There are plenty of ways around the lock screens, why doesn't law enforcement do a simple Google search and use the methods that have been exposed (most of them with no jailbreaking necessary)?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Has Backlog of Requests From Police to Unlock Seized iPhones
- Thread starter MacRumors
- Start date
- Sort by reaction score
There are plenty of ways around the lock screens, why doesn't law enforcement do a simple Google search and use the methods that have been exposed (most of them with no jailbreaking necessary)?
http://images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf
Page 9...
"The passcode is tangled with the devices UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers, or 2½ years for a nine-digit passcode with numbers only."
So the passcode is hashed, you don't simply remove it without breaking the hash. Granted a 4 digit pin code won't be that hard to break (about 20 - 40 mins).
I think if I were a criminal, I'd want a hack that enables a secondary password which when entered, wipes it, and then makes the battery overheat, fry the flash ram & start on fire. In the event you're captured, give them the secondary passcode, and viola.
...or dead-mans switch requiring you to enter a password every set period of time, or the device does a deep secure wipe & simply pings its location to your cloud account for you to retrieve it.
...& then makes it start ringing a loud beacon once you get close with anther device, to help zero in on it, making it useful in case of theft or loss as well.
It's not hard to think of useful security countermeasures.
FileValut doesn't limit passwords to 4 digits. Also users can change their iPhone settings to allow long passwords.
FileVault does not have a backdoor. Some government agencies do have systems that can crack it in as little as a few minutes though.
----------
Uuuuuuh, you are totally incorrect. If there is a subpoena issued (which there would be if they are searching a suspect device) then Apple is required to provide any help they can. If they had the ability to remove the device password and did not, they could be cited with obstruction of justice and the *****torm that would cause for them.
Proper computer forensic protocol says you don't "unlock" devices and just poke around. You run a program that dumps a perfect copy of storage to a HDD and run forensic tools against THAT data. That leaves the original device available to be searched by other teamed (like defense lawyers) if needed.
I seen some agencies using devices from this company to pull the information.
http://www.cellebrite.com/mobile-forensic-products.html
http://www.cellebrite.com/forensic-solutions/ios-forensics.html
For the iPhone 2G - 4, it will directly display the password on the device itself. It looks like on the 4S and 5, they use a computer to help get into those.
http://www.cellebrite.com/mobile-forensic-products.html
http://www.cellebrite.com/forensic-solutions/ios-forensics.html
For the iPhone 2G - 4, it will directly display the password on the device itself. It looks like on the 4S and 5, they use a computer to help get into those.
http://www.macworld.com/article/2029998/understanding-ios-passcode-security.html
"This is where the passcode comes into play: When you turn the passcode lock on, a technology called Data Protection kicks in, causing a new encryption key to be generated...
Crucially, the passcode itself is used as part of the encryption key, and then discarded when the device later locks. This way, iOS becomes physically unable to decrypt the data until the user re-inputs the passcode.
Because the passcode is not stored anywhere on the device, the only way to decrypt the data without it is to use a brute-force approach: that is, to try all the possible codes until you find the right one."
Who says its a free request.
And yes in some cases buying $1000 software to do it yourself and have faster turn around is better than waiting for the original company to do it but on their 'first come, first serve unless the courts order us to jump someone to the front' system
----------
That way also puts the phone out of service and wipes the data,marking it harder to get to.
Apple wrote the software so they know where the phones records the passcode entered. They also know how a phone and computer are linked so you can backup a phone even if locked so long as it was ever backed up on said computer. It wouldn't be that hard for them to harvest this info, clone the data etc
Wow, that fast? Even with multiple characters and non lexicographical passwords? Makes you wonder why bother implementin any cryptography at all if at the end of the day the are always that easily crackable with the right tools. And as we well know the right tools easily find their way into the wrong hands.
Does anyone wonder why the backlog is so long? This should prove other LEO agencies are getting this done all the time.
Dude! Theres an app for that! But seriously don't forget to add the Mission Impossible sub-distruct sequence!
Yeah, for 4 digits. It doesn't take a computer long to brute force shy of 10,000 combinations. It's when you add the alphanumeric passcode it gets interesting. We do "Pod Slurping" as a group at university (outside of the curriculum, but relevant to our degree) and we find it particularly difficult to get into devices with more than 6 digits. We have access to a distributed computing network, so we have roughly 20 Core i7's running an attack on an iPhone 4, 4S or 5. Usually takes around 10 minutes. We tried breaking an 8 digit mixture of LC/UC, special characters and numbers, but we ran out of time trying to get into it.
If Apple have a way of getting into the device, it's either very well hidden, or they have a way of knowing what the key value is. I'd guess it's the latter, otherwise others would have probably found it by now.
As far as I know, any device before the iPhone 4 and original iPad doesn't have the 256bit encryption, am I right?
Yes, it's easy to "think" of almost anything. It's called fantasizing. Actually doing something in the real world is a whole different ballgame.
Hi,
To start with: Cellebrite's UFED Physical analyzer only works up to the iPhone 4. 4s, 5 iPad3 etc. are safe.
UFED only uses what's public available for a long time. They upload custom code via Limerain boot rom exploit, open an ssh connection and dumping the devices ROM via scp or similar. I've done this my self a few times - also great for recovering pictures from phones in the "connect to itunes" recovery state.
The deal with the iPhones 4s and 5 is, that there is no "public" known way of booting the phone via cable. Just compare it to your computer where you have the choice of booting from your HDD or from a DVD. The iPhone (and many other devices like game consoles etc.) online accepts and boots firmware that is digitally signed by an unknown private key. You can bypass this thru limerain in older devices.
Apple however of course has this very private key to sign offical ios releases. They can sign pretty much everything what they like themselves to sign. So Apple is able to boot the latest iPhone models via USB-Cable without destroying the contents. After booting the phone they can easily extract the contents of the flash memory. Cracking the 4 digit passcode is a matter of minutes. If the passcode however is complex like "§"§$EADSFCE$&%$"§21323!" neither apple nor the government are able to extract the date - at leaste if the encryption is done propperly.
I do a lot of forensic work an I never ever have seen a seized iPhone that had the complex password enabled. Breaking the 4 digit code is easy after retreiving the phone's memory contents.
bye
Darky
To start with: Cellebrite's UFED Physical analyzer only works up to the iPhone 4. 4s, 5 iPad3 etc. are safe.
UFED only uses what's public available for a long time. They upload custom code via Limerain boot rom exploit, open an ssh connection and dumping the devices ROM via scp or similar. I've done this my self a few times - also great for recovering pictures from phones in the "connect to itunes" recovery state.
The deal with the iPhones 4s and 5 is, that there is no "public" known way of booting the phone via cable. Just compare it to your computer where you have the choice of booting from your HDD or from a DVD. The iPhone (and many other devices like game consoles etc.) online accepts and boots firmware that is digitally signed by an unknown private key. You can bypass this thru limerain in older devices.
Apple however of course has this very private key to sign offical ios releases. They can sign pretty much everything what they like themselves to sign. So Apple is able to boot the latest iPhone models via USB-Cable without destroying the contents. After booting the phone they can easily extract the contents of the flash memory. Cracking the 4 digit passcode is a matter of minutes. If the passcode however is complex like "§"§$EADSFCE$&%$"§21323!" neither apple nor the government are able to extract the date - at leaste if the encryption is done propperly.
I do a lot of forensic work an I never ever have seen a seized iPhone that had the complex password enabled. Breaking the 4 digit code is easy after retreiving the phone's memory contents.
bye
Darky
Easy for Apple to do
Apple probably has some kind of JTAG type debugging interface which allows them to read the raw contents of the flash die (this might take hours or days though). Then using the secret Apple private key, they can start to unroll the boot sectors and keychain using an ICE or perhaps Xcode debugger, just like the normal iPhone cpu does at boot time. Then they read the file system, and then find the PIN, and then return it to the cops.
Apple probably has some kind of JTAG type debugging interface which allows them to read the raw contents of the flash die (this might take hours or days though). Then using the secret Apple private key, they can start to unroll the boot sectors and keychain using an ICE or perhaps Xcode debugger, just like the normal iPhone cpu does at boot time. Then they read the file system, and then find the PIN, and then return it to the cops.
That depends on how serious the crime is and what other incriminating evidence exists. A charge of spoilation of evidence (for you and your friend) might be something you don't want to face, or it might be preferable if the crime is serious enough and they don't have good evidence without the phone's contents.