access!) from ripping the unencryped data (which, in a default setup, is essentially everything except your e-mail) from the flash chips. And yes, hardware access is necessary even if it isn't explicilty stated in the summary. Anyhow, those that did raise their hands earlier, please hand in your geek card and don't let the door hit you in the ass on the way out.
If all companies would detail how they deal with LEA's then everyone would be the wiser. And, if it's as simple and direct as this, even better. This is about the same as a search warrant for a private container (which might be how a phone is seen in court). I really like this approach via Apple, they'll have LEA but only if there is a valid and legal reason. Not just witch hunting or easter egging.
My understanding has been that they are capable of bypassing the OS restriction on unsuccessful login attempts before the phone's data is wiped. Since most people just use a 4-digit pin, it wouldn't take very long to brute force even if they don't know what the salt is.
To my knowledge, Apple doesn't do RAM access. Some law-enforcement forensic analysts might, but I don't know of iOS RAM-capture tools that actually work. The whole field is poorly-understood.
"Active" here almost certainly means "not deleted". LE analysts usually ask if you can access deleted data.
The story here is that Apple can unlock and access the files on an unencrypted iPhone. That shouldn't come as a surprise to anyone. You can do that without Apple's help, and you can do it to unencrypted Android phones, unencrypted hard drives, and pretty much any unencrypted data-storing device you have physical access to.
there's no back door. Apple's iCloud syncs some information across all devices. For ex if I take a photo with my iphone it automatically syncs with my ipad and my macbook. obv the photo must be uploaded from the phone and live on an apple server somewhere, so it's vulnerable to supoena.
in other news, apple will begin notifying users of supoena requests LINK
Apple is the private sector equivalent to the NSA.
any support for this argument? goog and fb are the ones sucking up and sorting through everybody's info. how is apple the bad guy here? they've gone to great lengths to limit govt intrusion and even notify people when the govt serves a warrant on their accounts.
http://www.reddit.com/r/windowsphone/comments/24jtcy/hi_im_joe_belfiore_from_the_windows_phone_team_ama/ch7vbb4
"We are doing a File Manager for WP8.1! I know a LOT of you are looking for this (thanks for the tweets, I've read them all). In fact, I've been running a build of it on two of my phones for the last week or so and it's getting to pretty good shape.
Here's what it looks like: http://imgur.com/a/hvqGD#nRuOFXp
We are expecting to get it into the store HOPEFULLY by the end of May."
At least not trivial task. Per the iOS Security white paper:
"The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption opera- tions performed using them. The UID is unique to each device and is not recorded by Apple or any of its suppliers. The GID is common to all processors in a class of devices (for example, all devices using the Apple A5 chip), and is used as an additional level of protection when delivering system software during installation and restore. Burning these keys into the silicon prevents them from being tampered with or bypassed, and guarantees that they can be accessed only by the AES engine."
Hence, needing some specialized equipment, ergo, ship to 1 Infinite Loop to get the data.
I just did this on a locked iPhone i Found Yesterday to try to identify the owner.
It was locked from too many bad PIN's entered and I was able to access Photos, Call Log, TXT Messages, etc.
Didn't give me access to every single thing on the phone, but that is still a lot considering this is a shareware limited app anyone can download.
There are more advanced Forensic programs that are available, but they can get more pricey.
But if anyone with google can find a shareware app, what hope to you have against the government with all their money and resources.
http://www.easeus.com/mobile-t...
https://support.apple.com/kb/h...
If passcode-protected whole phone encryption is enabled, no one should be able to access that without the key. I guess they know how it works more than I do. They've even redefined encryption. It's "encrypted" just like everything else these days. I guess it's still technically encrypted even if everyone has a key.
Not everything is encrypted. According to the guidelines:
Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media.
So, data can only be extracted if it is not encrypted. Sounds reasonable. Of course it would be better if everything was encrypted.
I had someone give me an iphone 4 last year where a child playing with the phone had accidentally deleted all the pictures. My task was to recover all the deleted pictures. It took me a few hours, mainly because I had never done anything with an iphone before. The process that worked invovled booting the phone with a different bootloader and breaking the encryption key. Most of the information and software to accomplish this can be found with a few minutes of searching.
I was thinking about the FROST attack against Android devices. Sounds like something similar here - lower the temperature enough to get the phone to reveal its encryption key in RAM, then just read the key off the RAM chips. Now you have the key to decrypt all of that lovely cloud data yon LEO has been after.
Every iOS device has a dedicated AES 256-bit crypto engine built in that is used to encrypt all data on the device at all times. In addition, the iOS Cryptographic Modules have been granted FIPS 140-2 compliance by the U.S. federal government on devices running iOS 6.
Emphasis mine. Sounds like doublespeak to me.
Why would they want to kill the future of personal technology, when there's so much in there for law enforcement?
Military grade technology will cost military grade bucks and will not be made generally available to the public. It will certainly not be made available for import/export on any civilian market you or I have access to.
See http://www.cellebrite.com/mobile-forensics. Every Apple store has Cellebrite phone forensics software and so do a every police agency who can afford it.
F=ma
Clearly the intelligencia is backing open-source these days...
what hope to you have against the government with all their money and resources.
Given that the App you mention and Apple's list of what they can extract amount to the same thing, it's probable the government also can access the same things. Basically anything that not encrypted on the device or backup can be accessed by all (with physical access). Things that are encrypted can't be. Even by people working for scary 3 letter acronyms.
I posted this elsewhere in the thread, but this describes the iOS security mechanisms in excruciating detail, including the full-disk encryption, etc. etc. Note that it does vary by hardware platform (3GS, 4, 4S, 5, 5S) and iOS version, so this is the "new hotness". There's a lot of incorrect information in the comments.
http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf
Encrypted by the hardware encryption key that's physically on the device.
Some data is encrypted by hardware encryption and pass code.
Some data is encrypted by just the hardware.
That's why Apple requires the entire phone. Just an image of the device is not enough. They've got to lift the actual encryption key off of the hardware.
Still a little double speak, but not too much. They're saying everything is encrypted, but not necessarily by the PIN.
Most IT departments see this as reasonable encryption, as getting the key back out of the encryption chip is not simple.
Technically, there *is* a backdoor in the sense that Apple signs the ramdisk with their private key. As such, should they build and sign a "data recovery ramdisk" with their private key and supply said software to Law Enforcement (such as when subpoenaed), then one can boot to DFU, load the "data recovery ramdisk", mount the phone as read-only flash that the agency can copy data from it.
Any entity with the private keys control what happens with the data on the device.
Thirty four characters live here.
They don't supply shit to law enforcement - their policy says that the device has to be shipped to Cupertino in good working order, where they will do the data extraction only with a proper search warrant or court order. The data is then provided on optical media:
Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.
See section I of the linked document, entitled "Extracting Data from Passcode Locked iOS Devices".
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Yeah, because most Android device manufacturer's legal policy about data extraction from phones is far better for privacy advocates.
Wait, where are their policies published again? They're not?
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
All phones probably use the same salt so it's a backdoor it also means that someone out there will find that backdoor.
The lack of thought... What happens when the passcode screen comes up and you type in your passcode 1234? The software takes your passcode, 1234, and no other input that isn't directly available to the passcode software, and unlocks your phone. A police officer taking your locked phone takes five seconds to type a passcode, and your phone gets erased after ten attempts, because that's what Apple's passcode software does.
Apple can replace the passcode software. (Nobody else can, because only software codesigned by Apple can do the needed hardware access). The replacement software tries 0000, 0001, 0002, etc. as if you had typed them in, just faster, at a rate of ten per second. That's it. And then they try until they find the right passcode. You can calculate how long it takes at ten keys per second.
There is no back door. Apple patiently tries all the possible combinations on the front door, while turning the burglar alarm off.
Using the same salt doesn't change anything.
In order for the salt to be useful, it can't be stored encrypted anyway, so they don't need to use the same salt, it would be very easy to read.
The system has to be able to read the salt in order to combine it with your password to make the actual key or password hash or whatever.
Same salt is the same as no salt, it doesn't provide a back door.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You should look up JTAG, the whole field is fairly well understood to any hardware developer on the planet, its not even all that complex.
To think Apple has no JTAG support on their devices is just silly and shows a lack of understanding the hardware development process.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Correction: what I wrote is not fully correct but my main point remains valid.
If there were a master key, they would be able to get the whole system and also, it would be trivial for someone to find/leak that key and every single device would be at risk. Also, having encryption with 2 simultaneous private keys is impossible if you don't have access to both keys at time of encryption (and hardcoding a key in software would defeat the purpose of the encryption all-together). The device self-destructs when attempting brute forces so that's not it either. I'd say they can access 'some' data, the same data which is displayed on the front of your phone without being unlocked (a set of photo's, last dozen or so text messages, alerts) which live in RAM or on the 'OS' side of the storage.
Custom electronics and digital signage for your business: www.evcircuits.com
I haven't actually disassembled an iPhone to see if it has an exposed JTAG header. I've connected to a lot of other consumer devices with JTAG, though. It's extremely common to disable JTAG entirely on the devices that are sold to consumers (though the header and traces are still there, they just don't do anything). Most devices where it does work only talk on JTAG if the device powers up with something connected to the header -- which eliminates using it for RAM access for forensic purposes. Lots of densely-packed consumer devices actually don't have the JTAG headers on them at all. It's very inconvenient.
A phone that puts security first. No ifs, and, or, buts about it. Not to mention 2-day battery life and a seamless OS experience.
Oh please, you are *completely* full of shit. WP8 has Pocket File Manager, and WP8.1 has added even more support for file access (I don't know if anybody has yet published an app that uses it to make a general-purpose file browser).
Yeah, the apps can't *see* much because they run with excruciatingly low privileges - PFM has a special capability that gives full access to some locations most apps can't access at all - but the SD card and public folders are accessible.
There's also homebrew, like https://wp8webserver.codeplex.... or http://forum.xda-developers.co...
There's no place I could be, since I've found Serenity...
If you have to use their email client, camera-app and messenger they have control on your data.
This really sheds light on this lack of freedom.
I was able to access Photos, Call Log, TXT Messages, etc.
Thats a configurable option, to allow those things to be accessed from the lock screen.
Disable access to those and the silly little app you used would't have worked either.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Google and Facebook profit by extracting information from you and using it for targeted advertisements and/or more nefarious purposes. Apple mostly profits by selling you stuff. If we found out that Facebook was collecting information on its users and selling it or otherwise disseminating it, well, that's business as usual. If Apple were to do it and get caught, it would likely hurt sales some, so there's little upside and some downside for them to do it.
You can't trust corporations, but you can get clues to their behavior by observing what makes money for them and expecting them to do things to keep making that money. As a result, I'm not nearly as worried about Apple knowing about me as Google or Facebook. In this particular situation, Apple is unlikely to be the bad guy.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Keep those spamposts comin' - I need to tweak my email filters.
Who are you?
I'm sorry - you post as A/C everywhere. No wonder nobody takes you seriously.
But I think he's living at his mother Jan Kowalski's basement at:
At least, that's where he wants users of his hostfile manager to send him money.
If that were true, there wouldn't be limitations on what data they can extract. Sounds like you're guessing.
- Michael T. Babcock (Yes, I blog)