Apple Releases iOS 11.4.1, Blocks Passcode Cracking Tools Used By Police (theverge.com)

← Back to Stories (view on slashdot.org)

Apple Releases iOS 11.4.1, Blocks Passcode Cracking Tools Used By Police (theverge.com)

Posted by BeauHD on Monday July 9, 2018 @11:20AM from the cease-and-desist dept.

An anonymous reader quotes a report from The Verge: Apple today released iOS 11.4.1, and while most of us are already looking ahead to all the new stuff coming in iOS 12, this small update contains an important new security feature: USB Restricted Mode. Apple has added protections against the USB devices being used by law enforcement and private companies that connect over Lightning to crack an iPhone's passcode and evade Apple's usual encryption safeguards.

If you go to Settings and check under Face ID (or Touch ID) & Passcode, you'll see a new toggle for USB Accessories. By default, the switch is off. This means that once your iPhone or iPad has been locked for over an hour straight, iOS will no longer allow USB accessories to connect to the device -- shutting out cracking tools like GrayKey as a result. If you've got accessories that you want to continue working after your iPhone has been sitting locked for awhile, you can toggle the option on to remove the hour limit. Apple's wording is a bit confusing. You should leave the toggle disabled if you want your iPhone to be most secure.

56 of 129 comments (clear)

Min score:

Reason:

Sort:

Thanks by saloomy · 2018-07-09 11:21 · Score: 5, Insightful

I feel better now that if anyone wants to access my phone, they need to ask me first. If only the carriers would stand up for us the same way.
1. Re:Thanks by saloomy · 2018-07-09 11:24 · Score: 5, Insightful
  
  Note: I realize there are probably other vulnerabilities out there, and this will probably be a never-ending game of chess between law enforcement / authoritarian governments, and big tech. It is just great to see them pushing back against George Orwell's 1984.
2. Re: Thanks by Anonymous Coward · 2018-07-09 11:34 · Score: 1
  
  With Android, you don't have to use a "Grey Key", any old app from the Google Play Store will do.
  Microsoft... man I'm not going to even touch that one. Last time the "patched" a bug, they broke L2TP VPNs
3. Re:Thanks by dgatwood · 2018-07-09 12:00 · Score: 5, Insightful
  
  It already exists. It's called "crack open the phone immediately". I'd be a lot more impressed with this technology if the user could configure the time all the way down to zero. There's no valid reason to allow new external devices to be probed while the phone is locked—not even one second after the phone is locked. The user can't do anything with those external devices without unlocking the device anyway.
  This is, of course, as opposed to communicating with existing, known devices while the device is locked, which could be used by things like docks. Basically, it should stop probing for new devices immediately, and lock the port when the last device disappears, or immediately if there's nothing plugged into the port.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
4. Re: Thanks by saloomy · 2018-07-09 12:17 · Score: 2, Informative
  
  First, Apple's hardware consistently outperforms the competition. Do you actually research? iPhones have the fastest bench marks in the industry. That really isn't disputed, by anyone.
  Second, they are a corporation, of course they are profit driven. You think Google and Samsung hawk phones for the goodness of their souls or some religious calling? Please. Take a fucking chill pill and calm the fuck down.
5. Re:Thanks by hcs_$reboot · 2018-07-09 12:18 · Score: 1
  
  What about Android?
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
6. Re: Thanks by Anonymous Coward · 2018-07-09 12:41 · Score: 1
  
  Google thinks customers first and worried about money later. And no, their hardware IS crap. AND THEY DO NOT OUTPERFORM.
  Iâ(TM)ve done more research than you will ever. If you want a decent laptop without a piece of shit unless touch bar ur stuck with a 4 year old chipset. Take a look macroumwrs buying guides for their computers and see which ones are on âdonâ(TM)t buyâ(TM). What the fu k is with the air, and the Mac mini. The iMac pro is an overpriced piece of shit that Mac frantics are racing overs. Where can you find a VR supported Mac. They just suck. Behind the times, or stuck at the times of thinking they can wow their base by crappy gimmicks, and shaving off a few mm from their laptop while killing the battery. They are just dumb.
  They do not outperform shit. Ever since Steve jobs was gone, the fucking company went downhill. I hate them. They suck.
7. Re:Thanks by msauve · 2018-07-09 14:29 · Score: 2
  
  Orwell's 1984? It's more like Gilliam's Brazil.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
8. Re: Thanks by Anonymous Coward · 2018-07-09 19:09 · Score: 1
  
  2-button squeeze and the phone is immediately secured, no hour wait
  FTFY
9. Re: Thanks by TheFakeTimCook · 2018-07-09 21:48 · Score: 1
  
  Google thinks customers first and worried about money later. And no, their hardware IS crap. AND THEY DO NOT OUTPERFORM.
  Iâ(TM)ve done more research than you will ever. If you want a decent laptop without a piece of shit unless touch bar ur stuck with a 4 year old chipset. Take a look macroumwrs buying guides for their computers and see which ones are on âdonâ(TM)t buyâ(TM). What the fu k is with the air, and the Mac mini. The iMac pro is an overpriced piece of shit that Mac frantics are racing overs. Where can you find a VR supported Mac. They just suck. Behind the times, or stuck at the times of thinking they can wow their base by crappy gimmicks, and shaving off a few mm from their laptop while killing the battery. They are just dumb.
  They do not outperform shit. Ever since Steve jobs was gone, the fucking company went downhill. I hate them. They suck.
  You truly need to seek help. You are not even a little bit rational.
10. Re: Thanks by TheFakeTimCook · 2018-07-09 21:49 · Score: 1
  
  Also he is posting from iOS.....
  Nice!
11. Re:Thanks by TheFakeTimCook · 2018-07-09 21:55 · Score: 1
  
  It already exists. It's called "crack open the phone immediately". I'd be a lot more impressed with this technology if the user could configure the time all the way down to zero. There's no valid reason to allow new external devices to be probed while the phone is locked—not even one second after the phone is locked. The user can't do anything with those external devices without unlocking the device anyway.
  This is, of course, as opposed to communicating with existing, known devices while the device is locked, which could be used by things like docks. Basically, it should stop probing for new devices immediately, and lock the port when the last device disappears, or immediately if there's nothing plugged into the port.
  While I agree, I am sure the one-hour timeout was set to balance security against convenience.
  Having said that, the only reason I can think of to make the timeout non-adjustable is that makes it somewhat less vulnerable to hacking.
12. Re:Thanks by AmiMoJo · 2018-07-09 22:04 · Score: 1
  
  I don't see why they didn't make the time-out zero. On Android it's zero, every time you plug a USB cable in you have to unlock and enable the data connection if you need it.
  What were Apple thinking?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
13. Re: Thanks by Highdude702 · 2018-07-10 00:14 · Score: 1
  
  I will agree with him on the laptop/desktop front.. However I've never liked apple, since the 90's when I was forced to use their garbage computers at school. Seems like the computers that actually needed to do real world work like the ones in my drafting classes, were PC's. Either way, there is no denying that iPhones are the best product apple has ever made, and the only phone I will consider using. However, jailbreaking is a must, which adds a bunch of work to keep secure. Android.. well they have been garbage since they came out. The Pixel was supposed to fix that and didn't.. Not to mention the insecure by default product model the phone vendors/carriers use.
14. Re: Thanks by TheFakeTimCook · 2018-07-10 04:08 · Score: 1
  
  Seems like the computers that actually needed to do real world work like the ones in my drafting classes, were PC's.
  You didn't reference whether you were talking about Apple //s or Macintoshes, both of which were in use in Education in the 1990s (the Apple // was sold until 1992, and there were STILL outcries from the Education market when they were discontinued). But I will assume you are talking about Macs.
  Real work?
  Matlab: First on Macs
  Excel: First on Macs
  GUI Microsoft Word: First on Macs
  PowerPoint: First on Macs
  Access: First on Macs (as Microsoft File)
  Visual BASIC: First on Macs (as Microsoft BASIC for Macintosh)
  Photoshop: First on Macs
  Aldus PageMaker (now called Adobe InDesign): First on Macs
  Aldus FreeHand: First on Macs
  Adobe Illustrator: First on Macs
  Adobe Acrobat: First on Macs (I believe)
  Macromedia Dreamweaver: First on Macs
  Human Genome Project: Exclusively done on Macs
  And there are undoubtedly more; but that's the ones I can remember without ANY research.
  Think there was any "real work" being done on those Applications? Or do you only consider that horrible PC CAD Application, AutoCAD (which was also released for the Mac in the 1990s), as being the arbiter of "Real Work"? BTW, AutoCAD WAS available for Macs until 1992 (last release for Macs was 12.0), and then again after 2010 (through the present). So, there.
  And speaking of which, while you idiots were struggling with AutoCAD, we Mac users had VectorWorks (and before that, its 2D predecessor, the name of which escapes me), which did, and still does, whip ALL over AutoCAD.
15. Re:Thanks by tlhIngan · 2018-07-10 04:46 · Score: 1
  
  I don't see why they didn't make the time-out zero. On Android it's zero, every time you plug a USB cable in you have to unlock and enable the data connection if you need it.
  What were Apple thinking?
  To perhaps allow convenience for car owners who connect their phones to their cars via USB? Most of the time that's the most common use case so they'd connect their phones and drive away listening to tunes either directly over USB, via CarPlay or other option.
  It's one of those "balance" things - you have to allow for pretty much what 90% of the population really cares about (listening to tunes in the car) versus security.
  And since there's the SOS mode that's stupidly easy to trigger (press power button 5 times quickly - you can do it well under a second) that disables USB and biometrics instantly, this seems like a reasonable compromise.
16. Re: Thanks by saloomy · 2018-07-10 10:25 · Score: 1
  
  Here. Now you know.
Except: China by Bing+Tsher+E · 2018-07-09 11:38 · Score: 2

Except, Apple has done enough of some sort of *mumble*mumble* that China lets them sell their gadgets in China.
Do you really think if it's important, US agents don't bring it back with them from China to use here?
1. Re: Except: China by saloomy · 2018-07-09 11:46 · Score: 5, Informative
  
  Apple agreed to store Chinese data in China. This allows China to subpoena Apple for the data of its citizens.
  But, Apple has a modus operandi to process as much data on the phone as possible, and encrypt with user-held decryption keys what it stores on its servers. They didn't generate and give China a special master key or the like. Whatever you can say about them, within the confines of the various bodies of law they operate it, they seem to push for the most privacy-focused solution to privacy challenges.
Serious question: by CaptainDork · 2018-07-09 12:29 · Score: 4, Interesting

Why is this story always about iPhone?
Are Android and other mobile OS not an encryption concern for LEO?
Thanks.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Serious question: by GrandCow · 2018-07-09 12:34 · Score: 5, Interesting
  
  Correct, Android phones are (basically) an open book. There is some encryption but nothing near the level of protection of an iPhone. Yes, your friend isn't going to pick up your phone off the table and get past your passcode, but if someone with resources wants in to an Android phone, they're getting in fairly easily.
  
  --
  "Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
2. Re:Serious question: by CaptainDork · 2018-07-09 14:29 · Score: 3, Informative
  
  Why in simple hell is a question modded down?
  I don't have an agenda. I just want to know why iPhones are the story and no other phones are, apparently, a concern.
  And I ended it politely.
  
  --
  It little behooves the best of us to comment on the rest of us.
3. Re:Serious question: by CaptainDork · 2018-07-09 14:31 · Score: 1
  
  Thank you for the answer. I truly did not know. I've only owned an iPhone because work has paid for it.
  
  --
  It little behooves the best of us to comment on the rest of us.
4. Re:Serious question: by Arkham · 2018-07-09 15:31 · Score: 3, Informative
  
  Why in simple hell is a question modded down?
  I don't have an agenda. I just want to know why iPhones are the story and no other phones are, apparently, a concern.
  And I ended it politely.
  Because many, many Android phones have unpatched vulnerabilities.
  https://www.cnet.com/news/repo...
  https://techtoday.io/71-of-and...
  There are lots of articles. The number varies between 50% and 90% of phones. Even if the manufacturer by some miracle decides to update the phone, the carrier probably won't. Only a few phones (mostly Google devices) get updates direct from Google, and carriers don't generally push those because they get incentives from HTC, Samsung etc to sell the other phones instead.
  
  --
  - Vincit qui patitur.
5. Re:Serious question: by Anonymous Coward · 2018-07-09 16:17 · Score: 2, Informative
  
  Currently all Android devices let you boot the device into a boot loader configuration where it doesn't load an operating system, all using nothing more than the buttons on the front and sides of the device.
  Then basic debugging features can be enabled and through the USB port one can block copy the entire internal flash device.
  The exact procedure can be different depending on the model and manufacturer of the hardware.
  For my Nexus you just boot it up holding down power and volume-down buttons.
  Apple has never allowed direct access to the boot loader in their devices, and as I recall it was around the iPhone 4 period when they started seriously fighting against any side attacks in use to convince the boot loader to behave otherwise with exploits.
  This is conjecture now, but it seems this is down to the app store.
  Jailbreaking was a pretty big scene to that point, and the main alternate app repository (cydia) had added payment handling and the ability to purchase apps from developers.
  I suspect Apple didn't want to give up their lock down on this lucrative bit of their system.
  Google never really care about that, so much so that adding another app store repository can be done by the end user through the GUI pretty easy.
  There wouldn't be much concern about running your own software on the device when you have physical access (via boot loader debug commands) because they outright allowed you to run your own software on the device when you have physical access (via the GUI)
  There was a story recently on slashdot about, I think it was Samsung?, who is planning to completely disable this and lock down their boot loaders similar to Apple, such that the OS can't be interrupted, with speculation in the comments that they also planned to disable side loading of apps.
  I have no idea if this was anything more than rumor or not, but if that starts happening by more manufacturers perhaps the situation will be different in the near future.
6. Re:Serious question: by hankwang · 2018-07-09 16:51 · Score: 3, Insightful
  
  The flash device is encrypted using a random-generated (strong) key that's stored on the phone but not on the flash device; the key itself is not derived from the PIN; instead, the key can be accessed only using the PIN . The secure subsystem will not allow brute-forcing the PIN, deleting the decryption key after too many attempts. So downloading the flash device will give you a lot of random numbers, at most telling you how much of the flash storage was in use. (Are you sure that you don't need to unlock the bootloader first? Unlockimg it will also result in a factory reset and erasing of the decryption key).
  It's possible that some manufacturers don't have the secure subsystem (some Samsung devices on Android 4 required a long alphanumeric screen unlock code if device encryption was on, wtf?) but I would be surprised if this is the case for Nexus 5 and later.
  Maybe Swillden, our local Android security expert, will chime in.
  
  --
  Avantslash: low-bandwidth mobile slashdot.
7. Re:Serious question: by Anonymous Coward · 2018-07-09 21:42 · Score: 1
  
  Yeah, this isn't enough. Android copies passwords in clear text through java, has no hardware root of trust -- because it cannot due to the whole "we want to sell as much of this shit information gathering OS to as many hardware vendors as possible" business model -- and a host of other issues. Android is far superior in terms of user choice, but it is shit in avoiding tracking you and anything to do with security. Likewise, Apple is complete trash in terms of cost, user choice, and basically everything else. If you want security and easy to use -- you go Apple. If you want anything else, you go Android.
8. Re:Serious question: by AmiMoJo · 2018-07-09 22:10 · Score: 1
  
  Nope, Android devices are more secure than the iPhone.
  Take the Pixel 2. Flash memory is encrypted with a key, same as the iPhone. Key is stored in a secure element, same as the iPhone. Arbitrarily long passwords supported, same as the iPhone.
  But where Android is better is that you need to unlock the phone and enable USB data every single time you want to use it. There is no time-out, the moment you unplug the USB cable it's locked to charge only/host mode again.
  Some manufacturers go even further, e.g. Samsung with it's "Knox" system, which was certified by the NSA and DoD.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
9. Re:Serious question: by AmiMoJo · 2018-07-09 22:14 · Score: 1
  
  Mainly because Apple is way behind on this (Android locks USB data transfer the moment you unplug the cable, no one hour time-out or any of that nonsense) and we don't see unlock devices being sold for Android phones that claim to be secure.
  For example, where are the unlock devices for the Pixel 2 or Galaxy S8 with Knox enabled?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
10. Re:Serious question: by AmiMoJo · 2018-07-10 00:43 · Score: 1
  
  Huh, hard to tell what triggered the poor mod in that one. Android isn't security flaw ridden is somehow offensive to them??
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
11. Re:Serious question: by ClaraBow · 2018-07-10 02:48 · Score: 1
  
  Great point. This needs to be moded up!
12. Re:Serious question: by Bearhouse · 2018-07-10 03:20 · Score: 1
  
  Are Android and other mobile OS not an encryption concern for LEO?
  They don't have any Android phones in Low Earth Orbit; couple of iPhones on the ISS, I hear...
13. Re:Serious question: by CaptainDork · 2018-07-10 15:55 · Score: 1
  
  Thank you.
  I was puzzled that two companies are making a buck selling exploits for iPhone but there's no equivalent cottage industry for Android and Windows.
  I appreciate your answer.
  
  --
  It little behooves the best of us to comment on the rest of us.
Can one turn on the lock immediately? by BitterOak · 2018-07-09 12:44 · Score: 3, Interesting

What if you will be out driving and don't want the police to have access to your phone, but don't want to wait one hour after using it before leaving the house? Is there a way to bypass the one-hour wait feature and tell the phone to immediately disable the USB when you next lock the phone? People should be able to activate maximum device security whenever they please.

--
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
1. Re:Can one turn on the lock immediately? by _merlin · 2018-07-09 19:53 · Score: 2
  
  Buy a Samsung phone? Samsung Android phones always require unlocking before a USB connection will work. I don't know why it's suddenly a big deal when Apple does this.
Warrant by Elfich47 · 2018-07-09 13:01 · Score: 1

So you have an hour to get the phone to the lab and have the warrant in hand before cracking it. That means taking a cop away from a crime scene to transport a single phone, get a warrant and have the tech standing by the moment the phone gets to the tech. All while maintaining chain of evidence and custody. That is assuming that the cops find the phone at minute zero. The cops don't know how much time is left on the count down when they find the phone. The police are going to get into Keystone cops/Benny Hill adventures where every time they find a phone someone has to go tearing off to get a warrant and rush the phone to the technician. And if another phone is found five minutes after the cop leaves another warrant request and cop will be needed to transport the new phone to the technician. You are going to end up with angry judges and technicians answering "Really, I just signed a warrant to search the previous phone, stop bothering me until you can itemize all the phones you want to search" and technicians complaining all the other work they have to get done is being punted by people running in "You have to unlock this phone before the time limit"

--
Architectural plans are like computer source code with a couple of differences: You only compile once.
1. Re:Warrant by dgatwood · 2018-07-09 13:08 · Score: 4, Insightful
  
  So you have an hour to get the phone to the lab and have the warrant in hand before cracking it.
  Nope. You have an hour for the cop to take the logger device out of his or her pocket, crack the phone, and extract the data into a storage device, under an "exigent circumstances" exception. In the best-case scenario, they then must obtain a warrant to extract the data from the storage device and rifle through it. Either way, you can safely assume that time-limited access means that warrant requirements will get weakened to accommodate that time limit. The only limit that won't inevitably lead to the rapid erosion of our fourth amendment rights is a zero-length limit.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
Excellent by gweihir · 2018-07-09 13:18 · Score: 4, Interesting

Law enforcement of all colors has amply demonstrated that they do not understand device security and why it is important. Hence this is good news.
Incidentally, if you let the police decide what freedoms and protection against the state people have, you end up with a police-state. These people have entirely the wrong mindset. When you remember that the primary purpose of the police is protecting the rich and powerful and fighting (slave) upraisings, this becomes much more obvious. All that "to serve and protect" crap is basically propaganda.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1. Re:Excellent by AmiMoJo · 2018-07-09 22:21 · Score: 1
  
  Hence this is good news.
  I'm not so sure. If they cared about security they would make the time-out zero seconds, not one hour. What is the reason for that extremely long time-out?
  Smells like someone put pressure on them to allow that one hour window of vulnerability. Maybe it's a compromise to avoid a fight with the government, allowing them to access phones they are really interested in why making the public think that Apple is protecting them.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:Excellent by gweihir · 2018-07-10 06:25 · Score: 1
  
  This is probably a compromise with usability, as, if I understand this right, devices get kicked after this one hour. The GrayKey needs apparently 11h on average for a 6 digit PIN and much longer for a longer one. Id this time is typical for all such tools (and I would think the limiting factor is the phone, not the external attack box), then 1h of "vulnerable" time is not much of a vulnerability.
  They should make this configurable down to zero though.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Re:You're being played! by gweihir · 2018-07-09 13:41 · Score: 4, Insightful

The NSA has no interest in criminals...

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Battery Drain? by Kozar_The_Malignant · 2018-07-09 13:56 · Score: 3, Interesting

My concern about 11.4.1 is does it fix the horrible battery drain of 11.4? I'll update tonight, because i have nothing to lose.

--
Some mornings it's hardly worth chewing through the restraints to get out of bed.
1. Re:Battery Drain? by KidSock · 2018-07-09 16:20 · Score: 1
  
  I want to know this too please.
How much do you think logger devices cost??? by SuperKendall · 2018-07-09 13:56 · Score: 1

Nope. You have an hour for the cop to take the logger device out of his or her pocket
I assure you there is NO WAY some magic iPhone cracker device (which remember still has to break through passcode security) is inexpensive enough there is going to be more than one per city, and probably only major cities at that. If there is a cop close at hand with one it would probably mean they had spent months gathering evidence on an extremely guilty person.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:How much do you think logger devices cost??? by dgatwood · 2018-07-09 16:20 · Score: 2
  
  I assure you there is NO WAY some magic iPhone cracker device (which remember still has to break through passcode security) is inexpensive enough there is going to be more than one per city, and probably only major cities at that. If there is a cop close at hand with one it would probably mean they had spent months gathering evidence on an extremely guilty person.
  At $16k, they're barely half the cost of a police car. And I'd imagine they'll get cheaper in quantities.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
2. Re:How much do you think logger devices cost??? by dgatwood · 2018-07-10 07:58 · Score: 1
  
  On the contrary. If most users are using something that limits the time window, it will be "necessary" to have more of these.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
Very probably by SuperKendall · 2018-07-09 13:58 · Score: 3, Informative

Is there a way to bypass the one-hour wait feature and tell the phone to immediately disable the USB
There is already the button press combo to force a passcode be required to unlock vs. a fingerprint or FaceID, I imagine that would also trigger the USB lock.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Re:You're being played! by Bing+Tsher+E · 2018-07-09 15:04 · Score: 1

Nobody EVER backs up their phone to the cloud.
Re:Crime by design? by Anonymous Coward · 2018-07-09 15:22 · Score: 1

LE LE LE LE LE LE. Now that you got that LEO worship out of your system, let me tell you why you speak like a true slave. I don't care that the cops can't hack my phone. The 5th should extend to devices we carry our life in.
If the phone is hackable, it is hackable by anyone with the technology. Cops aren't the only ones who can do it, in fact they weren't the ones who figured it out, an Israeli company did who is now selling the device. So the cops are probably not the target for the fix either. The hack is available to anyone with the money to buy the hacking device, which could mean any border patrol agent who temporarily takes your devices out of sight, any spy agency, anyone curious enough to go through your lost phone couple years from now (tech gets simpler and cracking a 4S is now child's play).
Let's see them... by NewtonsLaw · 2018-07-09 15:33 · Score: 3, Interesting

Let's see them try to break into my voice/SMS-only 2G bar-phone with their fancy gear! Bahahah!
But seriously, this might mean that lawmakers will be more predisposed to drop the need for a search warrant in respect to searching someone's phone. It would be much easier to lobby that the need for a warrant could now significantly hamper investigations because of the short window of opportunity.
So don't look too smug, Apple may have shot you all in the foot.
Re:Crime by design? by Arkham · 2018-07-09 15:48 · Score: 4, Insightful

Now. I really gotta wonder about this one though. They are actively trying to put a stop to law enforcement gaining access to devices they have confiscated? Who does this? Why would someone do this? It's one thing to make a product very secure and shrug when LE finds a way around it to get evidence, but it's an entirely another thing when one sees what LEO is doing to break into devices and FIXING IT!
The problem with this logic is assuming that US law enforcement are the only ones trying to break into locked phones. Apple sells more phones around the world than they do in the US. It could be oppressive nation-states looking to punish citizens who oppose them, or criminals looking to steal peoples' identity, money, etc.

--
- Vincit qui patitur.
Re:its not about security by andymadigan · 2018-07-09 19:20 · Score: 4, Informative

Settings > Face ID & Passcode > Erase Data [toggle]

Description: "Erase all data on this iPhone after 10 failed passcode attempts"

WTF are you talking about? My iPad had this setting disabled, and somehow got into a state where it wouldn't accept the passcode while charging over lightning (thus resulting in many 'failed passcode attempts'). It eventually locked me out for an hour after multiple failed attempts, but it never erased the device. The lock-out is temporary, no data was lost.

Oh, and backup isn't a paid service. My iPhone and iPad are both backed up to iCloud, and (combined) they're using less than 1GB of the free 5GB plan. If you really want a full backup of the phone (including the binaries of the apps), then you have to backup to a computer using iTunes, also free.

I do wish iOS had the capability to backup directly to a NAS (with encryption) like Time Machine, but I doubt Android has that capability either.

--
The right to protest the State is more sacred than the State.
How is this going to work? by shubus · 2018-07-09 20:42 · Score: 1

I typically plug the charger into my iPhone at night for use the next day. This new feature would seem to indicate that the port will be disconnected after one hour. The question that comes to mind is how does one get a full charged iPhone. One would hope that the software is able to determine if an "external device" is plugged in or a charger.
1. Re:How is this going to work? by TheFakeTimCook · 2018-07-09 22:12 · Score: 3, Interesting
  
  I typically plug the charger into my iPhone at night for use the next day. This new feature would seem to indicate that the port will be disconnected after one hour. The question that comes to mind is how does one get a full charged iPhone. One would hope that the software is able to determine if an "external device" is plugged in or a charger.
  It specifically allows charging even when the USB data path is disabled.
2. Re:How is this going to work? by shubus · 2018-07-10 06:19 · Score: 1
  
  That's what I was hoping.
Need to be quicker than the SOS trigger too by Immerial · 2018-07-09 23:44 · Score: 1

It's not just 1 hour... if they see you coming and trigger the SOS mode, you're screwed. So now you have to make sure you grab them when they are separated from their phone... so when the owner is asleep and the phone is charging, or shoot the owner I guess and grab the phone quickly, or hope to get them with their hands away from their phone and say hands-up/don't move.