Grayshift May Already Have iPhone Unlocking Solution for iOS 12's USB Restricted Mode

[B4U]

And here goes the cat and mouse games again.

 

[Scottsoapbox]

The article states it needs to be unlocked with the passcode

Face ID unlocks the iphone: The entire point of hacking the iPhone.

 

[WiiDSmoker]

**** the police

 

[jav6454]

They sell to "law enforcement only" and they sure will do their best so that Apple doesn't get their hands on one...

They will eventually get their hands on one.

 

[69Mustang]

Sounds a bit like damage control, if you ask me. Hoping to make a few extra bucks before the well runs dry.

How does that even make sense? It's not like some agency paying for a box is just going to "take their word for it" on a five figure purchase. Pretty sure they are going to require proof.

Remember CurrentC from a few years ago? No? That's because Apple Pay rendered it laughably dead-on-arrival. Grayshift is going to be DOA as well, easily outmaneuvered if Apple has their way.

CurrentC morphed into Walmart Pay and I think Target is coming out with a version too. It didn't die at all.

 

[Plutonius]

Surely if the port is disabled then there is nothing they could do? Disabled is disabled surely?

That's what I was thinking.

 

[nrose101]

Which will only work, of course, until they develop the trace buster buster buster.

Lol! Great movie! So underrated (the big hit)

 

[ke-iron]

If the USB port is disabled then I assume the power to the port is cut. The Graykey box has lost its only leverage.

 

[mariusignorello]

Everything has a price? That same saying can be used against Apple. Someone can pay an apple employee to steal Apple's digital signing keys. Ultimate back door right there.

Hell would break loose if that happens, and hopefully it’s enough money to pay for the lawsuit and prison time.

 

[wigby]

Workaround: hold iPhone in front of owner's face.

Counter to that...Close eyes.

 

[chr1s60]

Too bad. The media was doing their jobs by reporting on the fact that the government is paying huge chunks of money to some company to hack our phones. This is how you have accountability in a free and open society. They need to get over it. At the end of the day this is yet another security vulnerability that must be patched. If some kid was doing this the FBI would raid his home and he'd serve jail time.

You’ve committed a crime or been under investigation and had your phone cracked by one of these? If not, “our” is not the correct word to use.

 

[wigby]

Everything has a price? That same saying can be used against Apple. Someone can pay an apple employee to steal Apple's digital signing keys. Ultimate back door right there.

Except as soon as Apple becomes aware of that theft, they can change them. Greykey cannot change hardware/firmware/software so easily, especially on boxes already out there.

 

[Robert.Walter]

Pure speculation on my part, but it sounds like pure Marketing bull$hit necessary to keep selling the current product (that will have a 3 month shelf life with quickly diminishing returns*.)

Any agency buying one of these better pay for it on an installment plan because this product will be useless in a half year and the company wont be able to afford refunds when it’s cash flow dries up.

*unless Apple is irremediably (deliberately or accidentally) sending signal over some charging circuits.

 

[redneckitengineer]

Just wait until iOS 20 when Apple has a completely bulletproof OS with no possible exploits or bugs. It’s an ongoing fight for now, but I see a day when there’s not a single possible exploit, when the system is sealed and the door shut.

 

[Robert.Walter]

You’ve committed a crime or been under investigation and had your phone cracked by one of these? If not, “our” is not the correct word to use.

Why the quibble pal? The other poster made a legitimate point that talked to the potential the govt is building to make him a future victim of unreasonable search and seizure rather than being a past victim.
[doublepost=1529020783][/doublepost]

I have no doubt Apple has the means to get one of the devices. Probably already has one.

As for Apple already figuring out how it works... I'm guessing you'd have to go on the presumption Grayshift's code isn't encrypted. Or it is and Apple cracked their encryption. Who knows. Grayshift says they already have other avenues ready. It's going to be a back and forth for a while it seems.

Some municipality, county, or state LEA is probably in great terms with Apple owing to significant employment or operations there. I’m sure Apple Security has numerous back channels to those agencies. There is no way Apple hasn’t already analyzed these gizmos.

 

[TiggrToo]

Always wondered if Apple et al can use the DMCA to essentially threaten companies like Grayshift.

 

[wigby]

It will be a constant back and forth between hackers and Apple. The good thing is it seems that Apple is on top of it enough to make sure that things get taken care of before bad actors get their hands on it.

I'm sure Apple is working as hard as they can to get their hands on one of these devices to figure out how it works, and probably have been successful. I'm sure they could have easily set up a shell company that claims to be a private investigator firm needing to get into a client's phone.

Apple could also pay someone in law enforcement to give them theirs or buy one for Apple. Law enforcement agents are very corruptible - it’s one of the reasons they cannot be trusted with a backdoor key.

 

[NufSaid]

I am sure Apple has found a way to get one.

I would bet that there is a department that has a school in the precinct with all new iPads and every teacher with a iMac.

 

[PlainviewX]

Which will only work, of course, until they develop the trace buster buster buster.

A movie so bad that it’s great. Lou Diamond Phillips was insane in it.

 

[IG88]

They sell to "law enforcement only" and they sure will do their best so that Apple doesn't get their hands on one...

All Apple has to do is offer to buy one for 10x going price from a police dept. You think they'd turn down 100K?

 

[logicstudiouser]

If they were smart, they would've waited until iOS 12 was in the GM stage to announce this. Now Apple can look into fixing their bypass.

I think Apple is window dressing on this issue to keep public trust. Wouldn't surprise me if they were helping Grayshift bypass their own systems. I think this is very possible given the pressure on the company from law enforcement agencies.

 

[dave420]

Surely if the port is disabled then there is nothing they could do? Disabled is disabled surely?

If I had to guess then I would say that DFU mode is still available. There still needs to be a way to restore the device if someone forgets their password. They may simply have an exploit that starts with the phone in DFU mode, which enables the port for data mode again, and then uses some method to crack the password on the device.
I seem to recall some jailbreaks that started with putting the phone in DFU mode. Apple will for sure work to plug whatever holes are being used.

 

[RogerWilco]

84% of phones sold in the world run Android, and that market share number is increasing. At some point the foibles of the iOS crowd become irrelevant. Security by obscurity -- just like the good ol' OS9 days.

 

[Macaholic868]

Workaround: hold iPhone in front of owner's face.

And if the owner has Touch ID or Face ID disabled, has a strong passcode and doesn’t backup their device to a PC, to a Mac or to iCloud?
[doublepost=1529029881][/doublepost]

Why are you assuming such?

Because Apple literally has billions of dollars in the bank and everyone and everything has a price. One that Apple is in a very good position to pay for.

If Apple wants to buy one of these they have the resources to do so regardless of whether or not the company tries to restrict sales to law enforcement only.

 

[Scottsoapbox]

Counter to that...Close eyes.

Sure. Like a government agency hell bent on opening your phone wouldn't make you open your eyes.