Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
That’s why I have to assume government has access to LITETALLY EVERYTHING whether they want or not because they have the resources and every right to do so. This is the nature of politics. Government believes they are always right, one way or another.
[doublepost=1523566391][/doublepost]
Simple fix. Apple needs to eliminate the lightning port and go completely wireless.
Then, those tech companies can just intercept wireless signals to do literally the same thing. Even easier. Plus, they are no longer limited to crack only two devices at a time. They can crack unlimited number of devices at a time.
 
  • Like
Reactions: zapmymac
But I don't know that the 10 failed attempts would work given how this box operates. I'm guessing it's able somehow to do a hard copy of the memory storage

I agree, the fact that it’s a “brute force” cracking method points to the fact that Apple’s encryption keys and secure enclave are sound, but they’ve managed to work on a copy of the encrypted data somehow.
This is all rather ingenious, as the data is encrypted with a device key that is generated during manufacture, even if you physically managed to remove the chipset and put it into another phone, it wouldn’t work (according to Apple) but somehow these guys have lifted that security mechanism and can throw numbers at it to their hearts content.
Apple will patch it at some point no doubt, but in the meantime, if you’re really worried you should use an alphanumeric phrase rather than a numeric passcode.
 
  • Like
Reactions: zapmymac
Why would anyone who is not a wanted criminal and has no plans to commit a crime in the near future care about this?
 
  • Like
Reactions: rafark
Waste of taxpayer money. It’ll be worthless in a few weeks. Also, everyone should enable wiping the phone after 10 failed attempts, also use a complex passcode

I think the box is immune to that.

But here’s what it mightn’t be immune to: automatic wiping after a set time period of not logging in! Think about it: how long do you go without unlocking your phone? Set it to 48 hours and complex passcode might be enough!
[doublepost=1523567610][/doublepost]
Why would anyone who is not a wanted criminal and has no plans to commit a crime in the near future care about this?

Rolls eyes.
 
Seems weird they would be public about it. Their device will be rendered useless within a year when the exploits are fixed.
 
Seems weird they would be public about it. Their device will be rendered useless within a year when the exploits are fixed.

Goes to show how much they care about efficient use of taxpayer money.
[doublepost=1523568040][/doublepost]
I hope you both mean alpha-numeric and not just numeric because a 12 digit numeric passcode will give you about 12 seconds.

https://howsecureismypassword.net/

Great tool, thanks! My most secure but least used password scored this:
 

Attachments

  • 0CC44DA6-916D-4B86-B41E-E4DE85DE68E6.png
    0CC44DA6-916D-4B86-B41E-E4DE85DE68E6.png
    383 KB · Views: 225
  • Like
Reactions: anyjungleinguy
And setting to wipe after 10 attempts doesn't matter. It's not brute forcing in a way that will trigger that function.

Brute forcing a complex password is still a waste of time. Although I suspect most crims aren’t smart enough to use a complex password.
 
I'm fine with them being used with a valid search warrant. But I'm really worried about it getting into the wrong hands.

That's always the problem, isn't it? And some people (especially in government) blithely ignore that latter part, even after we've seen huge leaks of sensitive data from the NSA, GAO, and others. It's like they're just covering their ears and shouting "la la la I can't HEAR you...".

Eventually one or more of these boxes will get stolen, and that'll be that. I hope Apple figures out how these work before that happens and is able to render the method ineffective.
 
Eight digit passcode it is then...
No.

50-CHARACTER PassPHRASE...

That'll take until the heat death of the universe to crack through brute-force (which is obviously what this is doing, after it somehow disables the wrong-guess timeout and wrong-guess count-limit.
[doublepost=1523569997][/doublepost]
Simply not true. Since 2008 we've been selling law enforcement tools to unlock iPhones. We've even met with Apple's iOS security team and shown them these tools at work. They've done nothing to block them (directly) in updates. Sure, there are small modifications we have to make with new iOS updates, but the core tech is still the same as it has always been.

And setting to wipe after 10 attempts doesn't matter. It's not brute forcing in a way that will trigger that function.
But setting a 52-character Alphanumeric/symbols PassPHRASE WILL matter. Since you let the cat out of the bag and admitted you are simply Brute-Forcing the passcode.

Brute Forcing is, in the end, Brute Forcing.
 
That's always the problem, isn't it? And some people (especially in government) blithely ignore that latter part, even after we've seen huge leaks of sensitive data from the NSA, GAO, and others. It's like they're just covering their ears and shouting "la la la I can't HEAR you...".

Eventually one or more of these boxes will get stolen, and that'll be that. I hope Apple figures out how these work before that happens and is able to render the method ineffective.

Even if the device gets out there, it requires physical access to the iPhone. So, if your phone is stolen all you need to do is wipe it through iCloud to ensure that your valuable cat videos don’t get into the wrong hands.
 
It seems to me that it would be rather easy for Apple to get its hands on this and build a fix to protect our devices from unauthorised access. If it is, as I have heard, simply brute forcing the passcode then all Apple needs to do is fix however it is over riding the number of attempts.

As a law abiding citizen I value my privacy.

Article 12 of the Universal Declaration of Human Rights
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
 
Why would anyone who is not a wanted criminal and has no plans to commit a crime in the near future care about this?

Why would you care if someone watched you take a shower or use the bathroom if you have nothing to hide?

1> Some people value privacy (unlike many of the younger generation that don't seem to know WTF privacy is, even).

2> Corrupt governments manufacture crimes (Is the US there yet? I dunno, but if I lived in somewhere like Russia I'd want as secure a phone as I could possibly get. I know I don't trust parts of the government as far as I can spit).

3> People commit crimes every day without even knowing it. I read once the average person commits like two felonies a month and has NO IDEA they are doing it. This is because there are so SO many laws on the books, both federal and state, some dating back to the 18th Century and while politicians are always in a hurry to make loads of new laws, they almost NEVER repeal older laws. Given the FACT that "ignorance of the law" is NEVER an excuse, would you REALLY want to bet your last dollar you've never committed a crime and that your phone could NEVER be used against you because you simply didn't INTEND to commit one? We're living in a country where marijuana is legal in several states now for recreational use, but illegal on a federal level. You're FRACKED even if you have a prescription and use it and the federal government decides to go after you since it's illegal on the federal level and considered to have NO MEDICINAL VALUE due to MORONS classifying it that way (see that Traveling Gnome guy running the justice department to see WTF you're really dealing with in this corrupt country).

People have gone to PRISON for having physical relations with their girlfriend in back-arsewards states like Georgia due to PURITAN type laws on the books for over a hundred years where things like oral are (or at least were) 100% ILLEGAL UNDER ALL CIRCUMSTANCES (married even) in that joke of a state and guess what convicted the guy? His PHONE!!! He had a video of it on it. Not fair? Too farking bad!!! What you THINK is "just" or "fair" or "right" doesn't mean SQUAT in a court of law! PERIOD! Ignorance of the law means NOTHING. You will go to prison and be branded for the rest of your life and not even understand WHY in some of these "hick" states!!! Do you really want to take the chance you may have broken a law and just hand yourself over on an unrelated charge/search because you went on vacation in a backwards state where something is illegal that you filmed with your wife??? It may sound crazy, but it's happened.

Do you think you have the right to backup your own software? The DMCA has never been tested fully in court on "fair use" arguments. The problem is that while you're supposed to have fair use, you're not allowed by bypass protection for ANY REASON including backups! Would/could that stand up in courts? Neither side really wants to fully test it since both sides stand to lose a LOT. But this is the kind of GARBAGE you have to deal with when MORON politicians pass laws they don't even FRACKING READ first!!!! (let alone understand)

Ultimately, privacy means NOTHING if we're OK with letting everyone skirt our privacy rights. The government doesn't need to know how much I drink an when I drink it if I'm not driving. They don't need to store my blood pressure 24/7 (to use it against me with insurance or some crap at some point). They don't need my fingerprints if I haven't broken the law. They'd LOVE to have everyone's! It would solve more crimes! It would also put you at almost every location you've EVER gone. Someone murders someone 2 years later and your fingerprint is against some wall you were leaning against when the room was laid out differently. People have been put to death with LESS evidence in the past. DNA is starting to reveal how fracked up some of these past convictions are. COINCIDENCE (also known as being in the wrong place at the wrong time) kills people every single day. Am I being completely paranoid? Maybe, but I'd rather be paranoid and not wind up on trial for something I didn't do or didn't know I was doing than "don't worry" and find myself staring at Big Bubba in my cell looking at me like I'm a piece of pie. The government convicts people for LYING yet that's all the government does to us every single day. It's not a crime for the government to lie to its own citizens, but it's a crime for us to lie to the government. Go figure. These are not people to put your "trust" in (just like the police that regularly shoot people they're supposed to be protecting because all too many are trigger happy cowards that shoot at the first "noise" they hear (like that woman that knocked on a police car window that she called to talk to them and the passenger cop shot her when he heard the knocking sound!!!) and ask questions while they're rigging the site to cover their butts).

Yes, you can TRUST law enforcement. They NEVER lie, never falsify reports, never plant evidence and never shoot anyone that didn't have it coming! Right. Why would anyone not want these guys going through their phones? They wouldn't plant evidence to win a case! They wouldn't LIE about it! They wouldn't shoot you if you're not a criminal! They'd never convict you and block evidence showing your innocence because prosecutors don't care if they win or lose, only if they get true justice!!! It doesn't hurt their careers to lose, after all! NOT!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.