Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com)

Posted by msmash on from the bottoming-things-out dept.

Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

58 of 98 comments (clear)

  1. what is it? by supernova87a · · Score: 1

    Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

    1. Re: what is it? by david_thornley · · Score: 1

      If you set the iPhone to wipe after ten failed tries, then even with a four-digit random passcode there's only a 0.1% chance it can be brute-forced. All of this is in the Secure Enclave for iPhone 5Ss and later, and I find it extremely improbable that the police are reading that. If you want your iPhone to be secure, turn fingerprint recognition off, randomize your code, and set ten-tries-to-wipe. I'm perfectly willing to believe that the 5C and earlier can be cracked.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    2. Re: what is it? by guruevi · · Score: 1

      It simply brute forces the thing. From the description, a 4 digit passcode can take a few hours, 6 digits a few days. They probably found a way around the deadswitch by powering off the chip before it's locked or simply too many people don't set the 10-time lockout.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    3. Re: what is it? by Anonymous Coward · · Score: 2, Informative

      You're wrong. They've managed to get around the 10 limit - and without opening the phone to get at individual hardware components for replacement. The details are extremely secret NDA stuff but they demonstrated they can do it even on 8.

    4. Re:what is it? by 93+Escort+Wagon · · Score: 4, Interesting

      Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

      If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.

      I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for one of these".

      --
      #DeleteChrome
    5. Re:what is it? by AHuxley · · Score: 1

      Your nation, state, city puts out a request for someone with skills to open a cell phone within a set contract and for a set amount of payment.
      Brands from all over the USA and the world (with the ability to work with US law enforcement) consider the complexity and their costs and respond with the services.
      The generations of phone products get worked on and data is extracted ready for police to use.

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:what is it? by demonlapin · · Score: 4, Insightful

      Hell, the criminals will have an easier time of it than Apple. The criminals already know crooked cops who will, for a fee, order one for them.

    7. Re:what is it? by rtb61 · · Score: 3, Insightful

      It is not about accessing the phone when it is in their possession, with a search warrant, that is a lie. It is all about accessing the phone when it is in your possession without your knowledge and sometimes without a warrant. That is why a backdoor, nothing what so ever to do with legal access via a warrant, all to do with fishing expedition access without your knowledge. Now add in more reality, also about spying on the opposite sex, competitors and revenge. The more power some people have, the more power they want.

      --
      Chaos - everything, everywhere, everywhen
    8. Re: what is it? by Anonymous Coward · · Score: 3, Informative

      The Secure Enclave responds slower and slower to each unlock request..This is not a user setting. Read the Apple security white paper. Very detailed and enlightening

    9. Re: what is it? by Anonymous Coward · · Score: 1

      If you set it to wipe after 10 tries, then the first time your kid gets ahold of your phone you'll have the joy of a freshly factory wiped phone.

    10. Re:what is it? by Anonymous Coward · · Score: 1, Insightful

      I agree with you in principle.

      But I feel obligated to point out that people think they need smartphones WAY more than they actually do.

      There may be a tiny handful of people who, due to the nature of their business, need to remain connected to the Internet at all times.

      For the other 99%, it's just a luxury and an addiction.

      For God's sake, if you are worried about privacy, don't use an IPhone. This isn't rocket science.

      I have a dumbphone. It has my contacts and a calendar app. Let the police crack it, there is nothing there to find.

      You can too.

    11. Re:what is it? by tlhIngan · · Score: 1

      Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

      Well, given it's running its own code, it involves jailbreaking. And yes, there is the Electra jailbreak for iOS11. The only difference is this unit's jailbreak need only involve tethered jailbreaks, which are far more plentiful than untethered jailbreaks like Electra (which was one of the first since iOS 8 or 9).

      We also know that it's likely involving elevated permissions - perhaps going so far as to force a hard power down before the secure enclave can commit the changes it needs to nonvolatile storage. (In some more secure architectures, power down is handled by telling the secure processor to shut everything down, so it will commit its changes to storage prior to turn off. But most SoCs I've seen will tell the PMIC to turn off the rails and there it goes, without giving the security processor a chance).

      These would be the most reasonable points of attack - you can start with jailbreaks simply because you need the ability to run your own code - we know it runs on the device directly.

      And yes, complex pass codes are a thing on iOS, and can be done with not too much hassle given you can use TouchID or FaceID to alleviate a lot of the pain. (iOS mandates a 6 digit passcode now, it's only 4 if you've upgraded without changing it).

    12. Re: what is it? by Anonymous Coward · · Score: 1, Insightful

      or you can teach your kid not to touch your shit. eh, i'm sure that's child abuse, though. My kids are all semi-normal characters, and they know that you don't touch mommy's $1,000 electronics. they actually can be taught that, and still be happy and healthy, or in the case of daughters, miserable and healthy.

    13. Re:what is it? by AmiMoJo · · Score: 5, Interesting

      Couldn't a victim of a Greykey demand to see the source code at their trial? How else could the cops demonstrate that the device doesn't also plant evidence or alter the phone in some other way? It clearly alters the device being unlocked in some way, which seems to make it dubious as evidence.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re:what is it? by JabrTheHut · · Score: 3, Funny

      Because you have to trust the cops. Even the ones filmed planting evidence, beating confessions out of people and stealing stuff. All the prosecutor has to say is "Yes, please disallow the evidence that the police have been filmed planting, but you have no reason to disallow the rest of the evidence, regardless of how untrustworthy the police have proven to be."

      --
      Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
    15. Re:what is it? by Anonymous Coward · · Score: 1

      You could. But it ultimately depends on jurisdiction, and in most cases, the judge. It's whether or not a 'fair trial', is something they care about.

      In a perfect world, you and I would be able to call for the source code with no questions asked. Sadly, that isn't where we live.

      Look up 'breathalyzer' source code, as well as 'red light camera' source code cases.
      The former, involves lack of 'calibration' incidences, while the latter, often includes intentional malfeasance for greater result of 'offenders' increasing ticketing and fines. I.e., a profit motive. ( is it really profit if it goes to the state? It's certainly profit to the 'red light camera company, per the contract...)

      Either way, yes. We should have the code, for technical analysis and if upon appropriate discovery, its inadmissibility.

    16. Re:what is it? by mi · · Score: 1

      How else could the cops demonstrate that the device doesn't also plant evidence

      The same way they currently demonstrate, they don't plant it through traditional means, such as during traditional court-sanctioned searches... I don't know, how — or if — they do that, but the problem you allude to is hardly new.

      More importantly, prosecution does not even need to present the evidence found in the phone — indeed, I suspect, such evidence rarely plays part in an actual trial.

      The information gleamed from a suspect's device can still be immensely useful to investigators — such as to find new leads, to drop suspects (including the device's owner) cleared by it, and to use in interrogations.

      --
      In Soviet Washington the swamp drains you.
    17. Re: what is it? by wwphx · · Score: 1

      I have an iPhone 6. The only thing I use my fingerprint for is buying books and accessing a couple of bank accounts: it's otherwise secured for login by a six digit number. I've been considering for my next upgrade getting a 128 gig iPod Touch ($299) and wiping my phone: leave a dozen or so contacts, and use it for a hot spot if I ever want to connect my iPod to the internet. If I ever need to actually replace the phone, find a cheap 4G international phone and have done. Next time I leave the USA and come back in, hand it to them with a smile.

      I should talk to some of my former law enforcement contacts and see what's involved in hacking an iPod Touch.

      --
      When you sympathize with stupidity, you start thinking like an idiot.
    18. Re: what is it? by SvnLyrBrto · · Score: 1

      Or, you could just backup your data. If you do a wired and encrypted backup to iTunes, it's protected both by Filevault and its passphrase and an additional round of encryption in iTunes, on which you could (and should) use a different passphrase.

      Then, if your kid (or you, of you suffer from a bad case of butterfingers) wipes your device, it's a minor inconvenience and nothing more. Hell, you could create and load a custom security profile and crank it down to wipe the phone after only 2 failed attempts. And, so long as you are backed up, it's still no big deal.

      --
      Imagine all the people...
    19. Re: what is it? by Brockmire · · Score: 1

      That's a classic example of Apple's shit security. On a Blackberry, as more attempts are made, you need to type "blackberry" to proceed with final attempt. If your kid manages to wipe it, it's not a typical 3 year old but an intelligent villian that you should be very worried about.

    20. Re: what is it? by Brockmire · · Score: 1

      This is why this is all Apple's fault their security is weaker, not stronger. So instead of just trusting ONLY Apple have a way in with Apple's lawyers providing some back pressure on warrants, but everyone with just relatively few bucks now has full access. Unlocking is fucking cheaper than a new phone.

    21. Re: what is it? by Brockmire · · Score: 1

      Actually, there's more evidence to suggest Apple was infiltrated, so exploits could have been put in without Apple knowing. See GotoFail for example.

    22. Re: what is it? by Brockmire · · Score: 1

      Well, I have no experience with copyright law but it's been stated many times of exemptions for law enforcement.

  2. Physical access by klingens · · Score: 1

    trumps everything.
    Maybe not everything: a 256bit symmetric encryption purely in software with a true 256bit passphrase aka actual meaningful encryption. Which is pretty much much impractical for use with a phone: enter 256bit of passphrase everytime you want to use it, make a call? Pure masochism.
    So there is no practical way to secure your phone and you have to act accordingly for any data you want to be protected. Either destroy your phone: is there a market for phones with thermite inside? Or don't use them for anything incriminating.

    1. Re:Physical access by AHuxley · · Score: 1

      Re "Or don't use them for anything incriminating."

      Thats what so many people don't think about.
      The police/security services can look at every phone in a area in real time, over hours, days, weeks, months, years.
      A phone turned off before entering an area and on again later after been in the area? Thats logged.
      Two people talking for 5 minutes will get tracked due to location and time.
      A new phone used in one area calling a set of other new phones in the same area and only for a few hours, days of use?
      That stands out in a computer database of more normal phone use.
      Voice prints do the rest. The government/mil security services can still get voice prints.
      The phone can be full encrypted as an OS but the wider phone network is not protected from the gov/mil.
      Attend a protest? Thats logged.
      Turn off a phone before a protest? Thats logged.
      Work for the US gov, mil? Thats totally collected on. Near a person who works for the US gov, mil? Thats some extra collection too.
      That new person might be a journalist talking to a whistleblower :)
      - --

      --
      Domestic spying is now "Benign Information Gathering"
  3. Re:Good by AutodidactLabrat · · Score: 1

    Wrong
    Preventative detention will increase, indefinite detention will be the norm (see sex offenders registry and civil committment) and no more possibility of a people's revolt, given the ability to sidetrack troublemakers BEFORE they start.

  4. Not the tool wanted by sit1963nz · · Score: 5, Insightful

    This is NOT the tool wanted. This tool means they have to have physical access to the phone.

    What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.

    1. Re:Not the tool wanted by RazorSharp · · Score: 3, Interesting

      This is a very good point. Unlocking a phone that has already been confiscated just helps with a prosecution. Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that politicians could then use the backdoors to quash dissent, target political opponents, and manipulate the citizenry. The general opinion in law enforcement seems to be that those aren't real concerns, and the only reason one could have for privacy is to commit crimes.

      --
      "From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
    2. Re:Not the tool wanted by b0s0z0ku · · Score: 3, Insightful

      Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.

    3. Re:Not the tool wanted by shess · · Score: 2

      Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.

      The country is full of people who think that we can trust law enforcement with this kind of thing - often the self-same people who think that we cannot trust the government IN ANY OTHER AREA OF LIFE.

    4. Re:Not the tool wanted by JabrTheHut · · Score: 1

      Almost immediately after this happens the US will turn into a police state, with the NSA and FBI snooping on politicians' phones and leaking everything illegal, or legal and politically damaging on the first couple who say no to them. After that the remaining politicians will fall into line.

      --
      Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
    5. Re:Not the tool wanted by houghi · · Score: 1

      This is not about them being able to catch them committing a crime. This is about data collection that might be used when the case goes to court. Obviously they can just disregard it if it shows evidence the person was innocent.
      This because the interest is in closing cases and getting convictions, not about solving cases correctly.
      Having a lot of information will make it easier to let people admit to a crime they have not done.

      --
      Don't fight for your country, if your country does not fight for you.
  5. Simple 4-6 digit passcodes. Not complex passcodes by JoeyRox · · Score: 5, Informative

    Based on the quoted time to crack the exploit is likely using brute-force - the purpose of the device is to guess those while also disabling the usual 10-guess iOS limit before the device is locked. However, iOS supports complex passcodes as well, up to at least 90 alphanumeric characters, and these are are unlikely to be cracked.

  6. Don't keep sensitive info on your phone by boundandgaggedwomen · · Score: 1

    Or do like me and NOT keep sensitive info of you frigging phone!

    1. Re:Don't keep sensitive info on your phone by Locke2005 · · Score: 1

      So, where do you keep your kitty porn?

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:Don't keep sensitive info on your phone by novakyu · · Score: 1

      I don't know, do you use email on your phone? Cloud storage? All those are exposed through your phone. I guess you can revoke access remotely, but until you revoke access, you have a leak, unless you don't use a smartphone like a smartphone.

    3. Re:Don't keep sensitive info on your phone by UnknownSoldier · · Score: 1

      /sarcasm Presumably on the internet

    4. Re:Don't keep sensitive info on your phone by Dare+nMc · · Score: 2

      What about incriminating info? Which can be anything, so wipe your phone every few seconds?

      Or are you under the impression only guilt people are searched, and only guilty people have ever been arrested, or that only guilty people have ever been convicted?

      Comparing enough peoples data, to enough data from a significant amount of crimes will find false positives. Even if the odds are 1 in million, that means 300 people in the US would match, and 1 in a million convicts.

      Worst thing is, you likely have little defense on what they find on your phone. You cannot find out how many cases they compare your data to, or how accurate the data on the phone was... And if they do find something that is cause to suspect you, it may put you on do not fly lists without any chance of due process.

    5. Re: Don't keep sensitive info on your phone by CoolDiscoRex · · Score: 1

      If only everyone were like you, the world would be free of problems, and mankind could be at peace once and for all. Because you're you. And you-ness is everything. If only people could see. If only people could see ...

    6. Re:Don't keep sensitive info on your phone by houghi · · Score: 1

      O n my toaster. That is why it runs Linux.

      --
      Don't fight for your country, if your country does not fight for you.
    7. Re: Don't keep sensitive info on your phone by boundandgaggedwomen · · Score: 1

      If only everyone were like you, the world would be free of problems, and mankind could be at peace once and for all. Because you're you. And you-ness is everything. If only people could see. If only people could see ...

      Yes it would be a beautiful thing, bus alas poor Yorick, it is not to be!

  7. Re:Good by Kenja · · Score: 2

    I'm sure it wont be used for something bad, unlike the last time, and the time before that, and remember when we used census data to round up the Japanese into camps? Yeah, wont be like THAT time at all.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  8. Encryption Backdoors? by Murdoch5 · · Score: 1

    No one should have the right to see what you don't want them see, it's simple, it's easy and if the government / state disagrees, they can go fuck themselves.

    1. Re:Encryption Backdoors? by xxxLCxxx · · Score: 1

      Newsflash: They've been fucking you/us forever - and they prefer it that way.
      Richest 62 people as wealthy as half of world's population

      How else would they manage to keep this up?
      Constant distraction, divide and conquer (there has to be an enemy – always), continuous buttering up by the media...
      Even then, occasionally somebody sets out to make the world a better place. That's what they fear. They want to be able to stop it, before it becomes a dynamic movement.

  9. Re:Exploitz by wolfheart111 · · Score: 1

    as in plural... :)

    --
    [($)]
  10. Re: Good by shilly · · Score: 1

    Well, we *could* monitor everyone's posts to see the ones who are saying dodgy things. Or we could, I dunno, make it more difficult to buy a fucking gun. That might work.

  11. And in the wrong hands by DrYak · · Score: 1

    Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that {...}

    And also, they don't think that in the wrong hands, such tools could mean real-time hacking/stealing/etc. of people's phone, while they are attempting to conduct normal business :

    A government-mandated backdoor that enable any random law-enforcement (be it with correct search warrant in order, or in abusive invasive state) to snoop in real time,
    is also an entry point that could be abused by an attacker to steal personnal information of an unsuspecting user, divert money while they perform online-banking/online-shopping, steal sensitive corporate secret that they have stored encrypted (with the government-backdoored encryption), etc.

    And here's the key problem :
      - in the civilized modern world, there are only a few criminal try to organise nefarious deeds, that could be thwarted by a law enforcement agent eaves droping.
    (common, there isn't *that* much crime going on in, e.g., Sweden, Danemark, Germany or Switzerland).
      - at the same instant there's a massive amount of normal users conducting normal business that could get their stuff stolen if there's a hole in the security that is kept open by government law.

    Backdoors solves very few problems (the limited amount of crimes) compared to the massive amount of problems it creates (nearly every random citizen is a potential victim of data-theft).

    That's even with a well meaning government that doesn't have the slightest intent on spying on its citizen (see recent complain that advocating for privacy in Sweden is hard as few people see the government as a potential threat) or the government is a direct democracy (the people would need to vote themselves to allow the government to spy on them. Switzerland recently voted a reform of security laws that borders on that).

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  12. Re: Good by chronoglass · · Score: 1

    lemme get this right, the government safeguards against a crazy person getting a gun fail.. and your answer is.. we need more government safeguards? yeah.. im sure this time it'll be enough.

    Maybe we start looking at this "recent" "uptick" in this crap and start looking for actual reasons it's happening now that we(the US) are the most regulated when it comes to firearms that we've ever been in the past? Maybe it's parenting drugs that are basically low dose meth(yeah, we win the award for most prescribed and abused in the world there too), maybe it's socio-economic breakdown starting to show its teeth, maybe the painkillers that we handed out like pez a few years back caused birth defects, maybe it's some guy in the clouds that forgot to hit the rapture switch. I don't know, but this "regulating the tools of evil" stance people seem to be taking is just insane.

    it's like taking mustangs off the road to prevent traffic deaths.. I'm sure 90% of the people that drive mustangs drive like idiots, so if we remove those darned cars from the equation the kids will all live.

  13. Use longer passwords. by bihoy · · Score: 1

    iOS does not restrict your passcodes to 6 digits. That's just the default. Set a strong Alpha-Numeric password and the GrayKey will take hundreds of years to unlock your iPhone.

  14. Re: Good by shilly · · Score: 1

    There *are* no government safeguards against a crazy person getting a gun. Apart from that, you got everything else wrong too. Well done!

  15. Re: Good by chronoglass · · Score: 1

    well then, I guess i can just leave this here and point to question 11 a-i.
    https://www.atf.gov/firearms/d...

  16. Re: "relatively cheap tools" by Brockmire · · Score: 1

    Logic fail.

  17. Re: Good by shilly · · Score: 1

    FFS. There are no *meaningful* safeguards. They didn't fail -- they worked as designed by the NRA. They are designed to allow everyone who wants a gun to get a gun.

  18. Re: Good by chronoglass · · Score: 1

    Looks like you cracked the case.. the NRA intended for the FBI to not actually bother to look at the information submitted to them requesting a background check.

    That darned NRA, I hear they require the FBI to wear blind folds while they are runner stamping background checks.

  19. Re: Good by shilly · · Score: 1

    Come back to me with your wit when you can write the term "rubber stamping" without making an error.

  20. Re: Good by chronoglass · · Score: 1

    At least you are able to admit that your ignorance is willful, I feel we made some progress here.

  21. Re: Good by shilly · · Score: 1

    I see your ability to infer accurately is as your spelling.

  22. Re: Good by Anonymous+Cow+Ward · · Score: 1

    For someone who is attacking someone else for making a spelling error, writing "I see your ability to infer accurately is as your spelling." must be pretty embarrassing, no?

    --
    Examine even your most deeply held beliefs. Nobody is always right.