Cops Around the Country Can Now Unlock iPhones, Records Show

Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

what is it?

[supernova87a]

Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

Re: what is it?

Most likely. It's extremely improbable that they have found a way completely around the encryption and Apple still hasn't figured out how. Thus, a strong passcode (alphanumeric, 10+ characters minimum) should still be secure.

Re: what is it?

[david_thornley]

If you set the iPhone to wipe after ten failed tries, then even with a four-digit random passcode there's only a 0.1% chance it can be brute-forced. All of this is in the Secure Enclave for iPhone 5Ss and later, and I find it extremely improbable that the police are reading that. If you want your iPhone to be secure, turn fingerprint recognition off, randomize your code, and set ten-tries-to-wipe. I'm perfectly willing to believe that the 5C and earlier can be cracked.

Re:what is it?

Does it have to do with bypassing the 10 PIN entry lockout limit

That's a million dollar question. Probably similar to the exploit price tag.
Could be a hidden/undocumented API within iOS or just an intentional bug so that authorities can sneak in.

Re: what is it?

[guruevi]

It simply brute forces the thing. From the description, a 4 digit passcode can take a few hours, 6 digits a few days. They probably found a way around the deadswitch by powering off the chip before it's locked or simply too many people don't set the 10-time lockout.

Re: what is it?

You're wrong. They've managed to get around the 10 limit - and without opening the phone to get at individual hardware components for replacement. The details are extremely secret NDA stuff but they demonstrated they can do it even on 8.

Re:what is it?

[93+Escort+Wagon]

Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.

I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for one of these".

Re:what is it?

[AHuxley]

Your nation, state, city puts out a request for someone with skills to open a cell phone within a set contract and for a set amount of payment.
Brands from all over the USA and the world (with the ability to work with US law enforcement) consider the complexity and their costs and respond with the services.
The generations of phone products get worked on and data is extracted ready for police to use.

Re:what is it?

[demonlapin]

Hell, the criminals will have an easier time of it than Apple. The criminals already know crooked cops who will, for a fee, order one for them.

Re:what is it?

Don't know what the exploit is, but my guess is Apple put in various backdoors at the request of various governments.

On a related note, security wipes may not be that secure. From my limited understanding, a secondary, user changeable key is erased, which is tied to an internal master key. More to the point, regardless of key management, the actual user data likely isn't erased - could potentially be recovered after a security wipe.

Re:what is it?

Apple has been pretty vocal about not providing backdoors. They've also angered LE by having encryption by default. They fought the FBI over providing a backdoor a couple years ago. The FBI withdrew their demand so no legal precedent was set at the time.

I think the only thing Apple has caved on is handing off management of iCloud data for Chinese users in China. They wouldn't be able to sell the iPhone in China otherwise. But that's out in the open and here in the US there is no specific law or case law stating Apple has to do so for the American government.

Re:what is it?

No it is more likely to be an unintentional bug or a novel approach invented by some very capable engineers to exploit a hardware vector Regardless of how it is being done Apple is going to have to go back and re-think all their marketing slogans that claim Apple protects their users privacy. After all they went the extra mile by refusing to unlock the phone of a dead terrorist. Then Apple said unlocking the phone would require too many resources and cost a lot of money. Two days later a third party demonstrated that Apple was full of shit. Of course Apple had to transfer their IP to China for access to China's market so the Chinese could dissect Apples security and create a magic phone un-locker.

Re:what is it?

[rtb61]

It is not about accessing the phone when it is in their possession, with a search warrant, that is a lie. It is all about accessing the phone when it is in your possession without your knowledge and sometimes without a warrant. That is why a backdoor, nothing what so ever to do with legal access via a warrant, all to do with fishing expedition access without your knowledge. Now add in more reality, also about spying on the opposite sex, competitors and revenge. The more power some people have, the more power they want.

Re: what is it?

The Secure Enclave responds slower and slower to each unlock request..This is not a user setting. Read the Apple security white paper. Very detailed and enlightening

Re: what is it?

If you set it to wipe after 10 tries, then the first time your kid gets ahold of your phone you'll have the joy of a freshly factory wiped phone.

Re:what is it?

apple goes back on their word so much no one with any sense takes them seriously. Their privacy stance is nothing but marketing.

Re: what is it?

The whole San Bernadino 'crisis' was a marketing stunt.

Not the shooting. Just the whole breir rabbit tarbaby act Apple engaged in.

Re: what is it?

This has happened to me. Twice!

It is very hard to constantly move your phone around and try to hide it 100% of the time.

Re:what is it?

I agree with you in principle.

But I feel obligated to point out that people think they need smartphones WAY more than they actually do.

There may be a tiny handful of people who, due to the nature of their business, need to remain connected to the Internet at all times.

For the other 99%, it's just a luxury and an addiction.

For God's sake, if you are worried about privacy, don't use an IPhone. This isn't rocket science.

I have a dumbphone. It has my contacts and a calendar app. Let the police crack it, there is nothing there to find.

You can too.

Re:what is it?

[tlhIngan]

Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

Well, given it's running its own code, it involves jailbreaking. And yes, there is the Electra jailbreak for iOS11. The only difference is this unit's jailbreak need only involve tethered jailbreaks, which are far more plentiful than untethered jailbreaks like Electra (which was one of the first since iOS 8 or 9).

We also know that it's likely involving elevated permissions - perhaps going so far as to force a hard power down before the secure enclave can commit the changes it needs to nonvolatile storage. (In some more secure architectures, power down is handled by telling the secure processor to shut everything down, so it will commit its changes to storage prior to turn off. But most SoCs I've seen will tell the PMIC to turn off the rails and there it goes, without giving the security processor a chance).

These would be the most reasonable points of attack - you can start with jailbreaks simply because you need the ability to run your own code - we know it runs on the device directly.

And yes, complex pass codes are a thing on iOS, and can be done with not too much hassle given you can use TouchID or FaceID to alleviate a lot of the pain. (iOS mandates a 6 digit passcode now, it's only 4 if you've upgraded without changing it).

Re: what is it?

or you can teach your kid not to touch your shit. eh, i'm sure that's child abuse, though. My kids are all semi-normal characters, and they know that you don't touch mommy's $1,000 electronics. they actually can be taught that, and still be happy and healthy, or in the case of daughters, miserable and healthy.

Re: what is it?

Apple loves us and wants nothing but the best for us. Us meaning affluent white people. Anything you hear to the contrary is misinformation put out by people who can't afford an iPhone. Like black people.

Re: what is it?

Yeah, but if everyone were like you, you wouldn't be special. I mean, to be able to know what's right for 99% of people is a gift. A damn gift. 1% less than God is pretty damn impressive. I wish more internet commenters were confident enough to speak for everyone. I'm sick of all of these humble people, afraid to be wrong.

Re:what is it?

[AmiMoJo]

Couldn't a victim of a Greykey demand to see the source code at their trial? How else could the cops demonstrate that the device doesn't also plant evidence or alter the phone in some other way? It clearly alters the device being unlocked in some way, which seems to make it dubious as evidence.

Re:what is it?

[JabrTheHut]

Because you have to trust the cops. Even the ones filmed planting evidence, beating confessions out of people and stealing stuff. All the prosecutor has to say is "Yes, please disallow the evidence that the police have been filmed planting, but you have no reason to disallow the rest of the evidence, regardless of how untrustworthy the police have proven to be."

Re:what is it?

You could. But it ultimately depends on jurisdiction, and in most cases, the judge. It's whether or not a 'fair trial', is something they care about.

In a perfect world, you and I would be able to call for the source code with no questions asked. Sadly, that isn't where we live.

Look up 'breathalyzer' source code, as well as 'red light camera' source code cases.
The former, involves lack of 'calibration' incidences, while the latter, often includes intentional malfeasance for greater result of 'offenders' increasing ticketing and fines. I.e., a profit motive. ( is it really profit if it goes to the state? It's certainly profit to the 'red light camera company, per the contract...)

Either way, yes. We should have the code, for technical analysis and if upon appropriate discovery, its inadmissibility.

Re:what is it?

[mi]

How else could the cops demonstrate that the device doesn't also plant evidence

The same way they currently demonstrate, they don't plant it through traditional means, such as during traditional court-sanctioned searches... I don't know, how — or if — they do that, but the problem you allude to is hardly new.

More importantly, prosecution does not even need to present the evidence found in the phone — indeed, I suspect, such evidence rarely plays part in an actual trial.

The information gleamed from a suspect's device can still be immensely useful to investigators — such as to find new leads, to drop suspects (including the device's owner) cleared by it, and to use in interrogations.

Re: what is it?

From my limited understanding of copyright law, I only studied it for two years, I see the police are committing a felony if this is anything but a brute force tool, and so are the makers of the device.

That being said, if the phone is that insecure it must be user preference. While there is almost no way short of using your own software stack, your own custom kernel and no google play store on android, and iphone is relatively secure out of the box if you just set it to be so.

Re:what is it?

I switched to an actual receive only pager because I have to be on call, but rarely get called. When I get paged when not at home, I take the cellphone (cheap android phone) out of the trunk of my car, put the battery back in, and call back. When done the battery gets removed and the phone goes back into the trunk. Yes, the pager sends the message in clear text, but it doesn't constantly transmit my location to the nearest tower. I've not used a credit/debit card in 4 years unless cash was not acceptable (car rental, amazon purchase, etc). Obviously this won't help much if I am the target of surveillance, but that isn't my goal. My goal is to "opt" out of most bulk surveillance.

Re: what is it?

Are you sure the phones had the wipe on 10 tries setting on?

It's off by default and considering it will erase all your stuff if if it ever triggers I'd wager most people who value their data leave it off.

Re: what is it?

[wwphx]

I have an iPhone 6. The only thing I use my fingerprint for is buying books and accessing a couple of bank accounts: it's otherwise secured for login by a six digit number. I've been considering for my next upgrade getting a 128 gig iPod Touch ($299) and wiping my phone: leave a dozen or so contacts, and use it for a hot spot if I ever want to connect my iPod to the internet. If I ever need to actually replace the phone, find a cheap 4G international phone and have done. Next time I leave the USA and come back in, hand it to them with a smile.

I should talk to some of my former law enforcement contacts and see what's involved in hacking an iPod Touch.

Re: what is it?

[SvnLyrBrto]

Or, you could just backup your data. If you do a wired and encrypted backup to iTunes, it's protected both by Filevault and its passphrase and an additional round of encryption in iTunes, on which you could (and should) use a different passphrase.

Then, if your kid (or you, of you suffer from a bad case of butterfingers) wipes your device, it's a minor inconvenience and nothing more. Hell, you could create and load a custom security profile and crank it down to wipe the phone after only 2 failed attempts. And, so long as you are backed up, it's still no big deal.

Re:what is it?

Cracking the encryption itself is still a near impossibility on simple mathematics. The weakest point will always be the user access, i.e. your PIN.

If I had to venture a guess, I would guess that they've found a way to clone the storage of an existing phone.

Once they have a good clone, they can brute force their way into any phone. Try until it locks up, create a new clone, rinse and repeat.

It might take a while, sure... but it's an easily automated process.

Re: what is it?

[Brockmire]

That's a classic example of Apple's shit security. On a Blackberry, as more attempts are made, you need to type "blackberry" to proceed with final attempt. If your kid manages to wipe it, it's not a typical 3 year old but an intelligent villian that you should be very worried about.

Re: what is it?

[Brockmire]

This is why this is all Apple's fault their security is weaker, not stronger. So instead of just trusting ONLY Apple have a way in with Apple's lawyers providing some back pressure on warrants, but everyone with just relatively few bucks now has full access. Unlocking is fucking cheaper than a new phone.

Re: what is it?

[Brockmire]

Actually, there's more evidence to suggest Apple was infiltrated, so exploits could have been put in without Apple knowing. See GotoFail for example.

Re: what is it?

[Brockmire]

Well, I have no experience with copyright law but it's been stated many times of exemptions for law enforcement.

Good

Lots of times, computer forensics can point to reasons for violent crime (ex: school shooters, the danish submarine rapist / murderer, etc). Text messages and other phone only communications can also help build models, which can only help prevent horrific crimes. Unlocking these phones is a step forward towards preventative enforcement vs punitive enforcement. This will reduce the number of people forced to live in barbaric and horrific prison conditions and increase the number of people who get the help they need plus reduce violent crimes, assuming those models are applied to live network traffic analysis.

Re:Good

[AutodidactLabrat]

Wrong
Preventative detention will increase, indefinite detention will be the norm (see sex offenders registry and civil committment) and no more possibility of a people's revolt, given the ability to sidetrack troublemakers BEFORE they start.

Re:Good

Preventive enforcement? Fuck you.

Re:Good

“Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” - Benjamin Franklin

Re: Good

I am sorry about your experience as a sex offender, but it is helpful that you are monitored

Re: Good

âoeIâ(TM)m gonna shoot up my schoolâ

Nicholas Cruz, in a post that could have been caught

Re:Good

[Kenja]

I'm sure it wont be used for something bad, unlike the last time, and the time before that, and remember when we used census data to round up the Japanese into camps? Yeah, wont be like THAT time at all.

Re: Good

Proving the point of the quote you replied to.

As long as law is allowed to violate privacy they will miss what's out in the open and happening now.

Re: Good

Anyone who missed me down is likely a sex offender. Check out the first response to this, it is a person who complained that the sex offender registry is unfair.

Re: Good

The post WAS caught. And subsequently ignored.

Re: Good

Anyone who missed me down is likely a sex offender.

Anyone who doesn't agree that I'm right about everything is likely a racist with a small penis and below-average FICO score.

Re: Good

[shilly]

Well, we *could* monitor everyone's posts to see the ones who are saying dodgy things. Or we could, I dunno, make it more difficult to buy a fucking gun. That might work.

Re: Good

[chronoglass]

lemme get this right, the government safeguards against a crazy person getting a gun fail.. and your answer is.. we need more government safeguards? yeah.. im sure this time it'll be enough.

Maybe we start looking at this "recent" "uptick" in this crap and start looking for actual reasons it's happening now that we(the US) are the most regulated when it comes to firearms that we've ever been in the past? Maybe it's parenting drugs that are basically low dose meth(yeah, we win the award for most prescribed and abused in the world there too), maybe it's socio-economic breakdown starting to show its teeth, maybe the painkillers that we handed out like pez a few years back caused birth defects, maybe it's some guy in the clouds that forgot to hit the rapture switch. I don't know, but this "regulating the tools of evil" stance people seem to be taking is just insane.

it's like taking mustangs off the road to prevent traffic deaths.. I'm sure 90% of the people that drive mustangs drive like idiots, so if we remove those darned cars from the equation the kids will all live.

Re:Good

The reason for violent crime is people feel desperate and trapped.

If any effort at all were going into preventative efforts we'd be having public discores over the nature of the major reforms to the institutions responsible (schools and police mainly, with various corporations trailing behind) not talking about how befuddled we are and how if only we could read people's texts we might understand.

Re: Good

[shilly]

There *are* no government safeguards against a crazy person getting a gun. Apart from that, you got everything else wrong too. Well done!

Re: Good

[chronoglass]

well then, I guess i can just leave this here and point to question 11 a-i.
https://www.atf.gov/firearms/d...

Re: Good

[shilly]

FFS. There are no *meaningful* safeguards. They didn't fail -- they worked as designed by the NRA. They are designed to allow everyone who wants a gun to get a gun.

Re: Good

[chronoglass]

Looks like you cracked the case.. the NRA intended for the FBI to not actually bother to look at the information submitted to them requesting a background check.

That darned NRA, I hear they require the FBI to wear blind folds while they are runner stamping background checks.

Re: Good

[shilly]

Come back to me with your wit when you can write the term "rubber stamping" without making an error.

Re: Good

[chronoglass]

At least you are able to admit that your ignorance is willful, I feel we made some progress here.

Re: Good

[shilly]

I see your ability to infer accurately is as your spelling.

Re: Good

[Anonymous+Cow+Ward]

For someone who is attacking someone else for making a spelling error, writing "I see your ability to infer accurately is as your spelling." must be pretty embarrassing, no?

No one will protect our rights

We are on our own.

Physical access

[klingens]

trumps everything.
Maybe not everything: a 256bit symmetric encryption purely in software with a true 256bit passphrase aka actual meaningful encryption. Which is pretty much much impractical for use with a phone: enter 256bit of passphrase everytime you want to use it, make a call? Pure masochism.
So there is no practical way to secure your phone and you have to act accordingly for any data you want to be protected. Either destroy your phone: is there a market for phones with thermite inside? Or don't use them for anything incriminating.

Re:Physical access

Or buy a gun and defend your property against those who would steal it from you.

Re:Physical access

I can sell you a lithium ion battery puncture device for $1, that way you can always let the battery do it's job when you're done with the phone. Grenade hack! Throw immediately!

Re:Physical access

[AHuxley]

Re "Or don't use them for anything incriminating."

Thats what so many people don't think about.
The police/security services can look at every phone in a area in real time, over hours, days, weeks, months, years.
A phone turned off before entering an area and on again later after been in the area? Thats logged.
Two people talking for 5 minutes will get tracked due to location and time.
A new phone used in one area calling a set of other new phones in the same area and only for a few hours, days of use?
That stands out in a computer database of more normal phone use.
Voice prints do the rest. The government/mil security services can still get voice prints.
The phone can be full encrypted as an OS but the wider phone network is not protected from the gov/mil.
Attend a protest? Thats logged.
Turn off a phone before a protest? Thats logged.
Work for the US gov, mil? Thats totally collected on. Near a person who works for the US gov, mil? Thats some extra collection too.
That new person might be a journalist talking to a whistleblower :)
- --

Re:Physical access

Or don't use them for anything incriminating.

Thank you for telling us that you believe the age-old "if you have nothing to hide then you have nothing to fear" fallacy.

Protip, lots of people have lots of non-incriminating but still sensitive info on their phones that they don't want hackers to get access to just because Johnny Law is too lazy to do the foot work to catch Peg-Leg Pete.

"relatively cheap tools"

A $5 pipe wrench will always be successful at bypassing the multi-million dollar security appliance.

Re:"relatively cheap tools"

The problem with beating a password out of someone, is that the person being beaten needs to be able to trust that if they give up their password, the beatings will stop. But the person being beaten can never trust them to stop, because the beaters have no way of proving that that one password you gave up is the only one you know, so naturally the beatings will not stop.

Re: "relatively cheap tools"

[Brockmire]

Logic fail.

Obligatory...

Zuck the police!

Not the tool wanted

[sit1963nz]

This is NOT the tool wanted. This tool means they have to have physical access to the phone.

What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.

Re:Not the tool wanted

[RazorSharp]

This is a very good point. Unlocking a phone that has already been confiscated just helps with a prosecution. Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that politicians could then use the backdoors to quash dissent, target political opponents, and manipulate the citizenry. The general opinion in law enforcement seems to be that those aren't real concerns, and the only reason one could have for privacy is to commit crimes.

Re:Not the tool wanted

[b0s0z0ku]

Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.

Re:Not the tool wanted

[shess]

Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.

The country is full of people who think that we can trust law enforcement with this kind of thing - often the self-same people who think that we cannot trust the government IN ANY OTHER AREA OF LIFE.

Re:Not the tool wanted

What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.

It isn't as big of a deal as one would think. Sure, it would allow them to listen in on your conversations the way they can do if you have the facebook app installed.
But calls aren't point to point encrypted, they can listen in on them as much as they like.

Your web surfing could be encrypted, but they can still see what pages you access so if they want to they can just go to those pages and see what they serve.
You can use a VPN or something, but if you can monitor both incoming and outgoing traffic from the VPN they know who you are communicating with anyway.
If they have control of the ISP they can just delay the rest of the traffic to the ISP for half a second and see where it sends your data specifically. You won't notice and those who did notice the lag won't be able to figure out what caused it.

The remote backdoor would give them a bit more information from users that have removed all apps that already spies on them but it isn't that much more from what they already have.

Re:Not the tool wanted

[JabrTheHut]

Almost immediately after this happens the US will turn into a police state, with the NSA and FBI snooping on politicians' phones and leaking everything illegal, or legal and politically damaging on the first couple who say no to them. After that the remaining politicians will fall into line.

Re:Not the tool wanted

[houghi]

This is not about them being able to catch them committing a crime. This is about data collection that might be used when the case goes to court. Obviously they can just disregard it if it shows evidence the person was innocent.
This because the interest is in closing cases and getting convictions, not about solving cases correctly.
Having a lot of information will make it easier to let people admit to a crime they have not done.

Simple 4-6 digit passcodes. Not complex passcodes

[JoeyRox]

Based on the quoted time to crack the exploit is likely using brute-force - the purpose of the device is to guess those while also disabling the usual 10-guess iOS limit before the device is locked. However, iOS supports complex passcodes as well, up to at least 90 alphanumeric characters, and these are are unlikely to be cracked.

Don't keep sensitive info on your phone

[boundandgaggedwomen]

Or do like me and NOT keep sensitive info of you frigging phone!

Re:Don't keep sensitive info on your phone

[Locke2005]

So, where do you keep your kitty porn?

Re:Don't keep sensitive info on your phone

[novakyu]

I don't know, do you use email on your phone? Cloud storage? All those are exposed through your phone. I guess you can revoke access remotely, but until you revoke access, you have a leak, unless you don't use a smartphone like a smartphone.

Re:Don't keep sensitive info on your phone

[UnknownSoldier]

/sarcasm Presumably on the internet

Re:Don't keep sensitive info on your phone

This is why Apple iCloud, despite having tight integration with MacOS, is useless to me since iCloud files are also accessible through you phone. So, anything important enough to back up in iCloud will also be accessible to any pissant cop who picks you up for some bullshit and happens to have one of these cracking devices. Or even some thief who grabs your unlocked phone as the subway doors close and runs off. I still keep trivial stuff in there, but any personal or finance info stays on the local machine.

Re:Don't keep sensitive info on your phone

[Dare+nMc]

What about incriminating info? Which can be anything, so wipe your phone every few seconds?

Or are you under the impression only guilt people are searched, and only guilty people have ever been arrested, or that only guilty people have ever been convicted?

Comparing enough peoples data, to enough data from a significant amount of crimes will find false positives. Even if the odds are 1 in million, that means 300 people in the US would match, and 1 in a million convicts.

Worst thing is, you likely have little defense on what they find on your phone. You cannot find out how many cases they compare your data to, or how accurate the data on the phone was... And if they do find something that is cause to suspect you, it may put you on do not fly lists without any chance of due process.

Re: Don't keep sensitive info on your phone

[CoolDiscoRex]

If only everyone were like you, the world would be free of problems, and mankind could be at peace once and for all. Because you're you. And you-ness is everything. If only people could see. If only people could see ...

Re:Don't keep sensitive info on your phone

[houghi]

O n my toaster. That is why it runs Linux.

Re:Don't keep sensitive info on your phone

Have you ever known someone who was dating a cop's ex or had their ex start dating a cop?

There was just a news story about the police officers in Baltimore who carried toy guns on them to plant in case the ever shot an unarmed person. This kind of thing is pervasive.

There are some real psychopaths in that profession and the last thing I want to do is give them more power to manufacture evidence.

Re: Don't keep sensitive info on your phone

[boundandgaggedwomen]

If only everyone were like you, the world would be free of problems, and mankind could be at peace once and for all. Because you're you. And you-ness is everything. If only people could see. If only people could see ...

Yes it would be a beautiful thing, bus alas poor Yorick, it is not to be!

Caught lying, Jail the liar!

[mysidia]

Sounds like the fellow may have committed the crime 18 U.S.C. 1001 (Making False Statements) on matters within the federal jurisdiction, regarding law enforcement activities....

Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption

What I want to know...

...is what the FBI's agenda on this issue is. It's clearly not to fight organised crime or terrorism because they tend not to use encryption, opting for stolen, burner, and pay phones. What does defeating encryption do for them?

Only the fools rush in ...

... if I have anything of interest to law enforcement, it isn't going to be sitting around in memory relying on the phone encryption as the only defense. It's going to be encrypted again, with my own keys, probably off-phone, and stored on DropBox or whatever for intermittent access. You are not going to brute force my AES encrypted password safe with 35 character password. Ain't gonna happen. You will get a bunch of location data so you can watch me commute to the work address you already have, but the damn thing goes into a Faraday cage every time I go anyplace interesting, or better yet, I send it with my wife and she marches it around the city while I am off doing secret things. /shrug Only the stupid criminals get caught.

Minority Report: what could go wrong?

The total and laughable failure of police here is a testament to government stupidity. Maybe if they weren't too busy arresting people for smoking a plant or giving speeding tickets to boost their coffers, maybe they could have figured this out. But what it means is privatized, focused enforcement is needed; it certainly DOESN'T mean give police more surveillance powers.

Encryption Backdoors?

[Murdoch5]

No one should have the right to see what you don't want them see, it's simple, it's easy and if the government / state disagrees, they can go fuck themselves.

Re:Encryption Backdoors?

[xxxLCxxx]

Newsflash: They've been fucking you/us forever - and they prefer it that way.
Richest 62 people as wealthy as half of world's population

How else would they manage to keep this up?
Constant distraction, divide and conquer (there has to be an enemy – always), continuous buttering up by the media...
Even then, occasionally somebody sets out to make the world a better place. That's what they fear. They want to be able to stop it, before it becomes a dynamic movement.

Re:Exploitz

[wolfheart111]

as in plural... :)

And in the wrong hands

[DrYak]

Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that {...}

And also, they don't think that in the wrong hands, such tools could mean real-time hacking/stealing/etc. of people's phone, while they are attempting to conduct normal business :

A government-mandated backdoor that enable any random law-enforcement (be it with correct search warrant in order, or in abusive invasive state) to snoop in real time,
is also an entry point that could be abused by an attacker to steal personnal information of an unsuspecting user, divert money while they perform online-banking/online-shopping, steal sensitive corporate secret that they have stored encrypted (with the government-backdoored encryption), etc.

And here's the key problem :
  - in the civilized modern world, there are only a few criminal try to organise nefarious deeds, that could be thwarted by a law enforcement agent eaves droping.
(common, there isn't *that* much crime going on in, e.g., Sweden, Danemark, Germany or Switzerland).
  - at the same instant there's a massive amount of normal users conducting normal business that could get their stuff stolen if there's a hole in the security that is kept open by government law.

Backdoors solves very few problems (the limited amount of crimes) compared to the massive amount of problems it creates (nearly every random citizen is a potential victim of data-theft).

That's even with a well meaning government that doesn't have the slightest intent on spying on its citizen (see recent complain that advocating for privacy in Sweden is hard as few people see the government as a potential threat) or the government is a direct democracy (the people would need to vote themselves to allow the government to spy on them. Switzerland recently voted a reform of security laws that borders on that).

Which country?

Didn't know the FBI were operating in my country.

Use longer passwords.

[bihoy]

iOS does not restrict your passcodes to 6 digits. That's just the default. Set a strong Alpha-Numeric password and the GrayKey will take hundreds of years to unlock your iPhone.

Portable Hack Box

If this thing takes 3 or more hours to hacka a password, then I don't see how it's going to be used in a traffic stop, or anywhere else where
time is precious. They can't hold you for 3 hours while they hack your iPhone. That is unreasonable and most likely illegal.