Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature (vice.com)

Posted by msmash on from the not-so-soon dept.

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

10 of 128 comments (clear)

  1. Demo or it didn't happen by TheFakeTimCook · · Score: 4, Insightful

    Talk is cheap.

    Show us a video, or it's just bullshit.

    1. Re: Demo or it didn't happen by Anonymous Coward · · Score: 2, Insightful

      You're not their target audience, and it's probably not in their best interest to post a video.

  2. Not only cops ... by b0s0z0ku · · Score: 5, Insightful

    How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data. Charge-only without authentication and permission should be default behavior for all phones.

    Also, this isn't only about the US government and US police trying to unlock phones. This also protects US citizens against abuses by foreign governments -- i.e. the Chinese or Venezuelans confiscating someone's phone at an airport and "working on it."

    Not to mention that not all US law enforcement are the good guys. Plenty of corrupt cops out there who want to snoop without a warrant.

  3. Bluff = Stupidity by Rick+Zeman · · Score: 4, Insightful

    "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"

    Umm, if true, how stupid of them to say it.

  4. Re:GrayShift has time machines! by slew · · Score: 5, Insightful

    Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on

    Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)

    A more "rational" explanation is that Grayshift is sitting on (or at least wants people to believe they are sitting on) a few-zero day exploits that they think will keep them in business for the foreseeable future...

    Given the fact that the principals working at Grayshift are ex U.S. intelligence agency contractors and ex-Apple security engineers, I wouldn't be so quick to bet against them having a few zero-days lying around...

  5. DMCA by cob666 · · Score: 3, Insightful

    How is this not a violation of the DMCA? Couldn't Apple simply bury these companies under mountains of lawsuits to make them go away?

    --
    Do what thou wilt shall be the whole of the Law - Aleister Crowley
  6. Wait a tick... by TimMD909 · · Score: 3, Insightful

    Aren't the cops and their vendors violating the DMCA by hacking into Apple's phones?

    1. Re:Wait a tick... by SeaFox · · Score: 3, Insightful

      I guess the cops don't see the irony in their cheering for lawbreakers.

  7. Re:Confused by BlueStrat · · Score: 4, Insightful

    Since hacking is illegal, why are cops buying from Grayshift instead of raiding their offices?

    Because in practice it's only illegal to hack those whom the State favors. Hacking those who are not in the State's (and the corrupt individuals in power's) good graces for whatever reason is A-OK, especially if the State gets the benefit of obtaining the data in readable form. The only real exception to this is if the hacker(s) in question are also not seen favorably by those in power.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  8. Re:Confused by CanHasDIY · · Score: 3, Insightful

    Also, GreyShift is an Israeli company, and historically the US government kowtows to Israel like nobody's-fucking-business.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese