Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds (forbes.com)

Posted by msmash on from the security-woes dept.

Thomas Fox-Brewster, reporting for Forbes: Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unkown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer. In recent weeks, its marketing materials have been disseminated around private online police and forensics groups, offering a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That's for the online mode that requires constant connectivity at the customer end, whilst an offline version costs $30,000. The latter comes with unlimited uses. Another ad showed Grayshift claiming to be able to unlock iPhones running iOS 10 and 11, with iOS 9 support coming soon. It also claims to work on the latest Apple hardware, up to the iPhone 8 and X models released just last year. In a post from one private Google group, handed to Forbes by a source who asked to remain anonymous, the writer indicated they'd been demoed the technology and that it had opened an iPhone X.

106 comments

  1. Let the arms race begin! by Bruce66423 · · Score: 1

    Please pass me the popcorn...

    1. Re:Let the arms race begin! by Anonymous Coward · · Score: 2, Insightful

      No. "Popcorn" has been removed by Apple from the AppStore.

    2. Re:Let the arms race begin! by Anonymous Coward · · Score: 0

      "They've cracked our ROT-13 encryption!"

      "Relax. We've developed an even more devious alternative... ROT-14!"

    3. Re:Let the arms race begin! by halivar · · Score: 0

      Wait until they hit ROT-26. I use it for all my Slashdot posts, and they're pretty much undecipherable.

    4. Re:Let the arms race begin! by jellomizer · · Score: 1

      Being that this service is being labeled "Mysterious". I expect they are opening up the phone, tapping into the storage media. Downloading all the data. The brute forcing it until they get in. Being most people just use a 4 digit pin. That means 9999 possible combination. If they use a password, then we have the brute force password hacking algorithms.

      Such a process I would expect the 30k to be a reasonable price. Taking account opening an iPhone without breaking it, skills to tap into a soldered SD Drive, Putting the data onto high speed server(s), Putting the phone back to the way it was before. And doing the hack.

      Not impossible, and really there isn't much Apple can do at these particular points. There gets to a point where enough effort will allow someone to get into a device that was built by man.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    5. Re:Let the arms race begin! by rot26 · · Score: 1

      OH NO YOU DIH UHNT

      --



      To ensure perfect aim, shoot first and call whatever you hit the target
    6. Re:Let the arms race begin! by Anonymous Coward · · Score: 0

      Please pass me the popcorn...

      Here you go. :D

      http://www.ludoid.fr/site/index.php/popcorn

    7. Re:Let the arms race begin! by Anonymous Coward · · Score: 0

      Between who? Apple and companies like this? The far more likely explanation is that these hacks from from inside info provided by Apple and working along side Apple employees. They can double dip that way, by maintaining the illusion that they care about security and overcharging customers, while simultaneously appeasing the government and making money off of law enforcement agencies.

    8. Re:Let the arms race begin! by mlyle · · Score: 1

      The data on the phone is encrypted with much longer keys than your PIN.

      Your credential is presented to the secure enclave, which ratelimits attempts and locks out on too many failures. If it is correct then it releases appropriate keys.

    9. Re: Let the arms race begin! by RichardCulverhouse · · Score: 1

      Uh? Was that some obscure foreign language you just used... ?!

    10. Re:Let the arms race begin! by Anonymous Coward · · Score: 0

      Not my GPLed popcorn they haven't you insensitive clod.

    11. Re: Let the arms race begin! by Anonymous Coward · · Score: 0

      So basically, you need to capture the key somewhere in memory

      Sounds easy enough.

    12. Re:Let the arms race begin! by Anonymous Coward · · Score: 0

      We're sorry, stereotypical-black-girl-talk is not encryption.

      Also, those black girls need to learn how to talk like real people.

    13. Re:Let the arms race begin! by Hallux-F-Sinister · · Score: 1

      GPL'ed software isn't allowed in the Apple iOS Appstore, or at least it didn't used to be, which was, (I was told,) why Firefox was for so long absent therefrom. Still waiting for LibreOffice for iPad though. :(

      --
      Our reign has gone on long enough. Indeed. Summon the meteors.
    14. Re:Let the arms race begin! by Hallux-F-Sinister · · Score: 1

      Rot 26 only works in your elitist, snobbish 26-character alphabets, you insensitive clod! If you have either MORE, or FEWER characters in your alphabet, or have anything even more exotic or foreign, such as an ab-jad or syllabary, then it really mucks stuff up.

      --
      Our reign has gone on long enough. Indeed. Summon the meteors.
    15. Re:Let the arms race begin! by Anonymous Coward · · Score: 0

      Your attack vectors are:

      -attack AES
      -attack the rate locker in the hardware
      -read the hardware state from the tamper proof chip

      Attacking AES may be possible, but it wouldn't be sold like this, and it would require huge shifts in everything. Reading the hardware state would be labor intensive. Some previous attacks have avoided the attempt-locking feature- presumably, then, these are more attacks based on that.

    16. Re:Let the arms race begin! by rot26 · · Score: 1

      stereotypical-black-girl-talk? It's millenialspeak, I'm sad to say. You're not paying attention.

      --



      To ensure perfect aim, shoot first and call whatever you hit the target
    17. Re:Let the arms race begin! by Anonymous Coward · · Score: 0

      You forgot:
      -steal the keys to the tamper-proof chip, and tamper effortlessly.

      How good is Apple security? Possible to break & enter? Hack? Fight through building security & blow up a safe? Bribe/blackmail some developer to leak Apple's keys & framework for making signed firmware updates?

    18. Re:Let the arms race begin! by sexconker · · Score: 1

      Correct.

      This is either something that makes use of a massive vulnerability in Apple's implementation, or it's the tried-and-true method of freezing/resetting the unlock attempt counter so you can brute forcing the password.

    19. Re:Let the arms race begin! by tlhIngan · · Score: 1

      GPL'ed software isn't allowed in the Apple iOS Appstore, or at least it didn't used to be, which was, (I was told,) why Firefox was for so long absent therefrom. Still waiting for LibreOffice for iPad though. :(

      GPLv3 software isn't allowed in the app store because that's a violation of the GPLv3 license (anti-tivoization - since the app store keys are not revealed, it is therefore incompatible with the GPLv3).

      GPLv2 software may be allowed even though doing so potentially violates the GPL (because the App Store limits your usage to 5 devices).

      But if it's GPL, go ahead and sideload your software. Apple allows you to (for free) sideload apps onto your device.

    20. Re:Let the arms race begin! by Xylantiel · · Score: 1

      And the winner is: actual security! Apple and other vendors should fix vulnerabilities like this. What, do we want the tools outlawed and security research with it? Now there is an issue if these companies are hiding the vulnerabilities from the vendor, but it's quite possible that they are problems that Apple knows about but are tricky to fix (e.g. electronic or physical design or manufacturing issues). Timing/heating/monitoring attacks can be very hard to defend against. You know if it only costs $15k there is a good chance the black hats can already do it for a sufficiently worthwhile target.

    21. Re: Let the arms race begin! by Anonymous Coward · · Score: 0

      Bullshit. Millennial-speak shrinks words; not turning an already short contraction of didn't into something longer.

    22. Re:Let the arms race begin! by AmiMoJo · · Score: 1

      My guess is that they found a way to bypass the usual limits on PIN guesses somehow, allowing them to try all possibilities quickly. And it sounds like they do it entirely in software.

      Maybe something like they found a way to crash the secure processor, so they can reset it before it counts the attempt as failed. Timing reveals if it is going to accept it reject the pin early.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    23. Re:Let the arms race begin! by diamondmagic · · Score: 1

      Correction: GPL software can be published, it's the GPL per se that doesn't allow GPLed software on app stores.

      Apple couldn't care less, their developer agreement gives them a license to distribute your app, even if the GPL doesn't.

      --
      Wonder what the public key field is for?
    24. Re:Let the arms race begin! by WorBlux · · Score: 1

      The problem is most phones combine the pin with a device unique code from the security coprocessor.

      You either need to exploit the boot-loader, or have key to sign your own boot loader with.

  2. Right next to the “any key” by Anonymous Coward · · Score: 0

    Just press it and you’re in!

    1. Re:Right next to the “any key” by DontBeAMoran · · Score: 1

      Instructions unclear, penis stuck in oppai mousepad.

      --
      #DeleteFacebook
  3. We just need the galactic key by Mysticalfruit · · Score: 1

    We just need the galactic key to unlock it... really easy.

    --
    Yes Francis, the world has gone crazy.
  4. Pirated in 3...2...1... by mark-t · · Score: 1

    I don't see this as being usable on current hardware for very long.

    --
    File under 'M' for 'Manic ranting'
  5. That ex-Apple employee by Anonymous Coward · · Score: 1

    Could Apple go after him for undermining their current products?

    1. Re:That ex-Apple employee by Anonymous Coward · · Score: 0

      Maybe apple should write better code

    2. Re: That ex-Apple employee by Anonymous Coward · · Score: 0

      They would have to admit they made a backdoor for their own snooping purposes.

    3. Re: That ex-Apple employee by nospam007 · · Score: 1

      Apple just spent 30.000$ I guess.

    4. Re: That ex-Apple employee by Anonymous Coward · · Score: 0

      $30 is nothing to Apple. Hell, $30 is nothing to a good number of people that aren't anywhere near as loaded as Apple. You had an extra 0 as well. 30.00 would've been fine since it's doubtful they'd be dealing with fractions of a penny.

    5. Re: That ex-Apple employee by BronsCon · · Score: 1

      Judging by the placement of the dollar sign at the end of the number, I'd wager that nospam007 hails from a country where , is the decimal and . is the separator. That's actually most of the world, mind you.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    6. Re: That ex-Apple employee by bioteq · · Score: 1

      Or, he's a programmer who has used Basic and a lot of other languages where '$' denotes a variable of some sort.

      Back in my old days of VB and QB (yeah yeah.) I got super used to putting the '$' at the end and, to this day, still do at times. As for the period vs comma? I cannot attest for that one.

    7. Re: That ex-Apple employee by BronsCon · · Score: 1

      My theory explains all three. Most countries in the world use the . and , in exactly the opposite manner that we do in the US, so what we would write as $1,000.00 might be $1.000,00 elsewhere. Likewise, many countries that use a comma as a radix point also put their currency mark at the end of the number. Further evidence in favor of my theory is that the non-limited version of the device being discussed sells for $30,000, not $30.00.

      Of course, nospam007 would have to confirm one way or the other, but I'm partial to theories that explain all of the unknowns, in the absence of concrete proof.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    8. Re:That ex-Apple employee by mccalli · · Score: 1

      IMHO, should do both. I'm not normally into suing people who find ways round things, but in this case it's an ex-employee with privileged knowledge. Pour encourager les autres.

    9. Re: That ex-Apple employee by q4Fry · · Score: 1

      All true, but $30k is still nothing to Apple.

    10. Re: That ex-Apple employee by bioteq · · Score: 1

      Well, after doing the Right Thing(TM) (AKA: cyber-stalking) and slogging through his known Slashdot posts, it would seem that he rarely (but at times, does) puts the currency symbol at the end of the currency amount. He also sometimes does not use the transposed '.' and ',' but, most of the time he does, especially on amounts greater than 100k.

      I did find mention of Euthanasia being legal in his country so I definitely assume you are correct, BronsCon; he's a foreigner.

      I hereby concede defeat.

    11. Re: That ex-Apple employee by BronsCon · · Score: 1

      Funny, I did the same and came to the opposite conclusion, sort of. I ended up figuring either he was originally from the US and living abroad, or he had immigrated to the US, because he seems to follow both conventions. I didn't see the same message you saw about euthanasia or that would have been a dead giveaway. Either way, it's always fun to sharpen the old analytical skills.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  6. Ex Apple Security Employee is sued in... by Anonymous Coward · · Score: 0

    3, 2, 1...

    Just wait for it.

  7. DMCA? by Rick+Schumann · · Score: 1

    LOL maybe Apple will issue a DMCA takedown notice against that company and the government for reverse-engineering iPhones.
    All kidding aside Apple will I'm sure just treat this like any other exploit uncovered and change their product to prevent it. Then they'll create a new tool. Welcome to the endless game of Security Whack-a-Mole.

    1. Re:DMCA? by mark-t · · Score: 2

      It'll suck for the people who spent the $15k or $30k on the product, only to have it stop working not long afterwards.

      I'd hopw that $15k/$30k would include upgrades for a long enough time to be worthwhile, otherwise it's a money sink.

      --
      File under 'M' for 'Manic ranting'
    2. Re:DMCA? by Anonymous Coward · · Score: 0

      You could easily make that $15k - $30k back with the first bitcoin wallet you steal. Pretty much 100% profit after that.

    3. Re:DMCA? by Anonymous Coward · · Score: 1

      It will be a government entity using its citizen's tax dollars to pay for it, so they won't care. Other people's money.

    4. Re:DMCA? by Anonymous Coward · · Score: 0

      Those poor corporations, they need more rights, why should they have to pay exorbitant rates of $2/hr to their contractor employees? Won't someone think of the poor people with armies of lawyers and billions of dollars?

    5. Re:DMCA? by DontBeAMoran · · Score: 1

      AFAIK Apple doesn't allow Bitcoin wallet apps, so your plan is foiled.

      --
      #DeleteFacebook
    6. Re:DMCA? by sexconker · · Score: 1

      Bitcoin wallets are just private keys, and people can and do store them everywhere, no app required.
      Some people are even dumb enough to store them in an unencrypted form.

  8. 15 large for 300 uses? Sounds cheap... by Bearhouse · · Score: 1

    OK, 15 grand is a lot for the average individual, but for law enforcement etc. it's peanuts.
    Did I not read hear about that Israeli firm charging 100 k a pop?
    This is really discounting hard - 50 bucks per phone cracked, (if that's what they're doing).

  9. Arrest them for DMCA violation by Anonymous Coward · · Score: 0

    Are you using your phone's authentication and authorization controls as a technological measure which limits access to copyrighted works (e.g. your photos)?

    If any person is doing that, then it sounds like this company is manufacturing and trafficking in a circumvention device.

    The company is due to show for a conference in Myrtle Beach, South Carolina, this June.

    They are claiming in public to be flagrantly violating US copyright law. And they're letting law enforcement know when & where they'll be? Should be an easy arrest.

    1. Re:Arrest them for DMCA violation by Anonymous Coward · · Score: 0

      But, but, but, it is FOR THE CHILDREN (tm).

    2. Re:Arrest them for DMCA violation by volodymyrbiryuk · · Score: 2

      You know very well that it applies only to ordinary civilians.

      --
      sudo rm -r -f --no-preserve-root /
  10. Should be considered treason. by thedarb · · Score: 2, Interesting

    This is completely against the publics own interest and should be considered treason, IMHO.

    --
    This sig intentionally left blank.
    1. Re:Should be considered treason. by Anonymous Coward · · Score: 0

      That's not a valid definition of treason according to US law...

    2. Re:Should be considered treason. by mark-t · · Score: 1

      Definitions mean nothing to the current governing regime.

      We're talking about a government that has chosen to take "national security" to include even things that merely *might* be of signifiicant economic interest... to only one particular industry, I might add.

      --
      File under 'M' for 'Manic ranting'
    3. Re:Should be considered treason. by Anonymous Coward · · Score: 0

      Current "regime"? Have you been paying attention for the last 50+ years? Jeezuz y'all need to get over this anti-Trump bullshit. If you weren't outraged during the Obama administration also, you're being disingenuous...

    4. Re:Should be considered treason. by mschuyler · · Score: 1

      I don't think that word means what you think it means.

      --
      How about a moderation of -1 pedantic.
    5. Re:Should be considered treason. by amiga3D · · Score: 1, Troll

      What's really funny is watching all these people that claim Trump is worse than Hitler, the most evil creature ever, and then they want him to confiscate all private firearms. Pure idiots.

    6. Re:Should be considered treason. by mark-t · · Score: 1

      I used the term "regime" because the fault does not lay on any single person. "administration" would have been an equally applicable term.

      --
      File under 'M' for 'Manic ranting'
    7. Re:Should be considered treason. by DontBeAMoran · · Score: 1

      Depending on who's using them, those private firearms could maybe hold up against a few SWAT teams.

      But there's a lot of SWAT teams. Then there's the army, the navy and the air force.

      After that, there's all the secret organizations you don't know about, some of them probably equipped with alien weapons.

      So yeah, good luck revolting against your government, your puny hand guns will surely let you defend yourself against all of those.

      --
      #DeleteFacebook
    8. Re:Should be considered treason. by Anonymous Coward · · Score: 0

      Treason is defined in the United States Constitution. To just "consider" things treason would require two thirds of the states to agree to a constitutional amendment.

      The states could probably make it illegal, though, or the federal government could probably make it illegal to transport a cell phone across state lines for the purpose of unlocking it.

    9. Re:Should be considered treason. by thegarbz · · Score: 1

      There's irony in a statement that complains about national security including economic interests when discussing a country that spends quite so much on its military.

      Given how economics are the deciding factors in many wars you may want to reword your statement.

    10. Re:Should be considered treason. by rogoshen1 · · Score: 2

      Despite all the high tech weapons and whatnot, any kind of sustained operation still relies on boots on the ground. And I think you'd be surprised at how quickly the desertion rate would approach 100% if something like that came to pass -- the brainwashing of rank and file grunts is not *that* .. effective

      Also, notice how hard of a time the US has had in pacifying places like Iraq or Afghanistan. It turns out large scale guerrilla-type conflicts are very hard for the US military to handle in a sustained fashion.

      It would be a brutal and painful civil war -- and only a completely base and vile person would hope for it.

    11. Re:Should be considered treason. by mark-t · · Score: 1

      Perhaps you didn't catch that I said it was of economic interest to only one particular (commercial, not government) industry.

      --
      File under 'M' for 'Manic ranting'
    12. Re:Should be considered treason. by gtall · · Score: 1

      Unless he starts a nuclear war. Care to place any bets on his ability to handle a crisis beyond a bimbo explosion?

    13. Re:Should be considered treason. by Anonymous Coward · · Score: 0

      Guerrila-type conflicts want to avoid civilian casualties. If there's a civil revolution, the government could drop bombs, no need for boots on the ground.

      There's also AI-controlled drones to think about. No boots, no desertion.

    14. Re:Should be considered treason. by ArchieBunker · · Score: 1

      Maybe you should read a fucking dictionary.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    15. Re:Should be considered treason. by SvnLyrBrto · · Score: 1

      > Despite all the high tech weapons and whatnot, any
      > kind of sustained operation still relies on boots on
      > the ground. And I think you'd be surprised at how
      > quickly the desertion rate would approach 100% if
      > something like that came to pass -- the brainwashing
      > of rank and file grunts is not *that* .. effective

      I believe the student body of Kent State might have a differing experience on that score.

      --
      Imagine all the people...
    16. Re:Should be considered treason. by amiga3D · · Score: 1

      They had rocks against M-16s. That's not a good idea.

    17. Re:Should be considered treason. by amiga3D · · Score: 1

      Asking troops to slaughter US civilians might get a little dicey. Even SWAT teams might start to balk. It's one thing to go after a bank robber holding hostages. To kill women and kids you need someone like the BATF.

    18. Re:Should be considered treason. by Anonymous Coward · · Score: 0

      Treason? WFT. It is just a crappy iphone.

    19. Re:Should be considered treason. by DontBeAMoran · · Score: 1

      Yeah, the fools should have used paper.

      --
      #DeleteFacebook
    20. Re:Should be considered treason. by pi_rules · · Score: 1

      The reserves had M1 Garands, not M-16s.

    21. Re: Should be considered treason. by Anonymous Coward · · Score: 0

      I wish the Trump apologists could be so funny. Unfortunately they are on a spectrum ranging from sad to scary.

    22. Re:Should be considered treason. by amiga3D · · Score: 1

      That's actually worse. Better a 5.56 than that big round the M1 fires.

  11. law enforcement use can by pass the dmca by Joe_Dragon · · Score: 1

    law enforcement use can by pass the dmca

  12. Maybe app developers need to start encrypting? by ctilsie242 · · Score: 1

    Maybe app developers should consider doing their own encryption for data stored? This could be fairly simple, depending on the persistence of the data. If the data doesn't leave the device, create two nonces, stuff one in KeyChain, have an app PIN or PW unlock the other part, XOR it for the working key. That way, the OS (which is normally secure) maintains security, but the app still has stuff secured by the separate added PIN/passphrase.

    If the data has to be backed up, it could be encrypted with a nonce, and a HMAC of the nonce and the PIN/PW used to secure it if it backed up to iCloud or if it goes to iCloud directly as a file.

    For backups, one can do an architecture similar to Titanium Backup. Prompt for a password, generate a keypair, encrypt the private key with the password, then bundle the encrypted private key with every backup (or perhaps file). This allows backups to be done using the public key, and restores easily done by prompting for the password.

    OpenSSL is available on iOS, so this shouldn't be too much of a stretch.

  13. It's a software solution by Bruce66423 · · Score: 1

    At least according to the description.

  14. Phew. by Anonymous Coward · · Score: 0

    I fart in GreyKey's general direction!

    1. Re:Phew. by DontBeAMoran · · Score: 1

      Grey's mother was a hamster and Key's father smelt of elderberries!

      --
      #DeleteFacebook
  15. Hardware or software? by bradley13 · · Score: 1

    Someone suggested that this is a brute-force attack (and TFA even hints at that). I don't buy that, because a brute-force attack involving opening up the phone would be nothing really new. I expect they are exploiting a vulnerability.

    So sure, Apple immediately spent $30k for a license, so that they can analyze it. The fascinating question will be: Does the exploit rely on a hardware flaw or a software flaw? If the latter, it will quickly be patched. If this is ultimately relying on some weakness in the hardware, it likely won't ever patched for older phones, though the iPhone 11 may be immune.

    --
    Enjoy life! This is not a dress rehearsal.
    1. Re:Hardware or software? by DontBeAMoran · · Score: 1

      Is the iPhone X really number 10, though? Because there's no iPhone 9 right now.

      I'm thinking this is like they went from Mac OS 9 to Mac OS X, the iPhone X represents a new line of iPhones.

      In any case, I'm waiting for the iPhone XXX. They'll have to allow VR porn and 3D hentai apps on it!

      --
      #DeleteFacebook
    2. Re:Hardware or software? by Anonymous Coward · · Score: 0

      Is the iPhone X really number 10, though?

      No, I think the X is the 14th (not counting the plus models), but it was released in the year of the 10th anniversary of the iPhone.

      iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPhone 5S, iPhone 5C, iPhone 6, iPhone SE, iPhone 6S, iPhone 7, iPhone 8, iPhone X.

    3. Re:Hardware or software? by TrekkieGod · · Score: 1

      Someone suggested that this is a brute-force attack (and TFA even hints at that). I don't buy that, because a brute-force attack involving opening up the phone would be nothing really new. I expect they are exploiting a vulnerability.

      Apple does the maximum number of wrong attempts before deleting the contents of the phone thing. So I'm pretty sure the vulnerability is being able to stop that from happening (and likely adding the code to do to the brute forcing). The brute force code is to unlock. By default, iOS has a 4-digit pin to unlock. That's really easy to brute-force in no time at all if you can the software input the numbers and get around the maximum number of retries thing, so no reason to even try something other than brute-forcing.

      The part that gets me thinking is that the firm is run by an ex-apple security researcher. If he gets to do the above by jailbreaking it through a private key he swiped from Apple and took with him, or a backdoor he coded in himself, then he's in serious legal trouble.

      --

      Warning: Opinions known to be heavily biased.

    4. Re:Hardware or software? by bartle · · Score: 1

      In order for John Irving to unlock her iPhone, he enters a 6 digit PIN. Maybe Lorian Bartle uses an alphanumeric password. John and Lorian did not choose strong passwords, knowing they have to enter it every time they boot up the phone, so either phone is easily crack-able by coping the encrypted contents of their phones onto a powerful computer and brute forcing every possible password.

      Apple prevents this by generating a random element that, combined with John or Lorian's passcode, makes up the encryption key. This random element is stored inside Apple's super-special security chip. The exploit that they're selling may be based around extracting or computing this random element which would still necessitate a brute-force approach, but it moves the approach into the realm of the possible.

  16. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  17. 15K for 300 uses by DontBeAMoran · · Score: 1

    Isn't that the exact same rate as the whores working at Costco?

    --
    #DeleteFacebook
    1. Re:15K for 300 uses by Anonymous Coward · · Score: 0

      Isn't that the exact same rate as the whores working at Costco?

      Hillary Clinton's book doesn't even cost half that.

    2. Re:15K for 300 uses by Anonymous Coward · · Score: 0

      The problem with the Costco whores is that you have to buy a dozen at a time. Oh wait, that's not a problem.

  18. Ground work is done by Anonymous Coward · · Score: 0

    Phones have long ago been defined as "instruments of interstate commerce", and so anything you do on them is subject to federal law. The feds can, using this particular interpretation of the Interstate Commerce Clause, make law of any kind they like about your phone, and it'll hold up. Ergo, the phone doesn't have to cross state lines.

    This is not to say that they would have anything against breaking phone encryption. Near as I can tell, they're all for it.

  19. Re:15 large for 300 uses? Sounds cheap... by Stan92057 · · Score: 1

    Well, thinking like yours has gotten the US people billions in federal debit. whats a few thousand more lol...

    http://www.usdebtclock.org/

    --
    Jack of all trades,master of none
  20. Time for Apple to go open source by Anonymous Coward · · Score: 0

    Open source isn't more secure by default, but in a case like this where it's a platform used by millions, the benefits of open source as it pertains to identifying and patching vulnerabilities far outweigh the downsides.

    The time is approaching where Apple must choose between customer security and maintaining its proprietary code; it can no longer do both.

  21. GrayKey is not Deep Throat by Annie+Ominus · · Score: 1

    disgruntled apple cyber security employee maybe, stole a gen key before retirement? Anyone related to Felt work there lately?

  22. That word doesn't mean what you think it does by raymorris · · Score: 1

    >. create two nonces, stuff one in KeyChain, have an app PIN or PW unlock the other part, XOR it for the working key. ...
    > If the data has to be backed up, it could be encrypted with a nonce

    The key to your whole scheme is the nonce. And you don't know what a nonce is. So I'll answer your question:
    > Maybe app developers should consider doing their own encryption?

    App developers should develop apps. Cryptographers, who not only know what a nonce is, but can rattle off the top three most common problems when using a nonce, should do cryptography. Secure encryption is such a difficult problem that people who get a master's degree and spend their entire careers doing it STILL can't reliably do right. It's *that* difficult.

    1. Re:That word doesn't mean what you think it does by ctilsie242 · · Score: 1

      The perfect is the enemy of the good here.

      Having one's own encryption layer is better than nothing, especially if the phone's encryption may not be secure. Yes, an app developer might have to take the time to realize using AES in ECB mode is not a good thing, but that is better than nothing.

  23. Ah - the joys of capitalistic competition by Bruce66423 · · Score: 1

    Nice point, thank you: embarrass Apple into addressing the issue.

    The interesting question is whether Apple has the right to demand the basis for the attacks from the vendor.

    1. Re:Ah - the joys of capitalistic competition by Anonymous Coward · · Score: 0

      Apple and all the similar companies in the world are in the business of creating software and hardware products. If everyone waited until all the vulnerabilities were addressed they would have to operate with a 10 year product release schedule. There has to be balance between security and functionality or there would be no software in use because it is still being examined for vulnerabilities. Every time new functionality or other changes are added to the software the vulnerability audit cycle starts over. To date no one has ever been able to produce software that is free of vulnerabilities. The security researchers have all the time in the world to basically break someone else's creation. They don't concern themselves with the software functionality or usability. All they care about is trying to vulnerabilities. They don't have to concern themselves with the implementation of changes required to correct the vulnerabilities they discover. And of course some of the vulnerabilities are theoretical because the chance of someone exploiting the vulnerability is almost impossible to pull off outside of the computer lab where they have physical access to all the hardware needed to exploit a particular problem.

  24. Spectre or meltdown by xluap · · Score: 1

    This might exploit some spectre or meltdown like vulnerability to get the encryption keys that are located in an until now safe part of the processor chip.

  25. iOS 9 is more secure than iOS 10 and 11? by Anonymous Coward · · Score: 0

    So they can unlock iOS 10 and 11, but not iOS 9.
    So is iOS 9 more secure?

    1. Re:iOS 9 is more secure than iOS 10 and 11? by Anonymous Coward · · Score: 0

      Since many of iOS users update its system as soon, it should have been the main target versions to serve and if iOS 10/11 closes previous vulnerabilities, they probably don't have exploit(s) for iOS 9 or earlier (yet). What is so hard to expect? It is not the matter of security level but could be the different vulnerabilities.

  26. Should be $30M for unlimited by Anonymous Coward · · Score: 0

    Should be $30M for unlimited. The value of software like this to repressive govts must be considered. Sell it once and go on vacation. I'd add a clause to the contract that says "I don't want to pay federal or state taxes - again, ever, including this transaction." while I was at it.

    Online should be $15K for 2 uses. The goal is to limit the use for only those cases with extremely high profile requirements - i.e. budget.

    Notice how nobody mentions Android being locked? Android has locked storage apps that aren't controlled by Google. https://play.google.com/store/...

    1. Re: Should be $30M for unlimited by Brockmire · · Score: 1

      Only terrorists and gunmen have Apple phones.

  27. It's either secure for everyone by Darkling-MHCN · · Score: 1

    ....or it's secure for no one.

  28. This cheap? *lol* by xxxLCxxx · · Score: 1

    This cheap? *lol*
    ...and Apple believers will still assert that their phones are safe. When it comes to dumbing down people, religion is certainly the most effective.

  29. Maybe. False sense of security is bad by raymorris · · Score: 1

    If you think a file is encrypted, and therefore it's safe to back it up to an open S3 bucket, it would have been much better to not make it look encrypted and make it obvious that it's not protected.

    Whether weak encryption is better than none very much depends on many factors. Very often, it's "better" in the short term, but two years later someone does something that exposes the data because it looks like it's safe. They forget or never knew that the encryption isn't good encryption.