Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'GrayKey' iPhone Unlocking Box No Longer Works After iOS 12 Update
- Thread starter MacRumors
- Start date
- Sort by reaction score
And everything found is not allowed to be used in court if there was no search warrant. Plus read up how to turn off both TouchID and FaceID by pressing the right buttons (without having to take your phone out of your pocket).
[doublepost=1540543364][/doublepost]
This is not about changes in the operating system. This is doing things before the operating system runs. When you turn your phone on, and the lock screen appears, that's where this device has to get in to try thousands of passcodes quickly without the phone slowing it down. Normally, if you enter the passcode five or six times, there's a delay until you can enter the next passcode, and at ten attempts it's over an hour. And that is what GrayKey managed to get around somehow.
[doublepost=1540543667][/doublepost]
In that case, the prosecution lawyer was an idiot. Unlocking the phone is _not_ incriminating yourself, _if_ the police knows it is his phone, and the unlocking is done to find the photos. If it wasn't known whose phone it is, and the defendant says "it's not my phone", _then_ it is self incriminating because if he can unlock the phone, then that is evidence that he's the one who took the photos, which the police didn't know before.
[doublepost=1540543827][/doublepost]
True. If privacy threatened the life of my family, then I wouldn't make a rational decision about this. As it is, I think privacy improves the life of my family.
[doublepost=1540544113][/doublepost]
You should go to Apple's website where they explain how this works. Encryption and all that. And please tell me, why would Apple _want_ to be unlock an iPhone? Apple is much better off if they can't. They don't have to give free help to the police, and if you forget your passcode, you have to buy a new phone. All good for Apple. What advantage would Apple have? Please tell us.
[doublepost=1540544266][/doublepost]
1. Using that in your passphrase is no evidence that you beat your wife. It's a passphrase, and a particularly stupid one, but not a confession.
2. You don't have to hand over the passphrase. You can unlock the phone without anyone looking, and change the passcode to 1234.
[doublepost=1540544615][/doublepost]
If the police comes to your home with a search warrant and breaks the door open, that is not breaking the 5th amendment. If they ask you to unlock the safe, that's not breaking the 5th amendment. If they have a search warrant and ask you to unlock your phone to find evidence stored on the phone, finding the evidence on the phone does not break the 5th amendment.
Only if your ability to unlock the phone is in itself incriminating (because they didn't know you had access to the phone, and unlocking it proves you had), then they can't ask you to unlock it.
Apple wrote the code that encrypts the data, they designed the encryption key/hashcode whatever you want to call it, that enables the encryption. Therefore they have to know how the key is made and what info makes up the key. It is laughable to say that the designer of the encryption does not know how his own encryption system works and therefore is unable to decrypt the data.
If you still believe Apple do not have the capability of decrypting data stored in the iphone, then please explain to me just how exactly, during the design and testing phase of the product were they able to determine that data encryption works? because in the real world of understanding, if the coder needs to know if their encryption algorithm works, they have to be able to test that the encrypted data can be un-encrypted.
Exactly that. GrayKey seems to allow police (or criminals) to check passcodes at a high rate, and this seems to not work anymore with iOS 12. The normal behaviour is delays starting at 5 attempts, up to two hours after ten attempts, and you can opt for erasure in "Settings". The delay is useful if you don't want your "friends" to erase your phone as a prank; it takes at least four hours to erase it because new passcodes are not accepted without long delays.
If you want to protect yourself against future versions, use a 10 digit passcode or an eight random letter passcode, because checking any passcode takes at least 80ms and there is _no_ way around that.
[doublepost=1540545105][/doublepost]
Then someone makes a tiny device that mimics this GrayKey device and erases people's phone as a prank. And really, I don't want police to be able to erase my phone at will. I want them to return my phone undamaged without reading its contents.
[doublepost=1540545291][/doublepost]
That's true, but you can be forced to unlock your phone. You can insist that nobody watches you while unlocking the phone and writes down your passcode.
Generally speaking, you can’t be forced to give your passcode to the government. That’s testimonial and the forgone conclusion rule doesn’t apply as it does when it comes to the implicit testimony that might be inherent in an act of production (which is what governments argue that decrypting a device is).
But when it comes to being forced to enter your passcode to decrypt a device, the law is unsettled. The Supreme Court hasn’t decided the issue and federal circuits have reached different conclusions (or haven’t reached conclusions yet).
Your passcode being something like IDidIt (or anything else which might, in context, be incriminating) wouldn't be what mattered. The government couldn't, for the most part, force you to reveal your passcode regardless. That would represent actual testimony, not implicit testimony.
The question would be whether the government could force you to use your passcode to decrypt your device. In using it yourself to decrypt the device you wouldn't be revealing it to the government, so what the passcode actually was wouldn't much matter.
Also, to be clear, the issue isn't even whether using the passcode is somehow incriminating. Generally speaking, if there's evidence on the device (i.e. after it's been decrypted) that is incriminating then your ability to decrypt it - i.e., the implicit admission that you know how to decrypt it and have access to what's on it - is going to be incriminating. The issue is whether that implicit testimony inherent in the act of decrypting the device is a forgone concussion - i.e., whether the government can independently demonstrate it. So it's incriminating regardless that you can decrypt the device, but is the incriminating information which is revealed (i.e that you can decrypt the device) already known to the government?
The forgone conclusion rule is part of the act of production doctrine. The government can require you to produce certain things (i.e. retrieve them and turn them over to the government - produce, in this context, doesn't refer to making or creating something) under certain circumstances. But, generally speaking, it can't require you to produce things if incriminating (implicit) testimony is inherent in the act of producing them. However, it can require you to produce things, even if incriminating testimony is inherent in the act of producing them, it if can show that the incriminating testimony inherent in the act of producing them is a forgone conclusion.
A couple of wrinkles regarding the unsettled state of the law in this area: (1) It isn't settled what needs to be a forgone conclusion in order for the government to force you to decrypt your device. Is it the fact that you have the ability to do so? Or is it that particular things will be on the decrypted device? For the latter, does the government have to demonstrate that it knows what is on the device (which will be incriminating) in order to be able to force you to decrypt it? Would it need to be able to independently demonstrate that, e.g., there were records of illegal financial transactions on the device? That's one of the open legal questions.
(2) If the government is allowed to force you to decrypt a device (using a passcode) based on the forgone conclusion rule, is it then allowed to use the incriminating evidence inherent in your decrypting the device against you? For instance, it may have other evidence that you know how to decrypt the device (from which a fact-finder might infer that you know what's on the device or are responsible for it being on there). So it gets to make you decrypt the device. But can it then tell a fact-finder that you decrypted the device and argue that further demonstrates that you know how to? Or, is it precluded from using that incriminating (implicit) testimony which was inherent in the act of decrypting the device? (While it can, of course, still use whatever's on the device which may be incriminating.) The law isn't, as best I can tell, settled on that point either.
This is simply not true. Apple states it themselves twice that they can pre-screen and modify your data and release your data if requested by law, even encrypted content as I've personally had it provided against me
https://www.apple.com/legal/internet-services/icloud/en/terms.html
C. Removal of Content
You acknowledge that Apple is not responsible or liable in any way for any Content provided by others and has no duty to pre-screen such Content. However, Apple reserves the right at all times to determine whether Content is appropriate and in compliance with this Agreement, and may pre-screen, move, refuse, modify and/or remove Content at any time, without prior notice and in its sole discretion, if such Content is found to be in violation of this Agreement or is otherwise objectionable.
E. Access to Your Account and Content
Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if Apple has a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.
I can't even begin to describe how wrong this is. A search warrant is a document that describes where the police want to conduct a search, what they expect to find, and why. The document allows the police to seize items that are evidence for their investigation.
If the police go to someone's home and break the door open to enter, that's not breaking the 5th amendment or any amendment. The police can do what it takes to get access. However, a search warrant does not compel the owner to unlock their safe or their phone. A search warrant does not compel the owner to unlock their phone either. With the search warrant, the police are free to seize both the safe and the phone but there is nothing that compels the owner to unlock these items.