Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Yes.

GrayKey appears exploit various security holes to circumvent limitations:
  • it can connect to the iPhone without user consent. Normally, it would only be able to supply power that way. This is how it installs an app on the iPhone.
  • it can circumvent the sandbox. That app shouldn't be able to access the entire file system, which is presumably how it accesses the user's password hash.
  • given the above, the password attempt number and frequency limits probably don't apply. Those limits are enforced in the iOS system software, and (apparently) only if you try to log in through the regular user interface.
However, the Secure Enclave limit of 80ms per password guess still does apply, because it's enforced in hardware. On top of that, it appears to take some additional time, leading to ~240ms per guess, or a little over four guesses per second.
It seems like it would be fairly trivial to make hardware enforce, for example, a 1 second delay between each passcode attempt without significantly annoying users. Even better would be hardware-enforced increasing delay (double the time) between each failed attempt starting at something small like the 80 ms, but rapidly hitting 10's of seconds/minutes after a dozen sequential failures.

Having said all that...I'm not against the ability for a mechanism to unlock devices. Particularly the geofenced version of this tool seems "OK" to me in low volumes, for use by law enforcement, and under the strict legitimacy of a court order/warrant.

Having them available to purchase by anybody though (with enough funds) - and non-Geo-fenced - seems like a problem.
 
It seems like it would be fairly trivial to make hardware enforce, for example, a 1 second delay between each passcode attempt without significantly annoying users. Even better would be hardware-enforced increasing delay (double the time) between each failed attempt starting at something small like the 80 ms, but rapidly hitting 10's of seconds/minutes after a dozen sequential failures.

Maybe, but that would require a physical change. For both good and bad, updating the Secure Enclave firmware is apparently quite limited. (This is good in that it makes it harder to exploit, and bad in that it makes it harder to fix existing exploits.)

I'm guessing there are reasons why Apple only went for 80ms.
 
What they are doing is what they have always been doing; "Follow all leads". It's crime solving 101.

They have a certain objective and that means they want all possible avenues to that objective. It has nothing to due with being lazy. A smart phones can be a huge lead. Law enforcement would have to be stupid to not want to use information on a smartphone.

Path of least resistance. Here is a UK piece ... LINK
Is this where we want to go?
 
It's the principle of the thing!!!! The FBI has no business being able to spy on American citizens willy nilly. As it is, even if you haven't committed any crimes that the federal government can charge you with, it has a multitude of tools at its disposal to make life miserable for you. Just look at what the IRS did to conservative groups a few years ago.

Cops can get a warrant to search someone's phone and even seize it. If they have a warrant to search your home and you lock the door and throw the away the key, the police are free to do what it takes to get in. They can kick the door down if they need to. They're free to chip away at the security measures on people's phones to their heart's content but that's not good enough for the FBI. The FBI wants the right to conscript an unrelated private party do what should be the FBI's job. Worse yet, the FBI wants the public to live with deliberately compromised encryption on the off-chance that the FBI or any other LEO might need to decrypt the contents.

It's all well and good...just keep in mind that many, many crimes have been solved (and some completely thwarted) due to hard investigation and detective work by the FBI, and the collection of evidence. Now that "the FBI has no business being able to spy on American citizens willy nilly" they're not able to spy on criminals/terrorists/kidnappers/drug lords willy nilly either, and smartphones may be smart but they don't discriminate a person's legal usage of the phone. The smartphone becomes a powerful tool for committing crimes, completely protected by privacy and encryption.

So, when terrorist tragedies, school shootings, etc. happen and they could have been solved with access to a portable computer (smartphone) but now cannot, people had better not complain.

Your privacy comes at a very big cost.
 
It's all well and good...just keep in mind that many, many crimes have been solved (and some completely thwarted) due to hard investigation and detective work by the FBI, and the collection of evidence. Now that "the FBI has no business being able to spy on American citizens willy nilly" they're not able to spy on criminals/terrorists/kidnappers/drug lords willy nilly either, and smartphones may be smart but they don't discriminate a person's legal usage of the phone. The smartphone becomes a powerful tool for committing crimes, completely protected by privacy and encryption.

So, when terrorist tragedies, school shootings, etc. happen and they could have been solved with access to a portable computer (smartphone) but now cannot, people had better not complain.

Your privacy comes at a very big cost.

Using a low probability event as an example of why we should give up our rights and/or allow broader scope warrants to go fish in a smartphone pond .... not realistic and I am firmly against such intrusions.
 
No, being able to stop someone and grab all of their data without a warrant is much different than the case we are talking about here.

Not that much really.
If law enforcement has your phone, there is a big difference between allowing your lawyer to negotiate to allow narrow specific access vs. full unfettered access and using anything found.
 
It's all well and good...just keep in mind that many, many crimes have been solved (and some completely thwarted) due to hard investigation and detective work by the FBI, and the collection of evidence. Now that "the FBI has no business being able to spy on American citizens willy nilly" they're not able to spy on criminals/terrorists/kidnappers/drug lords willy nilly either, and smartphones may be smart but they don't discriminate a person's legal usage of the phone. The smartphone becomes a powerful tool for committing crimes, completely protected by privacy and encryption.

So, when terrorist tragedies, school shootings, etc. happen and they could have been solved with access to a portable computer (smartphone) but now cannot, people had better not complain.

Your privacy comes at a very big cost.

I choose the cost. I'd rather have my privacy and live with the cost than be safe and live in a surveillance state.
 
First of all, The Lives of Others is amazing movie. Young couple? How about famous actress and famous writer with dissident and progressive friends? Apple should try their best to protect customers data, it's hard job to do.
Good catch. I was trying to keep my summary concise but you are correct, there were sexual and political motivations involved in that couple getting targeted. I always tell people there is a big difference between a person with "something to hide" vs a person with "nothing they want to share". This movie shows just how easily a person can become a pawn in a game they don't even know they are playing when people with the ability to monitor your communications take an active interest in you.
 
I choose the cost. I'd rather have my privacy and live with the cost than be safe and live in a surveillance state.

What would you say if your loved one was impacted by a terrorist event that could have been avoided or solved?

Worth it?
[doublepost=1524246638][/doublepost]
Using a low probability event as an example of why we should give up our rights and/or allow broader scope warrants to go fish in a smartphone pond .... not realistic and I am firmly against such intrusions.
And what do you think the probability is of the FBI breaking into your phone with a strong desire to have access to your data?

Terrorist events these days are not "low probability". If they are, why do I have to take my shoes off at the airport, can't bring water or nail clippers on board...metal detectors at Disneyland...?
 
What would you say if your loved one was impacted by a terrorist event that could have been avoided or solved?

Worth it?
[doublepost=1524246638][/doublepost]
And what do you think the probability is of the FBI breaking into your phone with a strong desire to have access to your data?

Terrorist events these days are not "low probability". If they are, why do I have to take my shoes off at the airport, can't bring water or nail clippers on board...metal detectors at Disneyland...?

This is a general question / statement. Don't try to make it personal. I have had consultants/coworkers have enough issue with ICE when coming back in country.
 
That's a lot of money being spent for a device that Tim Cook while reading this MR article, will say "let's address that" and will be made obsolete next week. Well, I guess they'll still be able to work on devices not updated (which will be many).

What makes you think these boxes can't be updated as well? Any modern software is designed to be updated, and these boxes must not be the exception. So if there's an ios 12 then most likely there will be a GrayKey OS v2.0, and so on.
 
Last edited:
What makes you think these boxes can't be updated as well? Any modern software is designed to be updated, and these boxes must not be the exception. So if there's an ios 12 then most likely there will be a GrayKey OS v2.0, and so on.

"Any modern software is designed to be upgraded", you assume it's software based. But I'm pretty sure that if it was software based there wouldn't be a need for a special box. This isn't to say "there's no software", it's probably a mix of hardware and software. However, the technique used by the crack box, Apple will probably eliminate that method of entry entirely. The probability of implementing a new cracking method that circumvents that additional enhancement, using only software, is slim.
 
Last edited:
What would you say if your loved one was impacted by a terrorist event that could have been avoided or solved?

Worth it?
[doublepost=1524246638][/doublepost]

There is no limit to this kind of thinking. In a dictatorship with mass surveillance, terrorist events you speak of are relatively unlikely since the populace is unlikely to entertain thoughts of criminal activity since it knows that the dictator knows what the populace is doing at all times and the dictator by definition has absolute power and authority.
 
Last edited:
Why would you care if someone watched you take a shower or use the bathroom if you have nothing to hide?

1> Some people value privacy (unlike many of the younger generation that don't seem to know WTF privacy is, even).

2> Corrupt governments manufacture crimes (Is the US there yet? I dunno, but if I lived in somewhere like Russia I'd want as secure a phone as I could possibly get. I know I don't trust parts of the government as far as I can spit).

3> People commit crimes every day without even knowing it. I read once the average person commits like two felonies a month and has NO IDEA they are doing it. This is because there are so SO many laws on the books, both federal and state, some dating back to the 18th Century and while politicians are always in a hurry to make loads of new laws, they almost NEVER repeal older laws. Given the FACT that "ignorance of the law" is NEVER an excuse, would you REALLY want to bet your last dollar you've never committed a crime and that your phone could NEVER be used against you because you simply didn't INTEND to commit one? We're living in a country where marijuana is legal in several states now for recreational use, but illegal on a federal level. You're FRACKED even if you have a prescription and use it and the federal government decides to go after you since it's illegal on the federal level and considered to have NO MEDICINAL VALUE due to MORONS classifying it that way (see that Traveling Gnome guy running the justice department to see WTF you're really dealing with in this corrupt country).

People have gone to PRISON for having physical relations with their girlfriend in back-arsewards states like Georgia due to PURITAN type laws on the books for over a hundred years where things like oral are (or at least were) 100% ILLEGAL UNDER ALL CIRCUMSTANCES (married even) in that joke of a state and guess what convicted the guy? His PHONE!!! He had a video of it on it. Not fair? Too farking bad!!! What you THINK is "just" or "fair" or "right" doesn't mean SQUAT in a court of law! PERIOD! Ignorance of the law means NOTHING. You will go to prison and be branded for the rest of your life and not even understand WHY in some of these "hick" states!!! Do you really want to take the chance you may have broken a law and just hand yourself over on an unrelated charge/search because you went on vacation in a backwards state where something is illegal that you filmed with your wife??? It may sound crazy, but it's happened.

Do you think you have the right to backup your own software? The DMCA has never been tested fully in court on "fair use" arguments. The problem is that while you're supposed to have fair use, you're not allowed by bypass protection for ANY REASON including backups! Would/could that stand up in courts? Neither side really wants to fully test it since both sides stand to lose a LOT. But this is the kind of GARBAGE you have to deal with when MORON politicians pass laws they don't even FRACKING READ first!!!! (let alone understand)

Ultimately, privacy means NOTHING if we're OK with letting everyone skirt our privacy rights. The government doesn't need to know how much I drink an when I drink it if I'm not driving. They don't need to store my blood pressure 24/7 (to use it against me with insurance or some crap at some point). They don't need my fingerprints if I haven't broken the law. They'd LOVE to have everyone's! It would solve more crimes! It would also put you at almost every location you've EVER gone. Someone murders someone 2 years later and your fingerprint is against some wall you were leaning against when the room was laid out differently. People have been put to death with LESS evidence in the past. DNA is starting to reveal how fracked up some of these past convictions are. COINCIDENCE (also known as being in the wrong place at the wrong time) kills people every single day. Am I being completely paranoid? Maybe, but I'd rather be paranoid and not wind up on trial for something I didn't do or didn't know I was doing than "don't worry" and find myself staring at Big Bubba in my cell looking at me like I'm a piece of pie. The government convicts people for LYING yet that's all the government does to us every single day. It's not a crime for the government to lie to its own citizens, but it's a crime for us to lie to the government. Go figure. These are not people to put your "trust" in (just like the police that regularly shoot people they're supposed to be protecting because all too many are trigger happy cowards that shoot at the first "noise" they hear (like that woman that knocked on a police car window that she called to talk to them and the passenger cop shot her when he heard the knocking sound!!!) and ask questions while they're rigging the site to cover their butts).

Yes, you can TRUST law enforcement. They NEVER lie, never falsify reports, never plant evidence and never shoot anyone that didn't have it coming! Right. Why would anyone not want these guys going through their phones? They wouldn't plant evidence to win a case! They wouldn't LIE about it! They wouldn't shoot you if you're not a criminal! They'd never convict you and block evidence showing your innocence because prosecutors don't care if they win or lose, only if they get true justice!!! It doesn't hurt their careers to lose, after all! NOT!

I don’t think it’s fair to say none of the younger generation care or value their privacy. I’m in my twenties and care very much about my privacy. I think my generation is starting to wake up to issues regarding privacy. I’ve deleted a lot of my social media accounts and take steps to really limit my exposure.

I believe a lot of our freedom and liberty comes from our right to privacy.
 
  • Like
Reactions: dk001
I don’t think it’s fair to say none of the younger generation care or value their privacy. I’m in my twenties and care very much about my privacy. I think my generation is starting to wake up to issues regarding privacy. I’ve deleted a lot of my social media accounts and take steps to really limit my exposure.

I believe a lot of our freedom and liberty comes from our right to privacy.

There's always an exception to a rule. Generalities aren't about exceptions, however. It's more like trends. There seems to be a "trend" that the younger generations care "less" about privacy than previous generations, presumably due to growing up with social media where "sharing your life with strangers" isn't just a crazy idea; it's reality.
 
  • Like
Reactions: I7guy
There's always an exception to a rule. Generalities aren't about exceptions, however. It's more like trends. There seems to be a "trend" that the younger generations care "less" about privacy than previous generations, presumably due to growing up with social media where "sharing your life with strangers" isn't just a crazy idea; it's reality.

All of my kids are FB users. When you sit down with them and walk them through the pitfalls and potential misuse, they understand it but don't feel the same level of concern I see in the older generations. Disconcertingly, they also feel our Government would and will abuse any information they can lay their mits on. They trust the companies more.

Growing up in different times I guess ....
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.