Apple Has Backlog of Requests From Police to Unlock Seized iPhones

[charlituna]

There's also precedence that if they have a search warrant, you would have to supply the passcode anyway.

More recent precedence is that you can't be forced to tell the passcode as that would be self incriminating. All depends on the jurisdication you are in at this point. They can ask but if you say no, that is that. Which is why they are having to find other ways into the devices

 

[slickvicpxx]

Should I goto Sony to get my decrypted data off my VIO?

'The ATF's Maynard said in an affidavit for the Kentucky case that Apple "has the capabilities'
The ATF's Maynard said "Apple has the capabilities"
Apple never said this
There is no direct quote from Apple in this article.

What about the privacy policy which states that apple may disclose the information to law enforcement?

The privacy policy that's referred to is about information you provide to Apple.
Not personal private information that's on your personal device.

There was talk about linking the passcode lock to iCloud
But I don't think Apple has done that yet.
That code is local on the device.
Apple or anyone would need to have possession of the device.
Any software encryption can be broken
It doesn't have to be done by the manufacturer.

What is the seven week delay for? and the waiting list?

Someone said that Apple said blah blah blah.
"according to a report from CNET" (on the MacRumors article).
and then "ATF says" )in the article from CNET)
not according to Apple
Apple didn't say anything about a 7 week delay.
Are you sure this isn't from Fox news?
This quote "bypass the security software" is from ATF
Apple would have to decrypt it just like anyone else.
They don't have a code to enter.
Apple doesn't have decryption software
but anyone could write it.
it's not Apple liability.
Apple didn't claim to be able to do that for anyone.

I developed a comparison to illustrate the misconception here.

if you bought a Sony VIO and stored all your personal data on it and encrypted it, and you are a terrorist, and the FBI finds your computer.
Is the FBI going to go to Sony to get the device decrypted?

No!

They are going to have their own forensic people, or...
They are going to go to Disk Savers
So why put Apple in the spotlight?
it's just bad PR that's all, it's not even about the passcode lock, it's just bad PR.

 

[Rajani Isa]

There is a guy in my local mall who will do it for them for only £15...

Are you talking carrier unlocks? That's not what they're talking here.

I have concerns Apple is using the "if we determine that for purposes of . . ." portion of the text to assist authorities with bypassing security purchased with the device. Even if the justification is some sort of legal order, Apple is not required to extend special skills to that end. That is a choice.

The police may feel they are permitted, contrary to constitutional language, to have unlimited access to people's "papers and things", but that is not the case. Even court ordered requests to produce are limited to what is available and possible. Lots of production requests go unfilled because of intentional destruction of evidence, encryption, and many other means.

Rocketman

If that clause was used to help the police get access to data on a phone, I don't see them using it short of something where time is crucial and they don't yet have a warrant (missing children, for example).

Of course not. You don't start with 0 0 0 0, you start with 1 2 3 4

I think I need to chagne the combo on my luggage.

 

[AppleMark]

Are you talking carrier unlocks? That's not what they're talking here.

I know..

 

[MegamanX]

There is no backdoor. What Apple has is expertise that makes it possible for example to try out 10,000 possible four digit passcodes without the device erasing itself. Basically the information that some hacker or the police might figure out, Apple has it already because they built the device. The difference between police and Apple here is that the police didn't spend time figuring out how to do it, that's all.

Apple still has no choice other than trying out all possible passcodes. With four digits, that's no big deal. With a password of 8 random letters and digits, it is basically impossible. Apple also has built-in some protection against brute force attacks like this by making the encryption so that trying each passcode takes considerable time (about a tenth of a second. More and users would complain that unlocking the phone with their passcode takes too long).

I think it is more Apple has a backdoor in.
There is nothing wrong with having a backdoor into something like the iPhone. It is pretty SOP for a lot of software. It comes in handy as a support tool as well. the software I work on we have backdoors to get into them. Now to use one of the back doors you require several other programs that are designed to work with it and you have to know how to active them in the device. Plus those other programs required also have several other things that must be present to work as well. AKA only a handful of us at the company can even use them and even then we do not see the customer passwords nor can access them. what we can do is create a new "admin" account. Very handy for resetting passwords or in dev land when one forgets what the account name was on said install. Or when one completely fries a current account.

back doors in and of themselves are fine and chances are Apple has them.

 

[firewood]

If Apple can do it, somebody else can too. It's just a matter of time ....

Since Apple designed the last few Ax chips, they probably have the hardware tools to remove these chips from the package and debug these chips (similar to how Chipworks gets die photos). If the erase logic is on one logic chip and the data is on another flash memory chip, then these chips can be "debugged" separately, without one being able to erase the other. This process would likely be very slow, thus a possible number of weeks of delay.

So, yes, maybe anyone with the A6 ASIC logic diagrams, chip debug tools, and the capability of removing and disassembling the A6 package can do this. You got those?

 

[OldSchoolMacGuy]

The software may not be certified and may not hold up in court.

Software doesn't have to be certified to be OK in court. One just has to be able to show what the software does (how it goes about collecting the info) and have the results be verifiable with another product too in some cases.

NIST and FBI both have a certification process but the FBI one can take years. Generally they're a couple versions behind but that doesn't mean they don't run the current version out.

----------

Proper computer forensic protocol says you don't "unlock" devices and just poke around. You run a program that dumps a perfect copy of storage to a HDD and run forensic tools against THAT data. That leaves the original device available to be searched by other teamed (like defense lawyers) if needed.

That use the be the case but we've seen plenty of live forensics in the past 5 or so years. As long as you can show what you changed in court, you're fine. Yes ideally you'd make a forensic image and work with it but in some cases that's not doable.