Apple Has Backlog of Requests From Police to Unlock Seized iPhones

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 10, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Apple has created a 'waiting list' for law enforcement requests to unlock seized iOS devices, according to a report from CNET.

    The article notes a case in Kentucky where the Bureau of Alcohol, Tobacco, Firearms and Explosives was the lead agency, and investigators contacted Apple for assistance after they were unable to locate any law enforcement agency in the country with the forensic capabilities to unlock an iPhone crucial to the case.

    The agency contacted Apple but was told by a representative in Apple's litigation group that there would be a seven-week delay.
    While it's easy to erase an iPhone when it has been locked, for law enforcement, it appears to be considerably more difficult -- but not impossible -- to retrieve data from seized devices.

    In its privacy policy, Apple says it may disclose personal information "by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence" or "if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate."

    Article Link: Apple Has Backlog of Requests From Police to Unlock Seized iPhones
     
  2. macrumors 65816

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #2
    Seems strange as there are products that can do it for them. Then again that means they have to purchase software rather than just file a free request with Apple.
     
  3. macrumors 6502a

    AppleMark

    Joined:
    Jun 17, 2009
    Location:
    The CCTV Capital of the World
    #3
    There is a guy in my local mall who will do it for them for only £15...
     
  4. macrumors 6502a

    Joined:
    Aug 12, 2009
    #4
    Hmm...this seems a little vague:

     
  5. macrumors 68020

    Joined:
    Apr 2, 2008
    Location:
    LongIsland/NYC
    #5
    I always wondered this. Apple has to have a way to bypass security passcodes, but I'm assuming only a handful of people actually can.
     
  6. macrumors 65816

    Nightarchaon

    Joined:
    Sep 1, 2010
    #6
    If Apple has a way, then that is a security hole waiting for the jail-breakers to discover.
     
  7. macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #7
    No doubt that's intentional. "Let's give ourselves massive scope, and cover ourselves as much as possible; and hope users don't read the policy (& EULAs) and raise a fuss about the implications." I'd imagine it's the same at most/all companies.
     
  8. macrumors regular

    Joined:
    Oct 24, 2007
    #8
    Of course it is, and deliberately so.
     
  9. macrumors 604

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #9
    Of course! All those obscure combinations of pressing buttons for specific amounts of times to get around the lockscreen aren't bugs - they're the secret backdoor Apple left for themselves!
     
  10. andyplace, May 10, 2013
    Last edited: May 10, 2013

    macrumors member

    Joined:
    Jun 18, 2009
    #10
    Unlikely. Apple has a ramdisk that they execute via DFU/iBoot that allows access to the filesystem, very similar to the ones used by forensic companies.

    However, since the iPhone 4S and beyond, these ramdisks stopped working for forensic companies when Apple made the bootrom DFU code bulletproof (there are no exploits for it).

    Only Apple can make their ramdisk work on the device because they have to codesign it with their private key AND obtain the proper personalisation signing for the device's identifiers and random NONCE. (Getting all these signatures for production devices could be time consuming without a lot of pre-existing tools to automate it. The personalisation process also varies between 4S/5/iPad 2/iPad 3/iPad mini. Normally iTunes mediates this during device restores to production iOS releases).
     
  11. macrumors 65816

    Joined:
    Apr 22, 2008
    #11
    £ and 'mall' in the same sentence - culture clash!
     
  12. macrumors 65816

    Joined:
    Jan 9, 2007
    #12
    Makes me wonder about the Filevault 2 encryption and if Apple has any back doors in it.
     
  13. macrumors 603

    Rocketman

    #13
    I have concerns Apple is using the "if we determine that for purposes of . . ." portion of the text to assist authorities with bypassing security purchased with the device. Even if the justification is some sort of legal order, Apple is not required to extend special skills to that end. That is a choice.

    The police may feel they are permitted, contrary to constitutional language, to have unlimited access to people's "papers and things", but that is not the case. Even court ordered requests to produce are limited to what is available and possible. Lots of production requests go unfilled because of intentional destruction of evidence, encryption, and many other means.

    Rocketman
     
  14. macrumors 6502a

    AppleMark

    Joined:
    Jun 17, 2009
    Location:
    The CCTV Capital of the World
    #14
    Maybe, maybe not... Maybe it depends on how limited your ability is to deduce otherwise....?
     
  15. macrumors 65816

    Joined:
    Mar 24, 2010
    #15
    Well they do store your password...
     
  16. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #16
    Without erasing any data?
     
  17. macrumors 601

    gotluck

    Joined:
    Dec 8, 2011
    Location:
    East Central Florida
    #17
    I thought ifunbox gave access to the filesystem of a locked ios device. I must be mistaken.
     
  18. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #18
    Four digit passcode. Ten thousand attempts.

    You know you can change the passcode to more digits, or to digits and letters? The encryption is designed so that each possible password takes about a tenth of a second to try. So 8 digits will take about four months.
     
  19. macrumors 65816

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #19
    No it's not. Removing the password through a function built into the OS doesn't allow you to gain the root access you need to be able to compile and run custom software. These are two totally different things.
     
  20. macrumors 65816

    Nightarchaon

    Joined:
    Sep 1, 2010
    #20
    it hurt my head , ive lived in San Diego USA and Manchester UK, and no where in the UK can i find anywhere i would call a MALL, although the trafford centre does come close.
     
  21. macrumors 65816

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #21
    FileValut doesn't limit passwords to 4 digits. Also users can change their iPhone settings to allow long passwords.

    FileVault does not have a backdoor. Some government agencies do have systems that can crack it in as little as a few minutes though.

    ----------

    Uuuuuuh, you are totally incorrect. If there is a subpoena issued (which there would be if they are searching a suspect device) then Apple is required to provide any help they can. If they had the ability to remove the device password and did not, they could be cited with obstruction of justice and the *****torm that would cause for them. :rolleyes:
     
  22. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #22
    Of course there is a security hole if you have a four digit passcode.

    Try 0 0 0 0.
    Try 0 0 0 1.
    Try 0 0 0 2.

    and so on.
     
  23. macrumors regular

    litmag01

    Joined:
    Jul 16, 2009
    #23
    The 8 didgit is also alphanumeric. Far, far, far more than 8 months.
     
  24. macrumors 6502a

    AppleMark

    Joined:
    Jun 17, 2009
    Location:
    The CCTV Capital of the World
    #24
    "Yes of course!!!"

    ...Well that's what he will probably tell them once they have given him the £15... I mean, they cannot access the phone so will not know what data is missing in any case.

    I am sure the suspect is not going cry about any missing data in these circumstances.. :)
     
  25. macrumors 68020

    smithrh

    Joined:
    Feb 28, 2009
    #25
    Are you sure?

    Are you really really sure?

    Are you really really really sure?

    Because there's an option (yes, I know, it's not mandatory) that will erase your phone after 10 failed attempts.
     

Share This Page