Slashdot Mirror
Apple Releases iOS 11.4.1, Blocks Passcode Cracking Tools Used By Police (theverge.com)
An anonymous reader quotes a report from The Verge: Apple today released iOS 11.4.1, and while most of us are already looking ahead to all the new stuff coming in iOS 12, this small update contains an important new security feature: USB Restricted Mode. Apple has added protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone's passcode and evade Apple's usual encryption safeguards.
If you go to Settings and check under Face ID (or Touch ID) & Passcode, you'll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device -- shutting out cracking tools like GrayKey as a result. If you've got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit. Apple's wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.
If you go to Settings and check under Face ID (or Touch ID) & Passcode, you'll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device -- shutting out cracking tools like GrayKey as a result. If you've got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit. Apple's wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.
Apple agreed to store Chinese data in China. This allows China to subpoena Apple for the data of its citizens.
But, Apple has a modus operandi to process as much data on the phone as possible, and encrypt with user-held decryption keys what it stores on its servers. They didn't generate and give China a special master key or the like. Whatever you can say about them, within the confines of the various bodies of law they operate it, they seem to push for the most privacy-focused solution to privacy challenges.
First, Apple's hardware consistently outperforms the competition. Do you actually research? iPhones have the fastest bench marks in the industry. That really isn't disputed, by anyone.
Second, they are a corporation, of course they are profit driven. You think Google and Samsung hawk phones for the goodness of their souls or some religious calling? Please. Take a fucking chill pill and calm the fuck down.
Is there a way to bypass the one-hour wait feature and tell the phone to immediately disable the USB
There is already the button press combo to force a passcode be required to unlock vs. a fingerprint or FaceID, I imagine that would also trigger the USB lock.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Why in simple hell is a question modded down?
I don't have an agenda. I just want to know why iPhones are the story and no other phones are, apparently, a concern.
And I ended it politely.
It little behooves the best of us to comment on the rest of us.
Why in simple hell is a question modded down?
I don't have an agenda. I just want to know why iPhones are the story and no other phones are, apparently, a concern.
And I ended it politely.
Because many, many Android phones have unpatched vulnerabilities.
https://www.cnet.com/news/repo...
https://techtoday.io/71-of-and...
There are lots of articles. The number varies between 50% and 90% of phones. Even if the manufacturer by some miracle decides to update the phone, the carrier probably won't. Only a few phones (mostly Google devices) get updates direct from Google, and carriers don't generally push those because they get incentives from HTC, Samsung etc to sell the other phones instead.
- Vincit qui patitur.
Currently all Android devices let you boot the device into a boot loader configuration where it doesn't load an operating system, all using nothing more than the buttons on the front and sides of the device.
Then basic debugging features can be enabled and through the USB port one can block copy the entire internal flash device.
The exact procedure can be different depending on the model and manufacturer of the hardware.
For my Nexus you just boot it up holding down power and volume-down buttons.
Apple has never allowed direct access to the boot loader in their devices, and as I recall it was around the iPhone 4 period when they started seriously fighting against any side attacks in use to convince the boot loader to behave otherwise with exploits.
This is conjecture now, but it seems this is down to the app store.
Jailbreaking was a pretty big scene to that point, and the main alternate app repository (cydia) had added payment handling and the ability to purchase apps from developers.
I suspect Apple didn't want to give up their lock down on this lucrative bit of their system.
Google never really care about that, so much so that adding another app store repository can be done by the end user through the GUI pretty easy.
There wouldn't be much concern about running your own software on the device when you have physical access (via boot loader debug commands) because they outright allowed you to run your own software on the device when you have physical access (via the GUI)
There was a story recently on slashdot about, I think it was Samsung?, who is planning to completely disable this and lock down their boot loaders similar to Apple, such that the OS can't be interrupted, with speculation in the comments that they also planned to disable side loading of apps.
I have no idea if this was anything more than rumor or not, but if that starts happening by more manufacturers perhaps the situation will be different in the near future.
Settings > Face ID & Passcode > Erase Data [toggle]
Description: "Erase all data on this iPhone after 10 failed passcode attempts"
WTF are you talking about? My iPad had this setting disabled, and somehow got into a state where it wouldn't accept the passcode while charging over lightning (thus resulting in many 'failed passcode attempts'). It eventually locked me out for an hour after multiple failed attempts, but it never erased the device. The lock-out is temporary, no data was lost.
Oh, and backup isn't a paid service. My iPhone and iPad are both backed up to iCloud, and (combined) they're using less than 1GB of the free 5GB plan. If you really want a full backup of the phone (including the binaries of the apps), then you have to backup to a computer using iTunes, also free.
I do wish iOS had the capability to backup directly to a NAS (with encryption) like Time Machine, but I doubt Android has that capability either.
The right to protest the State is more sacred than the State.