Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature (vice.com)

Posted by msmash on from the not-so-soon dept.

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

128 comments

  1. Demo or it didn't happen by TheFakeTimCook · · Score: 4, Insightful

    Talk is cheap.

    Show us a video, or it's just bullshit.

    1. Re: Demo or it didn't happen by Anonymous Coward · · Score: 2, Insightful

      You're not their target audience, and it's probably not in their best interest to post a video.

    2. Re:Demo or it didn't happen by Anonymous Coward · · Score: 2

      I don't know who I am rooting for here. The crooked cops, or the rabid fanbois.

      I suppose I should just get the popcorn and enjoy the show.

    3. Re: Demo or it didn't happen by Anonymous Coward · · Score: 0

      Lol

    4. Re:Demo or it didn't happen by ColdWetDog · · Score: 1

      Yeah, sometimes it seems like you're on the Titanic....

      Rooting for the iceberg.

      --
      Faster! Faster! Faster would be better!
    5. Re:Demo or it didn't happen by Anonymous Coward · · Score: 0

      +1. Marketing doesn't count any more than Trump saying Kim Jong Un respects human rights.

    6. Re: Demo or it didn't happen by Anonymous Coward · · Score: 0

      Hey! The iceberg was just sitting around in the middle of nowhere minding its own business until some big ass doomed ship that was ALREADY on FIRE rammed into it causing the pristine iceberg to be scarred forever.

      fire doomed titanic

    7. Re:Demo or it didn't happen by thegarbz · · Score: 1

      Talk is cheap.

      Actually talk is worth $15000 a pop in this case.

    8. Re:Demo or it didn't happen by antdude · · Score: 1

      Video can be fake. Let's see it in person and instructions! Prove it basically.

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    9. Re:Demo or it didn't happen by TheFakeTimCook · · Score: 1

      Video can be fake. Let's see it in person and instructions! Prove it basically.

      True enough!

    10. Re:Demo or it didn't happen by NewYork · · Score: 1

      www.iphoneasyunlock.com

      If you are in the United States of America
      Unlocking Consumer Choice and Wireless Competition Act now repeals former DMCA ruling making once again legal to unlock your cell phone devices.Thanks to the efforts of groups such as fix the DMCA

      --
      Casteism
    11. Re:Demo or it didn't happen by TheFakeTimCook · · Score: 1

      www.iphoneasyunlock.com

      If you are in the United States of America
      Unlocking Consumer Choice and Wireless Competition Act now repeals former DMCA ruling making once again legal to unlock your cell phone devices.Thanks to the efforts of groups such as fix the DMCA

      I don't think "unlock" means what you think it does in this context.

    12. Re:Demo or it didn't happen by KingBenny · · Score: 1

      they had me at "...cops are confident hackers..." el-Mao

      --
      Free speech was meant to be free for all... how can anyone grow up in a nanny state ?
    13. Re:Demo or it didn't happen by TheFakeTimCook · · Score: 1

      they had me at "...cops are confident hackers..." el-Mao

      LOLOL! You're right; that IS hysterical!!!

  2. Oh YEAH?!? by Hallux-F-Sinister · · Score: 2

    And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?

    CHECK, AND MATE, COPPERS!

    (LOL... like I could really live without this damned thing...)

    --
    Our reign has gone on long enough. Indeed. Summon the meteors.
    1. Re:Oh YEAH?!? by 110010001000 · · Score: 1

      For those people who do not have iPhones, they implant a similar system inside one of their teeth. That is the sources of the voices I hear in my head.

    2. Re:Oh YEAH?!? by slew · · Score: 1

      For those people who do not have iPhones, they implant a similar system inside one of their teeth. That is the sources of the voices I hear in my head.

      Something like this? ;^)

    3. Re: Oh YEAH?!? by Anonymous Coward · · Score: 0

      I was just thinking this! Lol

    4. Re:Oh YEAH?!? by nnet · · Score: 1

      your pants.
      your grits.
      your mom.
      etc, ad infinitum.

    5. Re:Oh YEAH?!? by Anonymous Coward · · Score: 0

      I haven't used a cell phone since 2010. You don't need one. All it is, is a tracking device for the cops.

      Nathan

    6. Re:Oh YEAH?!? by Agripa · · Score: 1

      And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?

      That is obstruction of justice and resisting arrest.

    7. Re:Oh YEAH?!? by Hallux-F-Sinister · · Score: 1

      And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?

      That is obstruction of justice and resisting arrest.

      Just for fun, is not actually committing any crime whatsoever classifiable under our new dystopian oligarchy as obstruction and resisting arrest?

      --
      Our reign has gone on long enough. Indeed. Summon the meteors.
    8. Re:Oh YEAH?!? by Hallux-F-Sinister · · Score: 1

      I haven't used a cell phone since 2010. You don't need one. All it is, is a tracking device for the cops.

      Nathan

      It’s funny you should say that because it’s not the first time I’ve heard that expressed, and I’m sure you were either being facetious or hyperbolic, but I have had and used smartphones for a while... I have yet to have the cops... ANY cop, in fact, demand to see or take mine, and I used it for about fifty things just yesterday, which woild seem to be a counter to your charge that it’s only a “tracking device for the cops. Yesterday I... listened to music stored on the phone, downloaded and listened to a podcast, surfed the web extensively, including /., as it happens. I used it to see how many steps I’d taken so far, checked my bank balance, made a (brace yourselves, folks,) PHONE CALL... cancelled and rescheduled an appointment, played solitaire, made a note to myself, checked the time at least twice, used the onboard timer, (could also have used the alarm clock, but being truthful, in this case, I did not, in fact do that, nor use the stopwatch or world clock, though could have,) asked how to spell a word I couldn’t recall how to spell, logged what I ate, (or rather, most of it,) used it as a flashlight, and COULD have taken pics with it, but did not... again, this kind of belies your assertion that it’s norhing more than an electronic leash. Just saying.

      --
      Our reign has gone on long enough. Indeed. Summon the meteors.
    9. Re:Oh YEAH?!? by Agripa · · Score: 1

      And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?

      That is obstruction of justice and resisting arrest.

      Just for fun, is not actually committing any crime whatsoever classifiable under our new dystopian oligarchy as obstruction and resisting arrest?

      There is always a crime. They just have to find it.

    10. Re: Oh YEAH?!? by Anonymous Coward · · Score: 0

      The random capitalization just got you added to at least one watch list.

  3. This is such ridiculous bullshit... by Anonymous Coward · · Score: 0

    They can completely control all our "devices" (PCs running Linux or Qubes OS is no exception) remotely. All this BS about "end-to-end encryption" and "forensics experts" failing to extract any data they want is absolutely sickening to hear. Do you all actually believe this?

    1. Re:This is such ridiculous bullshit... by fish_in_the_c · · Score: 1

      controlling something remotely is different then accessing it once it is off the network and shut off.

      Still, if you are going to do something illegal , it is best not to create a record of it. ( and probably better just not to do it).

      If you are in a country where you feel the need to engage in acts of civil disobedience in the modern age. Good luck and God bless.
      Also, find a way to get a some cheap disposable mobile phones and don't keep them long term.

      --
      âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
    2. Re:This is such ridiculous bullshit... by MyrddinBach · · Score: 1

      How about get a phone that supports wireless charging then physically destroy the usb port.

    3. Re:This is such ridiculous bullshit... by Anonymous Coward · · Score: 0

      That'd help for many cases, but it certainly wouldn't change things for a determined greykey user... just solder on a new one (or leads to a new one). FWIW, I've done that on a laptop, and it's not difficult. I have nearly no soldering experience. Someone skilled could certainly do it reliably and relatively quickly.

      I do think there should be a handy little checklist of stuff to do if you want to secure your phone, from easiest/most-convenient, to more difficult and less convenient. For example:
      * enable device encryption (if not done by default already)
      * use a passcode
      * use a bigger passcode, or a passphrase
      * if using a simple passcode, go ahead and use finger print for unlock. If you want to increase security and have a larger passcode, require passcode for unlock and disable face and print unlock.
      * disable icloud backups ( ... should have a list of things like that here ... )
      * use an encrypted messenger (... list here, like signal, whatsapp, etc ...)
      * use a tor based browser; or use a system-wide tor proxy
      * ... other things (I didn't say I have the full list) ...
      * use a wireless charger, and put epoxy in the usb/lightening port; or, perform surgery and disable the data pins on the usb port, and also disable the wireless charging, NFC, etc

      I'd love to see a comprehensive list of proven stuff, and how to mange those things. Like, if you're encouraged to use 2fa somewhere, how to manage your 2fa keys, ensure you have multiple that work, how to use them in different environments, OTP setups to augment the key usage in case you lose the keys, where to store those, etc. Maybe it should be a book :-)

    4. Re:This is such ridiculous bullshit... by AHuxley · · Score: 2

      Re "Do you all actually believe this?"
      PRISM https://en.wikipedia.org/wiki/... showed the USA and UK had ways in. Direct and for years. That US brands made junk crypto code to help the NSA.
      The software and device and brand, all 'approved' updates then becomes a part of a NSA collect it all network.
      End-to-end encryption is offered to keep gov workers and police under internal affairs investigation trusting their new devices.
      Without repeated and updated reassuring tech news that the brand is still safe digital collection globally stops for the NSA.
      PRISM and BULLRUN https://en.wikipedia.org/wiki/... DROPOUTJEEP https://en.wikipedia.org/wiki/... .
      The device and the network, the brands and the telcos are all open to gov/mil experts.
      The only trick is to keep most users thinking the next product line will be secure because?
      Brand reputation? Politics? Stock market? Lawyers? Skill of staff?
      PRISM showed who experts are happy to be working for and with. Big government.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:This is such ridiculous bullshit... by MrKaos · · Score: 0

      I get everything you are saying, the problem is all this is making it really difficult for legitimate hackers to get into peoples phones.

      --
      My ism, it's full of beliefs.
    6. Re:This is such ridiculous bullshit... by MrKaos · · Score: 1

      That was a joke. The irony of acknowledging how serious what AHuxley has posted - which kind of makes it funnier considering who wants access to your phone. Tough crowd.

      --
      My ism, it's full of beliefs.
  4. Little birdy says by Anonymous Coward · · Score: 1

    The work around is by setting the clock back via the cellular network.

    1. Re: Little birdy says by Anonymous Coward · · Score: 0

      This.

    2. Re:Little birdy says by b0s0z0ku · · Score: 2

      This could be a separate timer, independent from the clock, or any backward changes to the clock could trigger a passcode entry screen. Interesting theory, but it can be easily tested.

    3. Re:Little birdy says by swankiest · · Score: 1

      little hard only due to the specialized setup required (openbts and potentially a cage.)

    4. Re:Little birdy says by Anonymous Coward · · Score: 1

      GPS also has timestamps. source: fighting a GPS module on an embedded board ~8 years ago.

    5. Re: Little birdy says by Anonymous Coward · · Score: 0

      What?

    6. Re:Little birdy says by Anonymous Coward · · Score: 1

      GPS timestamp rolls over every 1024 weeks.

    7. Re:Little birdy says by CanHasDIY · · Score: 1

      After 20 years, they can have my data.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    8. Re:Little birdy says by Mister+Transistor · · Score: 1

      All it takes is a StingRay and a 6 dB advantage over the cellular network to achieve FM capture. No Faraday cage required!

      --
      -- You are in a maze of little, twisty passages, all different... --
    9. Re: Little birdy says by Anonymous Coward · · Score: 0

      Stingray can just lie about it's signal strength and take over anyways most of the time.

    10. Re: Little birdy says by Anonymous Coward · · Score: 0

      Yes and no. There is a selection preference factor you can set which you can use to make the phone stick to your BTS even if the signal is lacking. However, the phone needs to connect to you first for that to work. This is not difficult to do though.

  5. Not only cops ... by b0s0z0ku · · Score: 5, Insightful

    How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data. Charge-only without authentication and permission should be default behavior for all phones.

    Also, this isn't only about the US government and US police trying to unlock phones. This also protects US citizens against abuses by foreign governments -- i.e. the Chinese or Venezuelans confiscating someone's phone at an airport and "working on it."

    Not to mention that not all US law enforcement are the good guys. Plenty of corrupt cops out there who want to snoop without a warrant.

    1. Re: Not only cops ... by ThurstonMoore · · Score: 1

      I never have.

    2. Re: Not only cops ... by b0s0z0ku · · Score: 1

      "People" being the average worker bee, not a tech-savvy Slashdotter.

    3. Re: Not only cops ... by Anonymous Coward · · Score: 0

      Congrats on being a special snowflake, have a cookie. Most people have used free chargers at airports and festivals and so on. The point remains that it is a widespread vector for attack.

    4. Re: Not only cops ... by Anonymous Coward · · Score: 0

      Android devices lock out usb access until you unlock the device. After that, a notification shows up that if clicked on asks what you want to do with it (charge, data, midi, etc)

    5. Re:Not only cops ... by Anonymous Coward · · Score: 0

      How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation?######

        I am far more worried about phy$ical theft than if the charging machine is slirping the dick pictures and Super Nintendo roms off my phone, so I don't use them. This is why I carry a portable charger and battery pack.

    6. Re: Not only cops ... by Anonymous Coward · · Score: 0

      kewl story bra. irrelevant.

    7. Re:Not only cops ... by Anonymous Coward · · Score: 0

      you can buy power only (no data lines) cables, that whilst don't let fancy stuff like quickcharge work, but they do let the standard 5V/2.1A through.

      I have yet to see a hack over a port when no data lines are electrically connected.

    8. Re:Not only cops ... by Anonymous Coward · · Score: 0

      You just use a cable that has no wires for "data" and only has wires for power.

    9. Re: Not only cops ... by Demena · · Score: 1

      Two special snowflakes as I have never used a pubic charger either, although I do use pubic power points. This is the case because I always carry a small charger and a power brick for when there is no power point. Not for any security reason but for convenience. The brick also will jump start my car. So I might suggest it is not as uncommon as you think.

    10. Re: Not only cops ... by Anonymous Coward · · Score: 0

      Two special snowflakes as I have never used a pubic charger either,

      Congratulations on being statistically insignificant.

    11. Re: Not only cops ... by Demena · · Score: 1

      Ha, ha, try again, AC.

      And it is highly unlikely that I am statistically insignificant. There are not a lot fo public chargers here. Never actually seen one.

  6. Why by chriscokid · · Score: 0

    Why is it even 1 hour? Why not lock the USB port whenever the phone is locked?

    1. Re:Why by b0s0z0ku · · Score: 1

      Because many people have auto-lock set to 1 minute - they'd lose the ability to download more than a fews pictures unattended and end up generating support calls. (Assuming people still do cloudfree picture downloads via USB.)

    2. Re:Why by Anonymous Coward · · Score: 0

      I'm very confused. My phone (running Sailfish OS) is set to ask when you plug it into a data port if you want to allow access or use it as charging only. And you have to unlock the phone to answer the dialog. This is just a horrendous convenience-security trade-off: you almost always want charging only. Requiring explicitly interaction with the phone to allow non-charging uses of the port seems like a very simple solution, to the extent that I have to wonder if Apple really has security as a goal here.

    3. Re: Why by Anonymous Coward · · Score: 0

      Ummmm, why can't they change their settings when they upload? Change it to not lock at all. Then switch it back to one minute lock when done. This isn't rocket science and anyone doing this isn't a normal user anyway.

    4. Re: Why by Anonymous Coward · · Score: 0

      iPhone works the same way. I have to approve each computer I connect my iPhone 7 too. That requires me unlocking my phone to approve of said device.

    5. Re:Why by Anonymous Coward · · Score: 0

      Because Apple is a marketing company, not a technology company. They exist to sell you on their devices, not to make devices worth getting.

      With the current hysteria about Facebook and how it violates your privacy[1], Apple has decided that "keeping your data private" is a winning marketing point. So they announce these "features" and sell them as privacy-enhancing. It's the same thing they're doing with the "HomePod:" it's a poor Echo/Google Home clone that barely works. So instead they try and sell you on the idea that the reason it barely recognizes speech and, even when it does, can't understand the most basic of requests isn't because they're bad at software: instead it's because they "respect your privacy."

      Apple's stance on security and privacy is all based on the illusion of being better than the competition. They want to sell you on the fact that they're better at these features than Android. But they don't care in the slightest to actually do the work to be better than Android.

      It's all marketing, and "privacy" and "security" are now marketable features. Apple wants to check off the bullet points, and nothing more.

      [1] Make no mistake, Facebook is absolutely terrible for privacy. But this is nothing new. The current hysteria is based less on what Facebook is doing and more about the left lashing out at anyone they can over having lost an election. Yes, invading privacy is bad, but they didn't care when Obama did the exact same thing Trump did. No one in the media cared about Facebook handing over your data to third parties until they handed it over to the Trump campaign.

    6. Re:Why by Anonymous Coward · · Score: 0

      haha looser

    7. Re: Why by Anonymous Coward · · Score: 0

      Spotted the millennial who can't spell loser

    8. Re:Why by Demena · · Score: 1

      Immediate fail, tosser. (1) Apple decided privacy was important long, long before the Facebook hysteria. (2) Apple security is better than the opposition and always has been so they do not need to do work that has been done. Instead they improve.
      You seem to have a five minute life. Anything that happened ten minutes ago is background blur to you.

    9. Re: Why by Demena · · Score: 1

      Nah, lots of morons of any age do that. It is even semi legitimate as English has grammatical indication for a long 'o'.

    10. Re: Why by Highdude702 · · Score: 1

      That is exactly what i do with my iPhone 6(hopefully it lasts a while, new models suck)

    11. Re: Why by Anonymous Coward · · Score: 0

      Fuck no. No legitimacy.

  7. Meh, a cat and mouse game by Anonymous Coward · · Score: 0

    I remember when we all were told encryption was never going to be hacked. Never say never because its all a marketing ploy for Apple anyway. Just as it always said Mac OS could never get malware. If your going to commit a crime, you best not be carrying a tracking device and snitch like a cell phone.

    1. Re:Meh, a cat and mouse game by Anonymous Coward · · Score: 0

      It is not that the encryption is hacked, idiot.

  8. There is a plan for that by Anonymous Coward · · Score: 1

    And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?

    Oh they have a tool for that also, but I don't think you are going to enjoy it much...

    It's called "GraySkull".

    They have the power.

    1. Re:There is a plan for that by Lab+Rat+Jason · · Score: 1

      It's called the "pear of anguish"... don't look it up.

      --
      Which has more power: the hammer, or the anvil?
    2. Re:There is a plan for that by Mips+the+Cat · · Score: 1

      It's called ginger beer trick.

    3. Re:There is a plan for that by Anonymous Coward · · Score: 0

      Skeletor would be impressed.

  9. Bluff = Stupidity by Rick+Zeman · · Score: 4, Insightful

    "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"

    Umm, if true, how stupid of them to say it.

    1. Re: Bluff = Stupidity by Anonymous Coward · · Score: 0

      How is it stupid? They want to sell it so they have to generate some buzz.

    2. Re: Bluff = Stupidity by Anonymous Coward · · Score: 0

      Because now apples knows they found a work around. Now Apple will scramble to fix that.

      It is a cat and mouse game. The longer the mouse has the secret and is hidden, the better for the mouse.

    3. Re: Bluff = Stupidity by Anonymous Coward · · Score: 0

      Even if they haven't cracked it, it's in their best interest to continue to sell their product.

      If they say this will probably break when Apple releases their update, or even just fail to address the fact that this could break their product, people would be hesitant about buying it.

    4. Re:Bluff = Stupidity by Anonymous Coward · · Score: 0

      They are in pure marketing bluff territory here. Their PR firm is working overtime. Either that or they have insiders at the chip/hardware manufacturers and have embedded multiple, redundant back-doors that have yet to be discovered by other researchers yet.

    5. Re: Bluff = Stupidity by BronsCon · · Score: 1

      Indeed. In this case, GrayShift is the cat.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    6. Re: Bluff = Stupidity by Rick+Zeman · · Score: 1

      "How is it stupid? "

      Because the OS is still in beta, it means Apple can fix/change how it works before release.

      5 bucks says Apple either has/has access to a Graykey.

    7. Re:Bluff = Stupidity by Anonymous Coward · · Score: 0

      "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"

      Umm, if true, how stupid of them to say it.

      Exactly.

    8. Re: Bluff = Stupidity by Anonymous Coward · · Score: 0

      But Apple can't act on just this...there's no info. What exactly are they going to scramble to? Cracking it themselves?

      They would probably find a new exploit that has nothing to do with this since they already know more about their own product. In fact(meaning "I assume" duh I'm American) they probably already have a list of exploits and mitigations in the works. They just don't know which one to focus on and finish first.

    9. Re: Bluff = Stupidity by Anonymous Coward · · Score: 0

      It's stupid because their main clients are major government organizations and probably organized crime.

      Either they're going to die or get sued for delivering a product that doesn't work.

    10. Re: Bluff = Stupidity by Anonymous Coward · · Score: 0

      These people aren't Apple. There's have never not produced what they claim, unlike the several false advertising suits that have won or are in progress

    11. Re:Bluff = Stupidity by Anonymous Coward · · Score: 0

      to keep any contract money flowing - that's why.

    12. Re:Bluff = Stupidity by eth1 · · Score: 1

      "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"

      Umm, if true, how stupid of them to say it.

      Or.... they HAVEN'T figured it out, and are trying to get Apple to change something to "fix" it, and possibly introduce a bug/way in with the additional changes...

  10. Charging from public outlets by Alwin+Henseler · · Score: 1

    How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.

    If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.

    Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.

    1. Re:Charging from public outlets by slew · · Score: 1

      How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data.

      If you rely on either your phone's security, or trusting whatever 3rd party provides a charge port, you're doing it wrong.

      Just use a charge-only cable that has only power wires, but no data lines in it. Or bring an AC -> DC adapter as well, and use an AC mains outlet. Or bring a powerbank. Or charge from your laptop.

      And hope your phone doesn't have the blueborne vulnerability which renders all of your efforts moot.

  11. If you care about security, don't be lazy. by Anonymous Coward · · Score: 0

    Use strong passwords instead of 4-6 digits..

  12. GrayShift has time machines! by InvalidsYnc · · Score: 2

    Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on

    Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)

    1. Re:GrayShift has time machines! by slew · · Score: 5, Insightful

      Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on

      Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)

      A more "rational" explanation is that Grayshift is sitting on (or at least wants people to believe they are sitting on) a few-zero day exploits that they think will keep them in business for the foreseeable future...

      Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...

    2. Re:GrayShift has time machines! by Anonymous Coward · · Score: 1

      You say potato, I say potato. You say zero-day exploit, I say backdoor.

    3. Re:GrayShift has time machines! by ksw_92 · · Score: 1

      Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...

      ...and we know that ex-spooks and ex-Apple employees are all-knowing and all-powerful and that Apple will *never* change out the current interfaces for something different, right?

      The problem with zero-day xploits is that they have a "best by" date and once you open them up they tend to get fixed quickly.

      Greyshift is sitting on rotting inventory and has to resort to "ooh, scary" tactics to shift product. Not a sustainable business model. This kind of stuff is like using K-9s anyway. If a LEO likes you for something they'll find a way to git-r-done.

    4. Re:GrayShift has time machines! by Freischutz · · Score: 1

      Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on

      Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)

      Whenever I hear some corporate drone use words like 'leveraged' and 'synergised' I immediately suspect them to be full of shit.

    5. Re:GrayShift has time machines! by Anonymous Coward · · Score: 0

      Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...

      Also don't forget the top of the old jailbreaking community.

      Back in the day the jailbreaking exploits were used to expand features of the phone Apple didn't want to provide.
      Obviously Apple would fix remote exploits like the browser based jailbreaks, but at least at first they seemed to turn a blind eye to local exploits that couldn't possibly be triggered by anyone but the phones owner.
      An entire ecosystem was setup around this, as Cydia was basically an apt-get GUI wrapper and one could add in any .deb repository they wanted.

      It wasn't until later when the pirating scene hit, and some repos started selling software like a store, when Apple began to actively fight all forms of jailbreaking as if it was a mission from god.

      Nearly all of the old guard of people that had the talent to find such exploits to make new jailbreak tools jumped the ship directly due to how Apple treated them (and everyone else)

      At least some subset of those people took note that if Apple didn't want them as part of the community, plenty of others were willing to pay them to be part of theirs, including companies like Grayshift.

      It's a similar effect as companies who intentionally don't want "responsible disclosure" of exploits, and actively sue researchers who report security holes. It doesn't take long before everyone stops reporting them and go on to release publicly their exploits on day one, and a subset of them to begin selling their exploits to the highest bidder.
      Apple basically did all of that, including multiple kicks in the teeth so to speak, and to this day hasn't really changed.

  13. of course they said that by Anonymous Coward · · Score: 0

    So you were expecting them to say this perhaps:
    "GrayKey marketing team admits total defeat. We'll be rolling back operations beginning next month and employees can collect their last paychecks end of July. Thanks for the ride guys!"

  14. Confused by Anonymous Coward · · Score: 0

    Since hacking is illegal, why are cops buying from Grayshift instead of raiding their offices?

    1. Re:Confused by BlueStrat · · Score: 4, Insightful

      Since hacking is illegal, why are cops buying from Grayshift instead of raiding their offices?

      Because in practice it's only illegal to hack those whom the State favors. Hacking those who are not in the State's (and the corrupt individuals in power's) good graces for whatever reason is A-OK, especially if the State gets the benefit of obtaining the data in readable form. The only real exception to this is if the hacker(s) in question are also not seen favorably by those in power.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:Confused by CanHasDIY · · Score: 3, Insightful

      Also, GreyShift is an Israeli company, and historically the US government kowtows to Israel like nobody's-fucking-business.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    3. Re:Confused by Anonymous Coward · · Score: 0

      Dirty scumbag jews are like the chinks; if you let them in the lab they will steal your IP and either use it for personal gain or sell it to your competitors.

      Ask Julius and Ethel Rosenberg.

  15. DMCA by cob666 · · Score: 3, Insightful

    How is this not a violation of the DMCA? Couldn't Apple simply bury these companies under mountains of lawsuits to make them go away?

    --
    Do what thou wilt shall be the whole of the Law - Aleister Crowley
  16. But it's hackers! by Anonymous Coward · · Score: 0

    How can you possibly doubt the hackers? They're hackers!

  17. what about an very local tower with Emergency call by Joe_Dragon · · Score: 1

    what about an very local tower with some kind of Emergency call mode that unlocks stuff?

  18. law enforcement is dmca exempt! by Joe_Dragon · · Score: 2

    law enforcement is dmca exempt!

  19. Wait a tick... by TimMD909 · · Score: 3, Insightful

    Aren't the cops and their vendors violating the DMCA by hacking into Apple's phones?

    1. Re:Wait a tick... by CanHasDIY · · Score: 2

      +1 to Apple sending DMCA/CFAA notices to police departments across the nation...

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    2. Re: Wait a tick... by Anonymous Coward · · Score: 0

      You would think that since some are x Apple employees that using confidential internal information from Apple would already been seen as theft.

    3. Re:Wait a tick... by SeaFox · · Score: 3, Insightful

      I guess the cops don't see the irony in their cheering for lawbreakers.

    4. Re:Wait a tick... by Anonymous Coward · · Score: 0

      YMMV but in my experience the cops frequently ARE the lawbreakers, not the other way around. This disturbs the prosecutors a great deal during voir dire when I bring it up, but I don't like jury duty anyway.

    5. Re: Wait a tick... by Anonymous Coward · · Score: 0

      Prove it.

      Oh wait, you can't. Too bad people can't win a lawsuit because of "it's most likely"

    6. Re: Wait a tick... by adamstew · · Score: 1

      Actually, that's exactly how lawsuits are won. https://www.law.cornell.edu/we...

  20. Re:law enforcement is dmca exempt! by Anonymous Coward · · Score: 1

    Does the exemption extend to a non government software vendor?

  21. Re:law enforcement is dmca exempt! by Anonymous Coward · · Score: 0

    Rules for thee, not for me. Slavery is freedom. War is peace.

  22. Bad bois Bad bois by Anonymous Coward · · Score: 0

    Breaking into your homes, now with consent!

    /captcha immune

  23. Re:law enforcement is dmca exempt! by Anonymous Coward · · Score: 1

    They aren't a US company. True, by selling to US persons they are availing themselves of US law but I suspect that the law enforcement exemption covers the sales to law enforcement and the law doesn't reach their R&D activity in Israel.

  24. Shut them down! by Quzak · · Score: 1

    Companies such as GreyKey should be sanctioned and their owners and developers brought up on hacking charges! They have no right to circumvent security technologies PERIOD! We as a society need to embrace security, even if that means that some bad guys will go free. We must not allow ourselves to fall prey to the machinations of those who would see an Orwellian world made manifest.

    --
    Support your local school shooter, give them your firearms.
    1. Re:Shut them down! by Anonymous Coward · · Score: 0

      Companies such as GreyKey should be sanctioned and their owners and developers brought up on hacking charges! They have no right to circumvent security technologies PERIOD!

      We as a society need to embrace security, even if that means that some bad guys will go free. We must not allow ourselves to fall prey to the machinations of those who would see an Orwellian world made manifest.

      They are not only breaking the law, but using a computer to break the law, a far more heinous crime as we all know.

  25. Portable USB device to Extend Timeout by Anonymous Coward · · Score: 1

    I bet they are just giving out little USB dongle type devices that a cop would connect to the phone upon arrest. This would likely keep the USB port unlocked passed the timeout...

    1. Re:Portable USB device to Extend Timeout by Anonymous Coward · · Score: 0

      I bet they are just giving out little USB dongle type devices that a cop would connect to the phone upon arrest. This would likely keep the USB port unlocked passed the timeout...

      And that's why Apple uses Lightning - no USB dongles!

  26. Well, the fastest way to put a stop to this by nehumanuscrede · · Score: 2

    is for the next person who gets arrested and has their phone subjected to such hacking measures is to simply challenge it in court and demand to see everything about the extraction / bypass process.

    After all, since you ARE hacking into the phone, we need to verify it's doing nothing nefarious and / or corrupting the data contained within it.

    Much like how the LE Community will drop charges without revealing how / when / where they are using Stingrays, they'll drop the charges before they're forced to show their hand here as well.

    1. Re:Well, the fastest way to put a stop to this by Anonymous Coward · · Score: 0

      The Judicial branch of government long ago stopped protecting the proletariat from the depredations of the Executive and Legislative branches. They will rubber-stamp this, based on previous rules which have left our rights in theory only.

      If you want an example, how has civil forfeiture been allowed to continue for so long?

  27. Coming soon... by hyades1 · · Score: 2

    I wonder how long it will be until somebody figures out how to implement a "dead man's switch" requiring a code to be entered at user-determined intervals, or the device would use all its remaining battery power to commit suicide.

    I have a feeling it wouldn't be easy to extract data from a phone that decided to do its very best impression of a Note 7.

    Added bonus: potential havoc at the cop shop.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
    1. Re:Coming soon... by Anonymous Coward · · Score: 0

      they could just pull the battery out and copy the data

  28. Re:law enforcement is dmca exempt! by Anonymous Coward · · Score: 0

    and the law doesn't reach their R&D activity in Israel.

    No, but a missile sure does.

  29. If you serve Grayshift employees... by Anonymous Coward · · Score: 0

    ...then stick your finger up your arse and run it lovingly around the lip of their cup. Do not pass up the opportunity to serve these malignant little nerds with something noxious.

    If you work in any other industry, then please adapt accordingly.

    We will see how confident they are of their staying power when their employees start contracting Hepatitis A for unknown reasons.

    This is the only way that we're ever going to teach vile little nerds like this about how society works.

  30. Re:law enforcement is dmca exempt! by Anonymous Coward · · Score: 0

    and the law doesn't reach their R&D activity in Israel.

    No, but a missile sure does.

    So Iran is our only hope?

  31. Why Wait An Hour? by WiseWeasel · · Score: 1

    This has always struck me as a dumb implementation. Why not simply require passcode to enable USB data mode with no timer? Plug in USB, get prompted for passcode. No passcode, no data.

    --
    "I like systems, their application excepted", George Sand (French)
  32. Re:law enforcement is dmca exempt! by Anonymous Coward · · Score: 0

    and then trump can get an emergency war order and force apple to put in unlock codes in the ios update.