Slashdot Mirror
Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature (vice.com)
Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.
That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.
That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.
Talk is cheap.
Show us a video, or it's just bullshit.
And what would the cops do if I just stopped USING my iPhone, didn't carry it, or... hell, didn't even HAVE one?!? NOW WHAT? HUH?!? NOW how are you going to break into it and root around in it, if I don't HAVE ONE?!? HUH?!?
CHECK, AND MATE, COPPERS!
(LOL... like I could really live without this damned thing...)
Our reign has gone on long enough. Indeed. Summon the meteors.
How many times do people charge their phone off a "public" USB charge port in an airport or on public transportation? Any one of those ports could be trying to slurp confidential data. Charge-only without authentication and permission should be default behavior for all phones.
Also, this isn't only about the US government and US police trying to unlock phones. This also protects US citizens against abuses by foreign governments -- i.e. the Chinese or Venezuelans confiscating someone's phone at an airport and "working on it."
Not to mention that not all US law enforcement are the good guys. Plenty of corrupt cops out there who want to snoop without a warrant.
This could be a separate timer, independent from the clock, or any backward changes to the clock could trigger a passcode entry screen. Interesting theory, but it can be easily tested.
"Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build"
Umm, if true, how stupid of them to say it.
Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on
Holy Crap! Should invest in those guys because they are from the future, so much so they have built in capabilities for bugs and security features that don't exist yet! So sweet! (Other than that, sounds like marketing on GrayShift's part)
How is this not a violation of the DMCA? Couldn't Apple simply bury these companies under mountains of lawsuits to make them go away?
Do what thou wilt shall be the whole of the Law - Aleister Crowley
law enforcement is dmca exempt!
Aren't the cops and their vendors violating the DMCA by hacking into Apple's phones?
Since hacking is illegal, why are cops buying from Grayshift instead of raiding their offices?
Because in practice it's only illegal to hack those whom the State favors. Hacking those who are not in the State's (and the corrupt individuals in power's) good graces for whatever reason is A-OK, especially if the State gets the benefit of obtaining the data in readable form. The only real exception to this is if the hacker(s) in question are also not seen favorably by those in power.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Also, GreyShift is an Israeli company, and historically the US government kowtows to Israel like nobody's-fucking-business.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Re "Do you all actually believe this?" .
PRISM https://en.wikipedia.org/wiki/... showed the USA and UK had ways in. Direct and for years. That US brands made junk crypto code to help the NSA.
The software and device and brand, all 'approved' updates then becomes a part of a NSA collect it all network.
End-to-end encryption is offered to keep gov workers and police under internal affairs investigation trusting their new devices.
Without repeated and updated reassuring tech news that the brand is still safe digital collection globally stops for the NSA.
PRISM and BULLRUN https://en.wikipedia.org/wiki/... DROPOUTJEEP https://en.wikipedia.org/wiki/...
The device and the network, the brands and the telcos are all open to gov/mil experts.
The only trick is to keep most users thinking the next product line will be secure because?
Brand reputation? Politics? Stock market? Lawyers? Skill of staff?
PRISM showed who experts are happy to be working for and with. Big government.
Domestic spying is now "Benign Information Gathering"
is for the next person who gets arrested and has their phone subjected to such hacking measures is to simply challenge it in court and demand to see everything about the extraction / bypass process.
After all, since you ARE hacking into the phone, we need to verify it's doing nothing nefarious and / or corrupting the data contained within it.
Much like how the LE Community will drop charges without revealing how / when / where they are using Stingrays, they'll drop the charges before they're forced to show their hand here as well.
I wonder how long it will be until somebody figures out how to implement a "dead man's switch" requiring a code to be entered at user-determined intervals, or the device would use all its remaining battery power to commit suicide.
I have a feeling it wouldn't be easy to extract data from a phone that decided to do its very best impression of a Note 7.
Added bonus: potential havoc at the cop shop.
I've calculated my velocity with such exquisite precision that I have no idea where I am.