Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (vice.com)

← Back to Stories (view on slashdot.org)

Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (vice.com)

Posted by msmash on Tuesday June 5, 2018 @02:00AM from the cat-and-mouse-race dept.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: On Monday, at its Worldwide Developers Conference, Apple teased the upcoming release of the iPhone's operating system, iOS 12. Among its most anticipated features are group FaceTime, Animoji, and a ruler app. But iOS 12's killer feature might be something that's been rumored for a while and wasn't discussed at Apple's event. It's called USB Restricted Mode, and Apple has been including it in some of the iOS beta releases since iOS 11.3.

The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones. "That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."

187 comments

Min score:

Reason:

Sort:

Cludge fix? by sinij · 2018-06-05 02:05 · Score: 3, Interesting

I admit, I don't know exactly how GrayKey and Cellebrite work. However, if viewed from proper access control and privileges point of view, it shouldn't be possible to siphon the kinds of data (e.g. contacts, calls) that it is reportedly capable of doing.

So, could someone explain to me why they went with a solution that still leaves 1 hour window of opportunity to compromise a phone instead of fixing, what I guess are overly permissive privileges within the file system?
1. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:10 · Score: 5, Informative
  
  I admit, I don't know exactly how GrayKey and Cellebrite work. However, if viewed from proper access control and privileges point of view, it shouldn't be possible to siphon the kinds of data (e.g. contacts, calls) that it is reportedly capable of doing.
  So, could someone explain to me why they went with a solution that still leaves 1 hour window of opportunity to compromise a phone instead of fixing, what I guess are overly permissive privileges within the file system?
  The file system isn’t left open, there are kernel exploits in iOS. Apple’s developers aren’t perfect and don’t know where they left things like buffer overflows that can be exploited. They fix them as they find them, but of course GrayKey won’t share its trade secret. Instead of thinking that patching every possible exploit is possible, they restrict access to the device so that although exploits will probably always exist, someone without the passcode can’t interact with the phone at all. Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
2. Re:Cludge fix? by bensafrickingenius · 2018-06-05 02:10 · Score: 4, Insightful
  
  I too was thrown by the 1 hour window. How often outside of sleepy time does one's phone remain unlocked for an entire hour?
  
  --
  I am not left-handed, either!
3. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:13 · Score: 5, Funny
  
  I too was thrown by the 1 hour window. How often outside of sleepy time does one's phone remain unlocked for an entire hour?
  When the police seize it.
4. Re:Cludge fix? by omnichad · 2018-06-05 02:14 · Score: 2
  
  It would be smarter if that one hour window only applies to unlocks that grant USB access, not all unlocks. Much like an unlocked phone still requires confirmation for an app store purchase.
5. Re:Cludge fix? by AmiMoJo · 2018-06-05 02:17 · Score: 2
  
  I'm not sure this change will affect GrayKey and Cellebrite anyway. My understanding is that they attack the phone's bootloader. It's a special bit of firmware that loads at boot time and is designed to make recovery from a broken OS image possible. It seems that they found some vulnerability in it that they can exploit to disable the passcode attempt limit and then automatically try passcodes until they find the right one.
  Also, this fix doesn't seem to be enough... On my Pixel you always have to unlock to access any of the phone's resources via USB. There is no 1 hour grace period, it's needed every single time.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
6. Re:Cludge fix? by Dixie_Flatline · 2018-06-05 02:17 · Score: 1
  
  They work by cracking the passcode, basically. Supposedly, they found a way to repeatedly test the passcode without triggering the cooldowns, or something similar. Once the phone is unlocked, obviously, all the data is available to whoever wants it.
7. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:18 · Score: 0
  
  It's not a cludge fix; requiring authorisation before access is often an important part of securing a system. Should they also be looking at how the data is being extracted once connected... sure, but that doesn't make restricting the ability to connect a cludge. Our switches try and restrict access to our most privileged VLANs by determining if the device is supposed to have that access, however we also make an effort to avoid associating those VLANs with network points in unsecured physical locations.
8. Re:Cludge fix? by bondsbw · 2018-06-05 02:19 · Score: 5, Funny
  
  Apple’s developers aren’t perfect
  No no no... that's not how it works. Apple developers definitely are perfect, and everything they "fix" is really just better perfection.
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
9. Re:Cludge fix? by sinij · 2018-06-05 02:19 · Score: 0
  
  Instead of thinking that patching every possible exploit is possible
  This is silly. They don't need to patch every possible exploit, only ones that allow privilege escalation. Just like every OS out there is expected to do. How many privilege escalation and code execution flaws in, for example, current RHEL? I don't have to do CVE search to know that it is exactly zero, and if some are found they are fixed pronto.
  
  More so, if a product, like GrayKey and Cellebrite is released, then it is imperative that Apple reverse-engineer it to fix bugs they exploit. Unless these are not bugs but entrenched bad design choices that cannot be fixed.
  
  Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
  This is also silly design. It should be possible to wipe and reset it.
10. Re:Cludge fix? by currently_awake · 2018-06-05 02:21 · Score: 1
  
  The American Government probably requires Apple to have backdoor access to phone data via USB. If it wasn't deliberate they would have blocked the access by fixing the USB bug. They should also block software updates without unlocking the phone, to prevent the FBI getting a court warrant to force Apple to make "unlock assistance" software.
11. Re:Cludge fix? by phantomfive · 2018-06-05 02:21 · Score: 1
  
  Apple’s developers aren’t perfect and don’t know where they left things like buffer overflows that can be exploited.
  
  Having looked at the kernel code, I would suggest they aren't trying very hard.
  
  --
  "First they came for the slanderers and i said nothing."
12. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:22 · Score: 1
  
  I too was thrown by the 1 hour window. How often outside of sleepy time does one's phone remain unlocked for an entire hour?
  Jesus man, put the phone down and get a life.
  My phone will go for hours without being unlocked, because I'm not tethered to it like a teenager.
  In the case of law enforcement, a 1 hour window likely means before they get a chance to try to break into it, it's already fully locked down.
  Of course, they'll just make it illegal to make encryption they can't get into, or they'll make it a legal requirement that you unlock your phone for the police -- because neither government nor police care about such things as your rights or due process.
13. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:22 · Score: 0
  
  And that's for generic USB filesystem access.
  If you enable Developer Options for USB debugging / advanced access, you have to unlock and authorize a particular computer.
14. Re:Cludge fix? by sinij · 2018-06-05 02:27 · Score: 1
  
  Why is modifying bootloader doesn't require root access on iOS?
15. Re:Cludge fix? by BorgDrone · 2018-06-05 02:29 · Score: 3, Insightful
  
  They don't need to patch every possible exploit, only ones that allow privilege escalation.
  Well, if you give them a list of exploits that these tools use, I'll bet they will be more than happy to fix them.
  
  if a product, like GrayKey and Cellebrite is released, then it is imperative that Apple reverse-engineer it to fix bugs they exploit.
  And to do that they need to get their hands on one of them first, and GrayKey/Cellebrite are doing everything they can to prevent that.
16. Re:Cludge fix? by sinij · 2018-06-05 02:31 · Score: 1
  
  With apple cash horde, just buy them out. They have cash to spare.
17. Re:Cludge fix? by TigerPlish · 2018-06-05 02:34 · Score: 1
  
  How often outside of sleepy time does one's phone remain unlocked for an entire hour?
  Every evening, when I leave it in the bedroom and I'm watching something in the movie room. I don't let my phone be a cybershackle out of business hours.
  Want me? Call me! Otherwise I'll get back to you whenever.. if ever.
  Weekends? Many hours pass without me looking at it or unlocking it. I just don't caaaaaaaaare about constant connectivity, in fact, the older I get the more I loathe it.
  
  --
  The "Civilized World" jumped the shark ca. 1973.
18. Re:Cludge fix? by tsa · 2018-06-05 02:37 · Score: 1
  
  Indeed. They never make mistakes. Steve smites them with fire and fury if they do.
  
  --
  -- Cheers!
19. Re: Cludge fix? by MachineShedFred · 2018-06-05 02:37 · Score: 2
  
  The time from when a cop takes it from you, and when they get a judge to sign a search warrant allowing them to look at it.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
20. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:38 · Score: 0
  
  Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
  Do you actually have proof that it will become impossible to reset to factory default if you forget your password, or are you just trying to spread FUD?
  
  Sure, you'll lose your data that way, but "cool brick" implies a totally useless phone and not one that you've simply lost all data on.
21. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:39 · Score: 0
  
  How many privilege escalation and code execution flaws in, for example, current RHEL? I don't have to do CVE search to know that it is exactly zero, and if some are found they are fixed pronto.
  Wait, so there a ZERO of these flaw, but if any ARE found they are fixed pronto? I'm confused...why would they need to fix them pronto if there are ZERO flaws to be fixed?
  Please don't answer that. The obvious answer is that you meant there are zero KNOWN privilege escalation/code execution flaws. And the KNOWN part is critical. You can't fix what you don't know about, but what you don't know about can still be exploited.
  
  More so, if a product, like GrayKey and Cellebrite is released, then it is imperative that Apple reverse-engineer it to fix bugs they exploit.
  
  And how exactly do you expect Apple to reverse engineer stuff that they don't have access to? The companies making these tools aren't idiots. They know they are just a few bug fixes away from being put out of business (at least until they can find a new unknown bug). So they carefully screen their customers to ensure they ONLY sell to law enforcement. Unless Apple has an insider in some law enforcement agency willing to buy the product and then leak it to Apple, there isn't much they can do to reverse engineer the product.
22. Re:Cludge fix? by NFN_NLN · 2018-06-05 02:40 · Score: 4, Interesting
  
  The file system isn’t left open, there are kernel exploits in iOS. Apple’s developers aren’t perfect and don’t know where they left things like buffer overflows that can be exploited.
  I remember back in the satellite smart card hacking days when we had to "glitch" cards. We would put them in a special card reader and run commands through a loop over and over. As the commands were running through you could adjust the VCC voltage supplied to the card. If you hit the right timing/voltage the card would "glitch" and you could write to protected memory and gain access. You could buy unhacked cards by the hundreds and with enough skill 90% of the cards were glitchable. There isn't any amount of coding skill that can defend against a glitch like that.
23. Re:Cludge fix? by Anonymous Coward · 2018-06-05 02:43 · Score: 0
  
  USB is old hat. Bluetooth is wide open, and a good chance the Broadcom binary blob has an attack surface.
  The correct design should be no access, unless you open the back and some combination of jumpers and resistive pull-ups to activate a hidden interface - requiring apple only hardware.
  Really good design would be to VM the phone and it opens a fake partition/profile. Alas the best is not available yet.
  Just connect a current meter to the battery and measure bursts of power when it is idle mode.
24. Re:Cludge fix? by KiloByte · 2018-06-05 02:54 · Score: 5, Informative
  
  How many privilege escalation and code execution flaws in, for example, current RHEL?
  With the default desktop, plug in any USB mass storage with a crafted filesystem. Even a simple filesystem like ext4 whose maintainer keeps religiously fuzzing it keeps popping up new exploitable flaws; no one bothers issuing CVEs nor even backporting patches to stable kernels for these (as the attack mode is known since forever, and there's only so much educating distro maintainers about security Tytso and co can do). Besides ext4, we have some ridiculously complex filesystems like btrfs or xfs, and plenty of unmaintained ones like qnx4/qnx6 that nevertheless have their modules enabled, including automount, on distro kernels.
  Red Hat/Fedora's default is to automount any inserted removable media, at least in the desktop version, even if the screen is locked. This is exactly a case of flaw discussed in this very article; I guess other USB sub-protocols other than mass storage also might have similarly egregious flaws. Shutting down recognizing any new USB devices (other than possibly dumb chargers) while locked is a long overdue fix.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
25. Re:Cludge fix? by UnknowingFool · 2018-06-05 02:59 · Score: 1
  
  I admit, I don't know exactly how GrayKey and Cellebrite work. However, if viewed from proper access control and privileges point of view, it shouldn't be possible to siphon the kinds of data (e.g. contacts, calls) that it is reportedly capable of doing.
  I would assume that both require plugging in a cable instead over wifi or cellular connection. The problem isn't "siphoning" data. The problem is taking advantage of some flaw in the iPhone. Apple can fix each and every flaw however this would also help mitigate many attacks.
  
  So, could someone explain to me why they went with a solution that still leaves 1 hour window of opportunity to compromise a phone instead of fixing, what I guess are overly permissive privileges within the file system?
  I would say all security involves a balance of convenience vs effectiveness. If they didn't leave the 1 hour, that would mean that their customers would have to use a passcode every single time which would be inconvenient. The fingerprint and face scans are also a trade off of convenience vs effectiveness. You can set a extremely long ultra secure alphanumeric passcode to unlock your phone if you want but most people don't want to do that.
  Sorta like customers have to authorize purchases on the Apple store with a passcode or a fingerprint unlock. However if you buy multiple things within 15 mins so you don't have to keep re-authorizing. With the store authorization you can set it to always require instead of 15 mins. With this you can turn it on or off.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
26. Re:Cludge fix? by Megol · 2018-06-05 02:59 · Score: 1
  
  I think you have an addiction.
27. Re:Cludge fix? by UnknowingFool · 2018-06-05 03:04 · Score: 2
  
  I would assume the time allowance is for syncing and backups. Depending on the phone and the computer that could take a long time if the phone has a lot of files and the computer is older and using USB2.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
28. Re:Cludge fix? by AmiMoJo · 2018-06-05 03:09 · Score: 2
  
  The bootloader loads before the OS does. It doesn't have any concept of users. All it can do is ask for the passcode to decrypt flash memory or secure erase and overwrite the flash with a new image (for disaster recovery).
  The idea is that the secure element rate limits the number of password attempts. However, it appears that they have found some way to circumvent the limit, which involves exploiting the bootloader. It might be a case of loading their own code, or causing the secure element to crash and reset the attempt count/delay timer, or something else.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
29. Re:Cludge fix? by Nkwe · 2018-06-05 03:10 · Score: 1
  
  Why is modifying bootloader doesn't require root access on iOS?
  The boot loader is what *starts* iOS. iOS isn't actually running yet when the boot loader loads it, so iOS can't protect itself at this point. Pretty much all computers work this way - they have a lightweight piece of code (the boot loader) that is in the firmware of the device, this code's sole job is to read the operating system from storage, and start the operating system. The hardware of the device loads and runs the firmware boot loader, which in turn loads and runs the software operating system.
30. Re:Cludge fix? by UnknowingFool · 2018-06-05 03:12 · Score: 5, Informative
  
  I'm not sure this change will affect GrayKey and Cellebrite anyway. My understanding is that they attack the phone's bootloader.
  How does GrayKey and Cellebrite get access to the boot loader? Cellebrite currently sells a small device that plugs into the phone.
  
  Eventually, law enforcement came to rely on Cellebrite's Universal Forensics Extraction Device, the UFED. It's a small, hand-held device that's easy to use. Police can simply plug in a phone and download the device's memory to a flash drive in a matter of seconds. That's how police can find your deleted text messages.
  GrayKey is a box that plugs into the Lightning port.
  
  The product itself is a gray box four inches deep by two inches tall, with two lightning cables sticking out of the front. Up to two phones can be plugged into the device at a time and are connected for about two minutes.
  If the iPhone refuses to communicate via cable then neither device can probably work unless the companies find a flaw they can exploit.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
31. Re:Cludge fix? by rickb928 · 2018-06-05 03:22 · Score: 2
  
  To what, search warrants?
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
32. Re:Cludge fix? by AmiMoJo · 2018-06-05 03:26 · Score: 1
  
  The bootloader can be accessed via the lightning port. That's how iTunes can recover an unbootable phone by doing a "factory reset". In that case iTunes instructs the bootloader to secure erase the flash memory and writes a new OS image to it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
33. Re:Cludge fix? by luvirini · 2018-06-05 03:27 · Score: 1
  
  >There isn't any amount of coding skill that can defend against a glitch like that.
  Actually there is a fairly simple solution. Though it is not about coding skill is is about understanding the problem.
  If you data can is some cases be modified you need to sign it using digital signature methods, and if the signature is not correct you refuse to use the data.
  Of course the "smart" cards of the era were nothing of the sort and wider understanding of digital signing is from a later era so not really a realistic/likely solution for the programmers back then, but is has to do with other knowledge, not coding skill.
34. Re:Cludge fix? by AHuxley · 2018-06-05 03:31 · Score: 1
  
  Re "1 hour window of opportunity to compromise a phone"
  Police move in. The well educated computer aware protester shuts their trendy new big brand phone off.
  Police make arrests. Time taken to fill the van, bus back to the police station due to more arrests. Questions about name, ability to call to lawyer. Identity and citizenship questions. More time passes given the numbers arrested.
  Property gets sorted. An advanced new phone is discovered beyond the exiting guides police have on most new big brand US phones. A tech expert is contacted.
  The tech expert arrives to support police in their need to look at the data in the new phone..
  One hour has passed.
  A first direct question about the dongle location is asked.
  
  --
  Domestic spying is now "Benign Information Gathering"
35. Re:Cludge fix? by hjf · 2018-06-05 03:32 · Score: 1
  
  Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
  Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
  AFAIK it's not bricked. But you lose all your access to all your Apple data if you forget this password. It's not just your phone that you lose.
  But if you regain access to this, you can have your phone back.
  At least it makes your iphone a little less valuable to thieves. If it's completely bootloader-bricked, with serial number checks to all peripherals (including screen and fingerprint reader) it's theoretically not worth even for spares.
  Of course, eventually someone will find out how to bypass this. But at least the one who stole your phone will have nothing but a brick, hopefully for a long time.
36. Re: Cludge fix? by angel'o'sphere · 2018-06-05 03:32 · Score: 1
  
  You might be living under a rock.
  The recent 5 or more years /. was full with news that cops don't need a search warrant to look at the data of your phone.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
37. Re:Cludge fix? by Anonymous Coward · 2018-06-05 03:33 · Score: 0
  
  I don't have to do CVE search to know that it is exactly zero
  Then perhaps you should actually do that search, and you'll find it isn't exactly zero (that have been found/reported), and if you search harder, you'll find there are even more than 0 that haven't been reported to red hat, and haven't been fixed yet.
38. Re:Cludge fix? by Kulahan · 2018-06-05 04:00 · Score: 1
  
  I don't have to do CVE search to know that it is exactly zero, and if some are found they are fixed pronto.
  Translation: "We don't know how many there are, but fixing these issues is a very high priority
  So, they're about on par with pretty much every software company out there?
39. Re:Cludge fix? by mccrew · 2018-06-05 04:04 · Score: 1
  This is silly. They don't need to patch every possible exploit, only ones that allow privilege escalation.
  OK, Mr. Armchair Problem Solver, can you just take a minute to list all those privilege escalation exploits that have been discovered by researchers, nation-states, and all others, which they are jealously guarding and will never give up voluntarily?
  
  1.
  2.
  3.
  Feel free to use more space if this isn't enough.
  We're waiting...
  --
  Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
40. Re:Cludge fix? by Anonymous Coward · 2018-06-05 04:04 · Score: 1
  
  Kludge is spelled with a 'K', thank you.
41. Re:Cludge fix? by AmiMoJo · 2018-06-05 04:14 · Score: 3, Interesting
  
  Reminds me of the attack that finally recovered the hidden Gameboy boot ROM. Up until that point it had to be replaced by an open source one in emulators. The ROM was inside the CPU, and the final instruction in it disabled the ability to read said ROM until the next reset.
  Someone realized they could simply count the number of clock cycles needed to exit the ROM after reset, then sent that number -1 and glitched the clock line. The glitch caused the ROM-read-disable instruction to be skipped and the ROM could be dumped with a custom cart.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
42. Re:Cludge fix? by mysidia · 2018-06-05 04:18 · Score: 1
  
  Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
  What if they changed the logic... (1) Enter USB restricted Mode as soon as the phone is locked, but only if the iPhone has been Unlocked at least Once after booting up.
  (2) Turn off the phone, and turn it back on while holding the Home button (or something), or with no USB device connected --- the device will either boot without entering restricted mode or detect no USB device connected and stay out of restricted mode until the phone is unlocked by entering the passphrase at least once, but since the device hasn't been unlocked yet: the kernel doesn't have the ability to decrypt any of the files.
43. Re:Cludge fix? by msauve · 2018-06-05 04:18 · Score: 3, Interesting
  
  "I'm not sure this change will affect GrayKey and Cellebrite anyway."
  
  I'd assume that Apple has gotten their hands on one, knows how it works, and has used it to develop and test their new feature.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
44. Re:Cludge fix? by Immerman · 2018-06-05 04:20 · Score: 1
  
  There's an awful thin line between "bricked" and "bricked unless you can eventually find the password that you've forgotten". How many times have you managed to recall a password after forgetting it?
  Of course, if they're still regularly calling home to Apple for updates and the like, Apple might be able to at least do a remote wipe and restore to factory default state, so the phone itself wouldn't be lost, just all the data on it. That'd be nice.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
45. Re:Cludge fix? by Immerman · 2018-06-05 04:22 · Score: 1
  
  >So, they're about on par with pretty much every software company out there?
  I like your universe. How do I get there from here, where most software companies could care less about security issues beyond copy protection?
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
46. Re:Cludge fix? by TheFakeTimCook · 2018-06-05 04:24 · Score: 1
  
  I admit, I don't know exactly how GrayKey and Cellebrite work. However, if viewed from proper access control and privileges point of view, it shouldn't be possible to siphon the kinds of data (e.g. contacts, calls) that it is reportedly capable of doing.
  So, could someone explain to me why they went with a solution that still leaves 1 hour window of opportunity to compromise a phone instead of fixing, what I guess are overly permissive privileges within the file system?
  It's not that the privileges are "overly permissive", it's just that, once you're in, it trusts you to be you.
  Anything else would be like the first version of UAC in Visturd. Annoying as fuck, with very little additional benefit.
  I agree that 1 hour is a bit long; but it probably drops to zero if you have time to lock the phone with the "panic gesture" (press the sleep button 5 times).
47. Re:Cludge fix? by ctilsie242 · 2018-06-05 04:25 · Score: 1
  
  A DFU restore? I wonder how this USB "locking" mechanism will deal with that. Maybe iBoot or the firmware will allow a firmware overwrite and erase, but not any ability to read.
48. Re:Cludge fix? by Immerman · 2018-06-05 04:25 · Score: 1
  
  Well, it'd almost certainly be impossible for *you* to do so - how would you talk to the phone? Normally you'd plug it into your PC and initiate a reset, but now plugging it into the PC doesn't actually do anything unless the phone is unlocked, so...
  The only chance would be if the phone is still wirelessly connecting to Apple, and Apple has the capability to remotely trigger a reset.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
49. Re: Cludge fix? by Anonymous Coward · 2018-06-05 04:26 · Score: 0
  
  Some cop on the side of the road that wants to look at your data is not going to be using a USB-based exploit to get to it anyway, and it will most likely take more than an hour to get the tools in place or to actually successfully perform the exploit. This really applies to locked and/or powered-off phones that may be held in evidence, and would certainly block the access.
50. Re:Cludge fix? by TheFakeTimCook · 2018-06-05 04:28 · Score: 1
  
  This is also silly design. It should be possible to wipe and reset it.
  Who says there isn't?
  If you have the "Wipe after 10 tries" switched-on, then it will do that anyway.
51. Re:Cludge fix? by Immerman · 2018-06-05 04:28 · Score: 1
  
  How would that protect against a hardware compromise that allows the attacker to write to memory that *should* be protected? What would prevent the attacker from then just changing the required signature to their own?
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
52. Re:Cludge fix? by Anonymous Coward · 2018-06-05 04:33 · Score: 0
  
  Is your Android device still wide open to the Broadcom hack? Millions are.
53. Re:Cludge fix? by Joce640k · 2018-06-05 04:35 · Score: 1
  
  They don't need to patch every possible exploit, only ones that allow privilege escalation.
  Well, if you give them a list of exploits that these tools use, I'll bet they will be more than happy to fix them.
  In this case they don't need to patch any exploits, they just need to disable the USB connector.
  (the existing 'exploit' appears to be that they don't do that)
  
  --
  No sig today...
54. Re:Cludge fix? by Immerman · 2018-06-05 04:36 · Score: 1
  
  > If it wasn't deliberate they would have blocked the access by fixing the USB bug.
  Is that not exactly what they're doing? They don't know exactly what the bug is, so they're making the USB port useless unless the phone is already unlocked.
  Of course that's sort of the nuclear option, as it removes the easiest routes to repairing a phone with "broken" software, as well as probably interfering with the functionality of a number of clock-radios and other often-idle accessories. But it does the job.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
55. Re:Cludge fix? by Anonymous Coward · 2018-06-05 04:36 · Score: 0
  
  Why doesn't Apple just buy a copy of GrayKey/Cellebrite, hook the phone to a JTAG debugger, and see what's being exploited? Surely they can disguise the purchase origin.
56. Re:Cludge fix? by UnknowingFool · 2018-06-05 04:38 · Score: 2
  
  The bootloader can be accessed via the lightning port. That's how iTunes can recover an unbootable phone by doing a "factory reset". In that case iTunes instructs the bootloader to secure erase the flash memory and writes a new OS image to it.
  That would probably destroy any ability to recover the data on the phone as the per file encryption keys would be lost forever. This feature isn't to make a phone immune to theft; it's to make the data on the phone more secure from hacking.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
57. Re:Cludge fix? by jrmcferren · 2018-06-05 04:41 · Score: 1
  
  "They should also block software updates without unlocking the phone, to prevent the FBI getting a court warrant to force Apple to make "unlock assistance" software."
  You mean like how I have to enter my passcode to update either the iPhone or a Paired Apple Watch?
  
  --
  sudo mod me up
58. Re:Cludge fix? by UnknowingFool · 2018-06-05 04:48 · Score: 4, Interesting
  
  Let's say that Apple can do this. The problem is that Apple is then limited to plugging every single flaw one at time. With this feature they can mitigate a whole class of exploits.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
59. Re:Cludge fix? by AmiMoJo · 2018-06-05 04:54 · Score: 1
  
  Yes, that's the point. You can only erase the flash, you can't recover data from the phone via the bootloader.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
60. Re:Cludge fix? by CaptainDork · 2018-06-05 05:01 · Score: 2
  
  ... when you forget your password ...
  You've also forgotten how to use the goddam phone.
  
  If you forgot your passcode, or if a message says that your device is disabled, follow these steps to remove your passcode.
  
  --
  It little behooves the best of us to comment on the rest of us.
61. Re:Cludge fix? by Anonymous Coward · 2018-06-05 05:46 · Score: 0
  
  Pretty much the whole day?
  How often do you use your phone?
62. Re:Cludge fix? by Anonymous Coward · 2018-06-05 05:50 · Score: 0
  
  That's what Apple DFU restore is for. Connect to iTunes, and hold Home/Power. Release power after 5 seconds. Keep holding home button down until iTunes indicates it is flashing your phone.
  Once it boots back up with the latest available image, it'll check with Apple's servers to see if there's any pending 'Service Master/MDM' locks or 'iCloud' locks on the phone and prompt you for an admin or iCloud username and password. Otherwise, if the phone hasn't been iCloud/MDM locked, the phone will be ready to configure.
  I've heard it is a lot easier to steal an android, especially if the bootloader is unlocked. The ESN/IMEI can be blacklisted, but the device itself is still perfectly usable. I've also heard that the ESN/IMEI are not spoof proof (cops clone them all the time, and it is just data written to a certain section of the phone), but I've not heard of individuals successfully doing that. I might not be listening correctly.
63. Re:Cludge fix? by Anonymous Coward · 2018-06-05 05:55 · Score: 0
  
  LMGTFY DFU mode. Any other questions for the Oracle?
64. Re:Cludge fix? by sexconker · 2018-06-05 06:01 · Score: 1
  
  NFN_NLN was referring to fucking with the cards.
  luvirini pointed out that doesn't fucking matter if the device reading the card checks that it's signed by a trusted key.
  You're referring to fucking with the device reading the cards.
65. Re:Cludge fix? by Anonymous Coward · 2018-06-05 06:03 · Score: 0
  
  Correction, the boot-loader is designed to allow you to erase flash, and not allow data recovery.
  Sometimes designs fail.
66. Re: Cludge fix? by Anonymous Coward · 2018-06-05 06:16 · Score: 0
  
  Google âoeDFU modeâ.
67. Re:Cludge fix? by Anonymous Coward · 2018-06-05 06:37 · Score: 0
  
  Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
  Problem is though, when you forget your password with this feature, there is no restore. Cool brick!
  AFAIK it's not bricked. But you lose all your access to all your Apple data if you forget this password. It's not just your phone that you lose.
  But if you regain access to this, you can have your phone back.
  At least it makes your iphone a little less valuable to thieves. If it's completely bootloader-bricked, with serial number checks to all peripherals (including screen and fingerprint reader) it's theoretically not worth even for spares.
  Of course, eventually someone will find out how to bypass this. But at least the one who stole your phone will have nothing but a brick, hopefully for a long time.
  DFU mode will allow you to restore, but it is write only.
68. Re:Cludge fix? by Darinbob · 2018-06-05 06:46 · Score: 1
  
  You can duplicate digital signatures though. This can be solved by other means, but it's primarily why a lot of systems try to just hide the data instead.
69. Re:Cludge fix? by andymadigan · 2018-06-05 06:48 · Score: 1
  
  I believe you can still do a full reset of the device by connecting it to iTunes in recovery mode. This doesn't allow you to access anything stored on the device, but you can erase everything on the phone. Of course, activation lock still prevents it from being activated again unless you have access to the Apple ID previously used on the phone.
  
  --
  The right to protest the State is more sacred than the State.
70. Re: Cludge fix? by Anonymous Coward · 2018-06-05 07:04 · Score: 0
  
  Itâ(TM)s zero known flaws. Before zero there was one flaw. They fixed it pronto. So itâ(TM)s zero known flaws.
  You must be a millennial. Shoot yourself.
71. Re: Cludge fix? by Anonymous Coward · 2018-06-05 07:09 · Score: 0
  
  Come to Silicon Valley. As long as the hi looks good, the back end is a speghetti factory. Not the ok kind where you get subpar food and a stomach ache. The bad kindvwgere you piss blood and a rash eats away your stomach area exposing your intestines and you sit up to call 911 and your innards become outtards and basically you are a zombie. So you duct tape yourself up and get on the google bus.
72. Re:Cludge fix? by tattood · 2018-06-05 07:26 · Score: 1
  
  With apple cash horde, just buy them out. They have cash to spare.
  So that the founders now have a ton of cash to go and build the next, more advanced unlocking box.
  
  --
  WTB [sig], PST!!!
73. Re:Cludge fix? by Anonymous Coward · 2018-06-05 07:35 · Score: 0
  
  Its NOT unlocked.
  What Apple is doing is after 1 hour the USB / lightening port will be disabled.
  Simple.
74. Re:Cludge fix? by AmiMoJo · 2018-06-05 07:39 · Score: 1
  
  I don't think locking will affect DFU.
  Even if you read the flash (an optional part of the DFU spec) it's encrypted. The only realistic attack is on the passcode.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
75. Re: Cludge fix? by Anonymous Coward · 2018-06-05 07:59 · Score: 0
  
  It's not a brick if you forget the password. You can still do a factory reset. Bricks are reserved for truly unusable devices.
76. Re:Cludge fix? by Anonymous Coward · 2018-06-05 08:31 · Score: 0
  
  "That's what Apple DFU restore is for. Connect to iTunes, and hold Home/Power. Release power after 5 seconds. Keep holding home button down until iTunes indicates it is flashing your phone."
  Duh, that's exactly what these unlock-boxes do, minus the checking with Apple.
77. Re:Cludge fix? by CohibaVancouver · 2018-06-05 09:03 · Score: 1
  
  For Christ's sake Anonymous Coward - Did you READ THE LINKED ARTICLE?
  
  The whole point is once this software change is in place DFU won't work if you don't know the device's password because you can't plug into a Mac or PC if you don't know the code.
78. Re:Cludge fix? by Anonymous Coward · 2018-06-05 09:24 · Score: 0
  
  Seems like apple lets you reset your password if you can prove access to other components, e.g. your email, etc. So, forgetting a password = brick seems like a stretch
79. Re: Cludge fix? by Anonymous Coward · 2018-06-05 09:47 · Score: 0
  
  Known flaws. I'm glad you're discussing what's relevant to security.
  Join us at the grown-up's table when you're ready, kid.
80. Re: Cludge fix? by Brockmire · 2018-06-05 12:07 · Score: 1
  
  You employ them in the security department. It's pretty common to lock up the actual talent for 2-3 years when dropping off a truckload of cash to a few smart dudes.
81. Re: Cludge fix? by Brockmire · 2018-06-05 12:17 · Score: 1
  
  Are you fucking serious? That's some weak give up shit attitude. Apple has access to the fucking code, cash and tons of smart people. If you don't think there's countermeasures they are leaving on the table you are fucking wrong. They have demonstrated dropping the ball on QA several times. This is another case. They were so late to fuzz testing, they don't try hard enough. The guy who heads up Apple's spy division really dropped the fucking ball here and must be under the gun for being all talk and not getting results.
82. Re:Cludge fix? by Anonymous Coward · 2018-06-05 12:27 · Score: 0
  
  Android devices are still wide open to vulnerabilities discovered 20 years ago. Android is about as secure as Window 98 was when it came out .... and it may even be worst.
83. Re: Cludge fix? by Brockmire · 2018-06-05 12:32 · Score: 0
  
  Yes, and there are trivial software mitigations. Just adding random timing loops in certain places and nop's in others prevented many attacks. You're trying to glitch past various checks that prevent access. Just randomizing the boot operation will take out many attacks. In later cams, the power supply is isolated to prevent glitches and glitch detection circuitry added. But all those implementation bugs from early generations allowed attacks without glitching, just very clever attacks. Basically, the first cards had very little security which allowed them to be dumped and reversed (like finding backdoor keys). From there, other flaws could be used to dump future generations without glitchers or SEMs. You can see from the Graykey stuff, they can work across several iOS versions spanning years.
84. Re:Cludge fix? by Anonymous Coward · 2018-06-05 14:04 · Score: 0
  
  How would that protect against a hardware compromise that allows the attacker to write to memory that *should* be protected? What would prevent the attacker from then just changing the required signature to their own?
  If you are referring to compromised (ie: altered) cards, as the GP said, you're misunderstanding the problem. If you are cloning, sure, your target is the card. If, as your post says, you are altering, your target is the reader.
85. Re:Cludge fix? by zippthorne · 2018-06-05 15:32 · Score: 1
  
  USB access should default to no, have a setting where it's just full off, and a setting where you can limit it to select machines that you've "paired" it with. How often do you connect a phone to a machine that isn't your own and want that machine to have access to your photos and contacts and app data? Isn't it more likely that any machine that isn't the one you sync with, you just want to use it to charge the battery?
  
  --
  Can you be Even More Awesome?!
86. Re:Cludge fix? by Anonymous Coward · 2018-06-05 15:43 · Score: 0
  
  Eh, I don't think you should waste a lot of time making sure to spell "kludge" perfectly. Just throw together some letters that kinda sound right and call it a day.
87. Re:Cludge fix? by thegarbz · 2018-06-05 21:45 · Score: 1
  
  I too was thrown by the 1 hour window. How often outside of sleepy time does one's phone remain unlocked for an entire hour?
  It's a question of nefarious timing. You go out and get pulled over for a DUI or some other stupid crap like that. The police try to sting you with a crime by fishing through your phone, but you refuse to unlock it for them. You've already wasted 15min like there. These systems aren't cheap, and every officer isn't carrying one. What are the odds of getting that phone to one of these devices in the remaining 45min?
  Apple isn't working against nation state attacks against specific targets here, they are working against the FBI and police and their thousands of seized phones.
88. Re:Cludge fix? by Immerman · 2018-06-06 01:07 · Score: 1
  
  You can always get a USB charging cable that doesn't even *have* any data lines, though finding one intentionally may be a challenge. And it'd mean your phone should draw only the standard 0.5A specified by the USB standard, since it can't negotiate for higher current.
  I may be wrong here - someone with more USB protocol experience feel free to step in, but:
  I agree that your proposal would be good, but I think it would require a potentially major revision to the USB standard to implement - the USB standard is designed as a data connection of peripherals to a centrally controlling host - dumb power was never an intended purpose for it, and even today remains a fall-back option to allow for cheap chargers. It doesn't even consider the possibility of untrusted connections, especially from the device end (your phone). You plug something in to your PC, it's pretty much presumed to be a peripheral that now belongs to the PC. The device can't even initiate any communications - it can only respond to communication initiated by the host.
  What you could potentially do today is have a prompt pop come up on your phone saying "Enable data?" whenever it's plugged in, and just pretend to be a power-hungry USB hub unless and until you activate data to "plug in" the virtual phone. Or even a switch that electrically disables the data lines. But I don't think they could be auto-connected to your normal PC, because the the USB protocol doesn't involve the PC identifying itself.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
89. Re:Cludge fix? by Immerman · 2018-06-06 01:17 · Score: 1
  
  I wasn't actually talking about satellite cards, nor seemingly was the person who first mentioned them. We're talking about hardware exploits - which can't be easily defended against via software.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
90. Re:Cludge fix? by Anonymous Coward · 2018-06-07 00:57 · Score: 0
  
  You've obviously never bought a company. Purchase terms are often rather restrictive.
91. Re:Cludge fix? by KingBenny · 2018-06-11 16:00 · Score: 1
  
  "could" smells like "ICO" lol , nothing proven yet
  
  --
  Free speech was meant to be free for all... how can anyone grow up in a nanny state ?
92. Re:Cludge fix? by Anonymous Coward · 2018-06-14 23:25 · Score: 0
  
  I'd assume that the boxes come with a very restrictive EULA that Apple would be in violation of, if so, and contain the proprietary intellectual property of their manufacturers, making any non-clean-room development Apple has conducted using them tainted and liable to a big fat juicy lawsuit and injunction...
93. Re:Cludge fix? by Anonymous Coward · 2018-06-14 23:32 · Score: 0
  
  Because the boxes likely come with an EULA that expressly prohibits reverse engineering like this. And that if Apple did (I'm sure they could find a 'rogue engineer' stupid enough to fall for it with enough 'Will no-one rid me of this meddlesome GrayKey?' cries from management), it would taint any workarounds they coded. And with those hundreds of billions of dollars of cash laying around, and the iPhone being their primary income stream, they're a very tempting target for an intellectual property violation injunction and lawsuit.
Hyperbole much? by Jason1729 · 2018-06-05 02:07 · Score: 4, Informative

"Apple Is Testing a Feature That Could Kill Police iPhone Unlockers. " Um, the feature you describe will prevent current unlockers from working on an iPhone with the feature enabled. But it's not going to kill the unlocker. That conjures up imagery of something that will detect the unlocker and fire high voltage into it or some such.

I guess my 4-digit pin kills anyone who tries to casually snoop at my phone.
1. Re:Hyperbole much? by Anonymous Coward · 2018-06-05 02:15 · Score: 0
  
  They forgot the em dash between the words Police and iPhone. According to unlockers, Apple must be working on improving the lethality.
2. Re:Hyperbole much? by Anonymous Coward · 2018-06-05 02:16 · Score: 0
  
  press x to jason
3. Re:Hyperbole much? by arth1 · 2018-06-05 04:05 · Score: 1
  
  Yeah, this is false advertising. Although it might be possible to cause the battery to explode, and at least get a decent chance of maiming them.
  Just reducing the number of police trigger fingers might make this part of the world a safer place.
4. Re:Hyperbole much? by teslar · 2018-06-05 04:44 · Score: 1
  
  If a product no longer works, it is likely to get discontinued ("killed off"). It's not that much of a stretch to say that making software useless will kill it.
  Captcha: epitaphs.
5. Re:Hyperbole much? by Anonymous Coward · 2018-06-05 05:36 · Score: 0
  
  https://www.youtube.com/watch?...
Re:Tails Linux v.3.7 - crazy logging w/ obfs4 brid by bensafrickingenius · 2018-06-05 02:12 · Score: 1

** I have not looked to make sure I was commenting on the intended story.

--
I am not left-handed, either!
It could be so much easier! by idji · 2018-06-05 02:15 · Score: 4, Interesting

What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone.
Or what if left-right-left unlocked and left-right-right wiped?
1. Re:It could be so much easier! by Anonymous Coward · 2018-06-05 02:25 · Score: 2, Insightful
  
  Fingerprints have a non-zero chance of being misidentified, and the user a huge chance of accidentally doing the wrong swipe command because they forgot or recently switched gestures.
  Bad idea, imho
2. Re:It could be so much easier! by squiggleslash · 2018-06-05 02:26 · Score: 1
  
  I too want to destroy my phone every time I accidentally pick it up with the wrong hand.
  
  --
  You are not alone. This is not normal. None of this is normal.
3. Re:It could be so much easier! by OzPeter · 2018-06-05 02:28 · Score: 1
  
  What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone.
  Or what if left-right-left unlocked and left-right-right wiped?
  Given that Apple is moving to Face ID for phone unlocking I don't see any changes based on finger prints happening. Plus the possibility of accidentally wiping a phone would have Apple really nervous about lawsuits.
  
  --
  I am Slashdot. Are you Slashdot as well?
4. Re:It could be so much easier! by Anonymous Coward · 2018-06-05 02:38 · Score: 0
  
  The cops see you talking on your phone. Then, they ask you to unlock it. You say "Sure!" and suddenly the phone wipes.
  Congratulations on your charge for obstruction of justice.
5. Re:It could be so much easier! by cascadingstylesheet · 2018-06-05 02:44 · Score: 1
  
  What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone. Or what if left-right-left unlocked and left-right-right wiped?
  I'm hoping this is tongue in cheek ... humans are far too unreliable to make it this easy to accidentally wipe your phone.
6. Re:It could be so much easier! by wbr1 · 2018-06-05 03:02 · Score: 2
  
  What you are promoting is a dead-man-switch. Technically easy to implement, but not done by any device manufacturer currently. Probably because they do not want the piles of support calls for accidental phone wipes.
  
  --
  Silence is a state of mime.
7. Re:It could be so much easier! by wbr1 · 2018-06-05 03:05 · Score: 1
  
  Thinking about it some more, having it have multiple steps would help. Perhaps the dead-man trigger would not wipe the device but put it into an 'alert' state such that any attempt at data connection through USB or failed 'real' unlock attempt would wipe the device.
  
  --
  Silence is a state of mime.
8. Re:It could be so much easier! by Anonymous Coward · 2018-06-05 03:06 · Score: 2
  
  It's actually a good idea, just poorly implemented. Instead of wiping after a single swipe of the panic finger, it would require 3-4 swipes.
  
  Of course, to really work, you would need to allow the user to decide if the fingerprint sensor should only function as an unlock, or only function as a panic-wipe. Otherwise, you as a user would want to know if the "error reading fingerprint" message is the real deal or the phony "swipe X more times to initiate factory reset" message. But if you use an alternate message, the bad guys would know about alternate messages and would watch you try to unlock it and stop you if the alternate message displays. Also, since it would require multiple swipes before wiping, the bad guys could just demand that you use a different finger for each swipe. That could be somewhat alleviated by letting you specify 9 prints as wipe prints, with 3-4 successful scans of any of those 9 initiating a wipe. But there'd still be the possibility of the bad guys choosing the correct finger before enough successful panic-swipes.
  
  And to clarify, each time I said "bad guys" I was not referring to cops or other governmental enforcers. I was referring to whatever you the reader would consider actual bad guys. Yes this idea would of course also hinder legal law enforcement, but trying to argue in favor of security when the other side screams "think of the pedophile terrorists!" is a losing battle. So I frame it as protecting people against the pedophile terrorists rather than protecting people's rights against law enforcement over-reach.
9. Re:It could be so much easier! by PPH · 2018-06-05 03:13 · Score: 1
  
  Because my wife pulls her phone out of her purse upside down or face down just as many times as she does right side up. One swipe the wrong way and everything is gone.
  
  --
  Have gnu, will travel.
10. Re:It could be so much easier! by Anonymous Coward · 2018-06-05 03:21 · Score: 0
  
  To be fair to apple you can already press the power button 5 times to stop it accepting anything other than your PIN if you want the convenience of biometric access but want to be able to stop it quickly if required. Frankly, if the police are that determined to get you that they wait until you are using your phone in public and snatch it then you're already screwed.
11. Re:It could be so much easier! by Bearhouse · 2018-06-05 03:21 · Score: 1
  
  Good idea, until you fumble in your pocket, or in the dark, or try and catch the 'phone as it slips off the table and....wipe it.
12. Re:It could be so much easier! by Anonymous Coward · 2018-06-05 03:22 · Score: 0
  
  Then you get charged with obstruction of justice and enjoy a few felonies, with a judge handing out max sentences.
13. Re:It could be so much easier! by geekmux · 2018-06-05 03:31 · Score: 2
  
  What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone. Or what if left-right-left unlocked and left-right-right wiped?
  Uh, do you really think it's going to be "so much easier" to explain to law enforcement why you erased your smartphone and not make it look like you were destroying evidence?
  Try and remember the "criminals" Apple is trying to defeat here. I can assure you the larger battle will be more legal than technical when it comes to end-users wiping their own devices.
14. Re:It could be so much easier! by burtosis · 2018-06-05 03:36 · Score: 1
  
  But there'd still be the possibility of the bad guys choosing the correct finger before enough successful panic-swipes.
  Plot twist, all 10 fingers are invalid, the body part that actually unlocks it is left up to the readers imagination.
15. Re:It could be so much easier! by Uberbah · 2018-06-05 03:44 · Score: 2
  
  The cops see you talking on your phone. Then, they ask you to unlock it. You say "Sure!" and suddenly the phone wipes. Congratulations on your charge for obstruction of justice.
  If you open your big mouth, you're screwed anyway. On the other hand, if you casually lock the phone and switch it to your left hand to wipe with your other thumb for the erase and then say "I do not consent to any searches" and "I will only speak to my lawyer", the cops will have a much harder time proving anything.
16. Re:It could be so much easier! by arth1 · 2018-06-05 04:13 · Score: 1
  
  Plot twist, all 10 fingers are invalid, the body part that actually unlocks it is left up to the readers imagination.
  I think it's fairly clear that this should be the brain.
  The problem is in assuming that the finger (or in your case other body part) always will be representing the brain. That's a bad assumption.
  Authentication and authorization (by the user, not the device) need to be decoupled - the former does not imply the latter.
  "I am arth1" does not automatically validate "and arth1 wants to unlock".
17. Re:It could be so much easier! by chispito · 2018-06-05 04:13 · Score: 1
  
  What if your left thumb unlocked your phone and your right thumb wiped the device invisibly? The criminal could never know, you deniability and the police will be too scared to tap your dead finger to the phone. Or what if left-right-left unlocked and left-right-right wiped?
  Sounds like a good solution for iUsers who don't drink.
  
  --
  The Daddy casts sleep on the Baby. The Baby resists!
18. Re:It could be so much easier! by bobobobo · 2018-06-05 06:46 · Score: 2
  
  Tangentially related, but I believe you can tap the power button 5 times to bring up the emergency prompt. Doing that will lock the phone out of biometric logins adding another layer of security.
Typical Apple by Anonymous Coward · 2018-06-05 02:17 · Score: 0

Instead of giving the user a choice, we know best
Useful choices:
Plug in a USB and it works.
Plug in a USB and it only works if you have unlocked in the last hour
Plug in a USB and it only works if you type in the passcode to enable that specific action.
One size doesn't fit all users.
1. Re: Typical Apple by MachineShedFred · 2018-06-05 02:40 · Score: 2
  
  Which is why the article has a screenshot showing a switch to disable it?
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
2. Re:Typical Apple by UnknowingFool · 2018-06-05 03:20 · Score: 1
  
  With this feature both scenario 2 and 3 are the same. This feature can be turned off so scenario 1 is a choice.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
3. Re:Typical Apple by Pseudonym · 2018-06-06 12:26 · Score: 1
  
  Wait, what? iPhones are going to come with a USB port?
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
4. Re:Typical Apple by Anonymous Coward · 2018-06-15 03:17 · Score: 0
  
  Wait, what? iPhones are going to come with a USB port?
  Of course they will, just like they have in the past, ever since the switch to the 30 pin connector and continuing with the lightning port.
  The lightning port is "adaptive", in that initially all of the pins are configured as signal and identification pins.
  Plugging in a lightning to USB cable is recognized by the controller chip as such, and it reconfigures one set of the signal lane pins as USB data pins, and reconfigures the outer pins to carry power.
  The controller chip can reconfigure the pins to be nearly anything it supports. I'm pretty sure the only hardware restriction is that the "outer shell" wire is always a ground "pin"/wire. Otherwise any of the 8 connections on the inside can become anything needed, including changed over to accept or send power on them.
  Not only can the signal pins remain as lightning data lanes or changed to USB data lines, the chip can change any pins needed to become HDMI or RGB/VGA outputs, or audio in/out pins.
  In essence all of those types of ports are "built in" to the controller, and it activates and routes the proper signals to the proper pins completely based on the type of cable or adapter plugged into it.
  USB as well.
  Before the lightning port, their proprietary 30 pin connector also had USB built in, though it dedicated four pins in it for USB data and power.
  My memory is a bit fuzzy on the power pins in this connector, as it had separate pins for 5v and 12v and at some point they swapped the "primary" power from one to the other.
  The original iPod spec used either USB (5v) or firewire (12v) and originally were separate controller chips for each. The first 30 pin connectors followed one of those (I think firewire) and later was swapped to the other (Which would follow to be USB... But I may have that backwards)
  Before the 30 pin connector you would have to purchase a USB iPod or a Firewire iPod.
  Choosing the firewire iPod would have been the only product and point in time where USB was NOT built in.
  Note that even the first iPhone used the 30 pin connector, so yes *all* iPhones have USB built in since day one and continue to up to right now.
Apple iPhones by Anonymous Coward · 2018-06-05 02:20 · Score: 0

The premier smartphone choice of terrorists and criminals everywhere.
Won't stop imaging. by Metabolife · 2018-06-05 02:25 · Score: 1

Image the underlying flash, wire to wire. Boot the image on a new phone, cache writes to delta, attempt unlock till limit. Reboot state, clear delta, attempt next set of codes, get combo. 6 digit passcodes are the norm and useless against this attack. USB access be damned.
1. Re:Won't stop imaging. by tsa · 2018-06-05 02:40 · Score: 1
  
  Every criminal knows this so they use longer passwords.
  
  --
  -- Cheers!
2. Re: Won't stop imaging. by Anonymous Coward · 2018-06-05 02:47 · Score: 0
  
  This won't work with any iPhone with TouchID or FaceID. The file system is encrypted, and half the key is in the "Secure Enclave" within the CPU, burned in at the factory. You can not access this without compromising the security framework itself.
  Apple killed imaging of the device with the Secure Enclave years ago unless you shave the silicon, read half the key with an electron microscope, and then reconstruct the other half of the key, or crack AES.
  Good luck.
3. Re:Won't stop imaging. by aaarrrgggh · 2018-06-05 02:50 · Score: 1
  
  That is a much less trivial attack though, and not 100% reliable-- the secure enclave should be able to limit the effectiveness.
4. Re:Won't stop imaging. by Whorhay · 2018-06-05 03:56 · Score: 2
  
  Doing all that will require a lot more time and expertise than an officer simply plugging in a usb cable. By raising the amount of effort required to break the security the authorities are forced to prioritize which phones they can crack. Overall this should result in fewer people having their phones compromised.
5. Re:Won't stop imaging. by Anonymous Coward · 2018-06-06 01:42 · Score: 0
  
  Half the encryption key is stored in the secure enclave. Copy the contents of the flash to a new device and it becomes useless as you have lost access to half of the key you need to decrypt the data.
I don't understand why this wasn't already a thing by mark-t · 2018-06-05 02:31 · Score: 1

Does anybody know? What was the holdup? Certainly it couldn't have been difficult to implement, could it?

--
File under 'M' for 'Manic ranting'
Great by Anonymous Coward · 2018-06-05 02:31 · Score: 0

So now the police will immediately send ANY seized phone to the lab to read the data before the 1 hour limit, just in case they might need it.
1. Re:Great by UnknowingFool · 2018-06-05 03:15 · Score: 1
  
  That requires the phone to be unlocked when the police seize it though.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
Kill? by Anonymous Coward · 2018-06-05 02:32 · Score: 0

I was hoping to read about an embedded USB-killer in new hardware, with optional taser dongle.
Isn't Android doing this since years? by Zorpheus · 2018-06-05 02:32 · Score: 5, Insightful

Sounds pretty much like it works in Android
1. Re: Isn't Android doing this since years? by Anonymous Coward · 2018-06-05 02:38 · Score: 1
  
  Isn't Google selling every piece of information you have on that phone?
2. Re:Isn't Android doing this since years? by Anonymous Coward · 2018-06-05 03:14 · Score: 0
  
  Ya is sounds like apple is poorly copying this Android feature
3. Re: Isn't Android doing this since years? by Anonymous Coward · 2018-06-05 04:52 · Score: 0
  
  It's possible to use an Android phone without having Google Play Services (which has all privileges enabled by itself) or any google apps. Some 3rd party apps might not work, but there's the F-droid app store that has some equivalents.
4. Re:Isn't Android doing this since years? by Anonymous Coward · 2018-06-05 04:54 · Score: 0
  
  Nope. On Android, communication with the device is still allowed, but the device attempts to prevent data being copied, which is what iOS has also already done since forever.
  This new iOS feature actually prevents all data transfer meaning kernel vulnerabilities can't be exploited over USB.
5. Re:Isn't Android doing this since years? by dargaud · 2018-06-05 07:25 · Score: 2
  
  It depends a bit on the version, but nowadays you have to unlock the phone AND select file transfer (each time), otherwise you can't copy shit.
  
  --
  Non-Linux Penguins ?
6. Re:Isn't Android doing this since years? by dohzer · 2018-06-05 16:20 · Score: 1
  
  I am stunned that this is how Apple has been doing it!
7. Re:Isn't Android doing this since years? by thegarbz · 2018-06-05 21:49 · Score: 1
  
  No. Android doesn't automatically give the phone access to SOME of the system functions without confirmation (often even when unlocked) but there is still an open communication channel between the USB device and the phone even when the phone is locked. You can see that because the device will identify itself on the lockscreen, or when I plug my locked phone into a laptop to charge I can see the full USB details of the phone on my laptop (I just can't do anything with it since Android blocks access to the file system until I unlock and confirm).
  This wouldn't stop a carefully crafted exploit.
8. Re: Isn't Android doing this since years? by Zorpheus · 2018-06-05 21:56 · Score: 1
  
  Ok, there is a bit of communication when an Android device is connected to usb. Though it is not much and quite simple. It should only give a very small attack surface, and I would hope that these few routines responsible for that are checked carefully enough to make them safe.
  So am Apple device does not even do that?
  Otherwise I would say that Android is blocking much more strictly. It does not connect to any usb device unless it is told to do so, while as I understand this the iPhone connects to malicious chargers while it is unlocked.
9. Re: Isn't Android doing this since years? by thegarbz · 2018-06-06 05:19 · Score: 1
  
  Possible. But I think the risk is much bigger than you estimate. The amount of information exchange needed to identify a USB device is actually quite large and the process is quite complex involving a myriad of drivers long before the permission to release the device is presented to the user.
  I think the attack surface is quite large, though I agree at present Android's handling of USB is superior to that of the iPhone's. However if they actually block ALL data including identification related data until the device is unlocked then that is a step up again.
10. Re: Isn't Android doing this since years? by Zorpheus · 2018-06-06 05:33 · Score: 1
  
  Ok I don't know how Android is doing this and how much it gets involved. On an Atmel AVR an USB demo is just 3500 bytes of Code with LUFA, so it could be kept compact and simple.
11. Re: Isn't Android doing this since years? by thegarbz · 2018-06-06 18:32 · Score: 1
  
  Yes the USB peripherel doesn't need to do much as a minimum to set up a connection. The USB Host on the other hand needs to support quite a bit more including having a dedicated driver for each USB class. If you setup your AVR for USB-CDC Serial on Atmel your entire USB code + application will be a fraction of the size of the driver that is invoked when you first plug it in (e.g. usbser.sys which is invoked when you use AVR LUFA's CDC Serial code is over 32kb). Likewise the example code for USB host applications in LUFA compile to something very small, but ultimately they are functionally very limited for their application, and the number of applications are incredibly limited as well. i.e. I haven't ever done it before but I don't see even the beefier AVRs having capability to act as a host for diverse devices, e.g. a serial device or an audio device depending on which is plugged in.
  That's the attack surface there, a USB host stack designed to universally take a myiad of devices. Also LUFA is quite limited in its capabilitieis compared to what the USB stack itself permits, e.g. no USB 3 which further limits the size of the code needed to get things working.
  USB support in a generic sense doesn't present much of an attack vector, but providing a very complete and universal implementation of USB that can act as a host and a device in a large variety of different ways like a smartphone potentially does.
and in china they will have an unlock code for gov by Joe_Dragon · 2018-06-05 02:36 · Score: 1

and in china they will have an unlock code for government.
Seems illegal. by in10se · 2018-06-05 02:38 · Score: 4, Funny

It seems like killing police for unlocking an iPhone would get Apple in trouble.

--
Popisms.com - Connecting pop culture
1. Re:Seems illegal. by alvinrod · 2018-06-05 05:12 · Score: 1
  
  This prevents unauthorized access. There's no guarantee that it's the police or some other lawful agency that's attempting to unlock your phone without your consent. If the police want access, they can get a warrant. Failure to comply at that point puts you in prison in most jurisdictions so from the perspective of the police, they don't really need to care if they can't actually get into the device.
2. Re:Seems illegal. by in10se · 2018-06-05 06:11 · Score: 1
  
  WHOOSH!
  Headline reads: "Apple Is Testing a Feature That Could Kill Police..."
  
  --
  Popisms.com - Connecting pop culture
3. Re:Seems illegal. by fox171171 · 2018-06-05 14:39 · Score: 1
  
  It seems like killing police for unlocking an iPhone would get Apple in trouble.
  The headline made me envision an exploding battery.
No time to read this story by Mister+Liberty · 2018-06-05 02:38 · Score: 0

Reading this one instead: https://www.truthdig.com/artic... .
What device is meant? by tsa · 2018-06-05 02:39 · Score: 1

I take it that the USB device the phone is connected to can not be just any USB device but one that the phone knows?

--
-- Cheers!
1. Re:What device is meant? by AHuxley · 2018-06-05 03:13 · Score: 1
  
  A factory crafted idongle that only works with the iproduct it got made with. Together at a factory in a distant nation with laws about working with the police...
  
  --
  Domestic spying is now "Benign Information Gathering"
..That Could Kill Police iPhone Unlockers by kiviQr · 2018-06-05 02:40 · Score: 2

If they really wanted to kill unlockers they should have included capacitor based USB Killer.
Re:I don't understand why this wasn't already a th by aaarrrgggh · 2018-06-05 02:51 · Score: 1

My guess is they break their MFI program parameters with it.
Completely Unnecessary and a Waste of Money by sycodon · 2018-06-05 03:12 · Score: 0

Just ask my son.
All they have to do is put out an update that bricks the fucking phone.

--
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
1. Re:Completely Unnecessary and a Waste of Money by Anonymous Coward · 2018-06-05 06:35 · Score: 0
  
  Just ask my son.
  All they have to do is put out an update that bricks the fucking phone.
  Apple has never bricked a phone before. If an iOS update failed to install, simply boot it in DFU mode which is always available.
2. Re:Completely Unnecessary and a Waste of Money by Anonymous Coward · 2018-06-05 09:42 · Score: 0
  
  >simply
  I benefit if you keep believing that. It means you're oblivious to massive swathes of the contrary, who I can swindle and scam, by phone or by malware.
  By all means, stay ignorant of the real world's boundary between savvy and simple.
3. Re:Completely Unnecessary and a Waste of Money by sycodon · 2018-06-06 02:55 · Score: 1
  
  Dear AC Asshole.
  I have relayed your suggestion to the "Geniuses" at the Apple store. The same ones who told be the phone could not be recovered.
  
  --
  When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
fake news by Anonymous Coward · 2018-06-05 03:13 · Score: 1

In Soviet America it's illegal to sell a secure cellphone to civilians.
1. Re:fake news by Anonymous Coward · 2018-06-05 04:40 · Score: 0
  
  That's why they slaughtered BlackBerry with fake news PR. The devices were way better than even the current crop of iOS and Android trackers. But nobody has ever rooted a BlackBerry, and it gives the user total control over their data. Can't have that.
Re:I don't understand why this wasn't already a th by UnknowingFool · 2018-06-05 03:14 · Score: 2

It has to be implemented most likely at a very low level in the hardware or iOS or it might be circumvented somehow via software.

--
Well, there's spam egg sausage and spam, that's not got much spam in it.
Re:I don't understand why this wasn't already a th by AHuxley · 2018-06-05 03:17 · Score: 1

Users observed during testing would press the dongle in wrong and damage the delicate notch.
Better cartoons got tested by artists so users will now know how to hold the dongle.
The better cartoons and artwork is now ready so the product is now ready for average users.

--
Domestic spying is now "Benign Information Gathering"
Arms Race! by Anonymous Coward · 2018-06-05 03:17 · Score: 0

GrayShift and Cellebrite and any other 'security researchers' will find a way around this and continue to sell it to 'law enforcers'!
Different Fingerprints: Different VMs by crow · 2018-06-05 03:26 · Score: 3, Interesting

What I want is to have encrypted VMs on my phone, with different fingerprints unlocking different VMs. Or perhaps different levels of unlocking. Unlocking the phone doesn't have to be a binary operation.
Something like this would also be great for handing my phone to my son so that he can play games, while locking him out of my email and such.
1. Re:Different Fingerprints: Different VMs by dargaud · 2018-06-05 07:23 · Score: 2
  
  I don't know about iPhones, but on android you can have different users with different unlocking methods (one can be password, the other fingerprint, the other a drawing, etc), each with it's own account. I'm not sure how it merges with an encrypted phone, but, yes, you can basically do that... if you don't have an iPhone (as usual).
  
  --
  Non-Linux Penguins ?
2. Re:Different Fingerprints: Different VMs by ath1901 · 2018-06-06 11:29 · Score: 1
  
  I would prefer different access levels (like user vs root) that unlock with different passwords. For example, one password opens the phone with all the regular apps and another opens with regular and sensitive apps like banking. This gives plausible deniability which a two user setup does not. I am much more concerned about some evil citizen stealing than the government. If a thief can't technically crack it, they can always use the wrench" method https://xkcd.com/538/. Plausible deniability would help against that.
  I had an LG with something almost like it. The guest mode was accessed by entering a different password. But, it was a guest mode and didn't look and feel like the regular login. LineageOS has protected apps but it is not really "deniable" that some stuff is locked. It would be great if they could implement something like dual passwords.
apple ... by Anonymous Coward · 2018-06-05 03:30 · Score: 0

proudly pretending to care about your security since it became profitable and the only thing they could think of to differentiate themselves from the superior Android phones out there.
Here's an idea by llamalad · 2018-06-05 03:49 · Score: 1

While they're at it, why not also fix the vulnerability that the unlockers exploit?
1. Re:Here's an idea by UnknowingFool · 2018-06-05 04:49 · Score: 1
  
  They can fix the exploit but that also means they can only fix exploits one at a time whenever someone finds another. With this feature they can mitigate a whole class of exploits.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
counter counter measure by Anonymous Coward · 2018-06-05 03:58 · Score: 0

Every officer will be issued (in addition to their handcuffs and sidearm) a USB dongle (to plug into the victims iPhone) to emulate a USB device to disable the lock before the one hour is up. Problem "solved".
genius by Anonymous Coward · 2018-06-05 04:03 · Score: 0

"crotch the phone!"
Cellebrite and Grayshift may have a problem by shubus · 2018-06-05 05:23 · Score: 1

IF Apple implements this, and I'm sure every state & federal agency will be pushing back against this, then Cellebrite and Grayshift will have a problem and you just imagine all the tears users won't be shedding if Apple goes ahead with this.
Who Doesn't Unlock their Phone in the Last Hour? by Anonymous Coward · 2018-06-05 05:28 · Score: 0

Umm... am I the only person who sees this as useless? If your iPhone is seized, they'll just plug into it right away as opposed to waiting.
Besides, if Apple rolls out this feature, they will be criminally charged with destruction of evidence, obstruction of justice, and interfering with official investigations.
Do not resist the deep state. It is futile.
Kill iphone unlockers by Anonymous Coward · 2018-06-05 05:31 · Score: 0

With 50,000 volts!
but what about the children by Anonymous Coward · 2018-06-05 05:40 · Score: 0

The terrorists will kill. Oh wait authoritarians don't care about them once their born
There's an easy fix for that by alispguru · 2018-06-05 06:19 · Score: 1

Apple should just make the USB lock come on one hour after the last unlock-via-passcode event.
The vast majority of my phone unlocks are via fingerprint/TouchID, and these should not count.
I enter the passcode on my iPhone:
* After a reboot
* When my thumb is damp and won't read
* When installing an update
If it works this way, my phone will require a passcode for USB access... essentially all the time.

--

To a Lisp hacker, XML is S-expressions in drag.
What happens when governments prevent this by Anonymous Coward · 2018-06-05 07:42 · Score: 0

Apple fails at one point with this. What happens if governments prevent its sale without a ability to access it? On a more side note, what about family members who want access to someone's phone in the event of a emergency or death? The one hour lock out doesn't just affect Police you know. Its a interesting ideal but it also has several drawbacks to its design.
DFU? by Anonymous Coward · 2018-06-05 09:43 · Score: 0

Don't Fuck Up mode?
Interim solution by Anonymous Coward · 2018-06-05 13:56 · Score: 0

While they work on patching every flaw and exploit they find, they should implement an optional "panic finger."
I use my index finger-print to unlock the device. I should be able to setup an option where using my middle finger (or anything other finger, programmable) will wipe the local storage and reset to factory defaults.
One app to rule them all by Anonymous Coward · 2018-06-09 13:59 · Score: 0

Among its most anticipated features are group FaceTime, Animoji, and a ruler app.
I for one welcome our overlord rulers.
Ruler app?? by RockDoctor · 2018-06-10 12:21 · Score: 1

Among its most anticipated features are group FaceTime, Animoji, and a ruler app.
There are notches at 1cm intervals along the casing? Or, for American models, 1 cm on the intermediate edge and 1in on the long edge?
By the six balls of Jesus, Mary, Joseph and the donkey, just how incompetent are Apple users?

--
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"