Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cops Around the Country Can Now Unlock iPhones, Records Show (vice.com)

Posted by msmash on from the bottoming-things-out dept.

Law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors, Motherboard reported on Thursday. From the report: FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth. Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI's argument for introducing backdoors into consumer devices so authorities can more readily access their contents.

14 of 98 comments (clear)

  1. Not the tool wanted by sit1963nz · · Score: 5, Insightful

    This is NOT the tool wanted. This tool means they have to have physical access to the phone.

    What they REALLY want is a remote backdoor so they can spy on everyone in real time if they want.

    1. Re:Not the tool wanted by RazorSharp · · Score: 3, Interesting

      This is a very good point. Unlocking a phone that has already been confiscated just helps with a prosecution. Real time snooping allows them to easily catch people in the act of committing crimes. And that's really how law enforcement sees things. It doesn't occur to them (or they don't care) that politicians could then use the backdoors to quash dissent, target political opponents, and manipulate the citizenry. The general opinion in law enforcement seems to be that those aren't real concerns, and the only reason one could have for privacy is to commit crimes.

      --
      "From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
    2. Re:Not the tool wanted by b0s0z0ku · · Score: 3, Insightful

      Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.

    3. Re:Not the tool wanted by shess · · Score: 2

      Or maybe it does occur to them and they don't care. Or want government to go after troublemakers like protesters... The job of law enforcement often attracts a certain mentality.

      The country is full of people who think that we can trust law enforcement with this kind of thing - often the self-same people who think that we cannot trust the government IN ANY OTHER AREA OF LIFE.

  2. Re: what is it? by Anonymous Coward · · Score: 2, Informative

    You're wrong. They've managed to get around the 10 limit - and without opening the phone to get at individual hardware components for replacement. The details are extremely secret NDA stuff but they demonstrated they can do it even on 8.

  3. Re:what is it? by 93+Escort+Wagon · · Score: 4, Interesting

    Can someone speak to what the exploit is? Does it have to do with bypassing the 10 PIN entry lockout limit?

    If we knew what it was, Apple would know too - and would likely have patched it by now. And given we haven't heard anyone grousing about it, the box almost certainly works without triggering the lockout limit.

    I fervently hope Apple is doing what they can to acquire one of these boxes through back-channels. It's only a matter of time until one or more Greykey boxes gets stolen and reverse engineered by criminals; I'd just as soon Apple put feelers out now saying "we're willing to pay a whole lot of money for one of these".

    --
    #DeleteChrome
  4. Simple 4-6 digit passcodes. Not complex passcodes by JoeyRox · · Score: 5, Informative

    Based on the quoted time to crack the exploit is likely using brute-force - the purpose of the device is to guess those while also disabling the usual 10-guess iOS limit before the device is locked. However, iOS supports complex passcodes as well, up to at least 90 alphanumeric characters, and these are are unlikely to be cracked.

  5. Re:what is it? by demonlapin · · Score: 4, Insightful

    Hell, the criminals will have an easier time of it than Apple. The criminals already know crooked cops who will, for a fee, order one for them.

  6. Re:Good by Kenja · · Score: 2

    I'm sure it wont be used for something bad, unlike the last time, and the time before that, and remember when we used census data to round up the Japanese into camps? Yeah, wont be like THAT time at all.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  7. Re:what is it? by rtb61 · · Score: 3, Insightful

    It is not about accessing the phone when it is in their possession, with a search warrant, that is a lie. It is all about accessing the phone when it is in your possession without your knowledge and sometimes without a warrant. That is why a backdoor, nothing what so ever to do with legal access via a warrant, all to do with fishing expedition access without your knowledge. Now add in more reality, also about spying on the opposite sex, competitors and revenge. The more power some people have, the more power they want.

    --
    Chaos - everything, everywhere, everywhen
  8. Re: what is it? by Anonymous Coward · · Score: 3, Informative

    The Secure Enclave responds slower and slower to each unlock request..This is not a user setting. Read the Apple security white paper. Very detailed and enlightening

  9. Re:Don't keep sensitive info on your phone by Dare+nMc · · Score: 2

    What about incriminating info? Which can be anything, so wipe your phone every few seconds?

    Or are you under the impression only guilt people are searched, and only guilty people have ever been arrested, or that only guilty people have ever been convicted?

    Comparing enough peoples data, to enough data from a significant amount of crimes will find false positives. Even if the odds are 1 in million, that means 300 people in the US would match, and 1 in a million convicts.

    Worst thing is, you likely have little defense on what they find on your phone. You cannot find out how many cases they compare your data to, or how accurate the data on the phone was... And if they do find something that is cause to suspect you, it may put you on do not fly lists without any chance of due process.

  10. Re:what is it? by AmiMoJo · · Score: 5, Interesting

    Couldn't a victim of a Greykey demand to see the source code at their trial? How else could the cops demonstrate that the device doesn't also plant evidence or alter the phone in some other way? It clearly alters the device being unlocked in some way, which seems to make it dubious as evidence.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  11. Re:what is it? by JabrTheHut · · Score: 3, Funny

    Because you have to trust the cops. Even the ones filmed planting evidence, beating confessions out of people and stealing stuff. All the prosecutor has to say is "Yes, please disallow the evidence that the police have been filmed planting, but you have no reason to disallow the rest of the evidence, regardless of how untrustworthy the police have proven to be."

    --
    Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.