I wonder if it's the idea of fooling the phone's clock.
If so, a timer can easily be redesigned not to be affected by that.
I wonder if it's the idea of fooling the phone's clock.
After Tim Cook publicly called devices like this a "backdoor," I don't trust Apple's PR anymore on this subject.I think Apple is window dressing on this issue to keep public trust. Wouldn't surprise me if they were helping Grayshift bypass their own systems. I think this is very possible given the pressure on the company from law enforcement agencies.
Yeah. If they're selling a box that they say can crack iOS 12, it will crack it, at the very least around the time it's sold. But maybe people suspect them of claiming this in advance without actually having it, just to keep the media hype going until they can actually do it.Some have said Grayshift is just saying they defeated the security measures to sell products. While I agree companies are motivated to stretch the truth I’d also point out that in this case it would fraud. They either can or cannot defeat the security measure. Saying you can when you can’t would be fraud.
Which means nothing. Logical fallacies are not logical at all.Exactly. You think some cop making $30k a year isn't going to jump to snatch one of these up and sell it to Apple? lol.
[doublepost=1529063244][/doublepost]
Because Apple has like $300,000,000,000 to play with.
Sessions is 5'5; could pass as a vertically challenged Darth Vader. Sometimes our heroes have to be a little evil to get things done right.
R u calling our police corrupt?
Who on earth loves da cops dude? U mad? lol
I imagine the key is split and requires many employees to cooperate to make that happen. It only takes one person to steal a GreyBox device.Everything has a price? That same saying can be used against Apple. Someone can pay an apple employee to steal Apple's digital signing keys. Ultimate back door right there.
Easy, they see how they’re being compromised and it takes a lot less time to fix than to exploit."Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on"
If they're announcing it, there's a good chance they already have another avenue ready to exploit. This is a constant game of one-upsmanship.
This makes no sense. Cost is dependent on time and resource allocation. Also why would an easy update deter law enforcement? It's a tool for work, not a consumer device. Easy updating isn't a deterrent.
It wouldn't be hard for a department to get their hands on a device running the iOS 12 Beta and test it. If it turns out that they are lying it would be the end of their business, so I doubt they would risk it.Anyone that doubts Grayshift's sincerity about being able to crack iOS 12 because "they wouldn't lie to the police" is just being naive. They can say whatever they want right now- iOS 12 is in early beta stages and none of their clients can actually prove that Grayshift was not being truthful. Additionally, Grayshift certainly can always say that Apple subsequently updated iOS 12 and thwarted the crack, thus not being caught in a marketing lie.
Because Apple has like $300,000,000,000 to play with.
While I agree companies are motivated to stretch the truth I’d also point out that in this case it would fraud. They either can or cannot defeat the security measure. Saying you can when you can’t would be fraud.
They sell to "law enforcement only" and they sure will do their best so that Apple doesn't get their hands on one...
They sell to "law enforcement only" and they sure will do their best so that Apple doesn't get their hands on one...
Workaround: hold iPhone in front of owner's face.
Hey, it's just taxpayer money. And, something like this might even be federally funded, along with tanks and all that other kind of police gear.
Tanks? Please let us know where any police department in America has tanks. Because I have a young cousin who wants to be a cop and I want to let her know where the police get to patrol in an M-1. Unfortunately for her, truth is you're spreading fake news.
LOL.
[doublepost=1529168528][/doublepost]
"You can always use your passcode instead of Face ID, and it’s still required under the following circumstances:
[doublepost=1529169410][/doublepost]
- The device has just been turned on or restarted.
- The device hasn’t been unlocked for more than 48 hours.
- The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last
4 hours.
- The device has received a remote lock command.
- After five unsuccessful attempts to match a face.
- After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.
I was about to post same info in response to all the silly “just hold it to their face” comments
If police can’t compel you to enter your password (& need a Greykey) it’s extremely unlikely they could compel you to unlock it with your face due to all the reasons in your list.
Cool. Hopefully nothing ever happens to you where you need them. Don't call them.**** the police
If they were smart, they would've waited until iOS 12 was in the GM stage to announce this. Now Apple can look into fixing their bypass.
They sell to "law enforcement only" and they sure will do their best so that Apple doesn't get their hands on one...
I wonder if it's the idea of fooling the phone's clock.
Yeah, I thought about there being a special hardware clock for this purpose. Ofc there's always in theory a way to mess with it, as it's always possible to lift the memory contents and decrypt them without the phone (assuming a weak encryption key), question is how practically hard they can make it.If so, a timer can easily be redesigned not to be affected by that.
Yeah, I thought about there being a special hardware clock for this purpose. Ofc there's always in theory a way to mess with it, as it's always possible to lift the memory contents and decrypt them without the phone (assuming a weak encryption key), question is how practically hard they can make it.
That wouldn't be possible in software, though. It's possible to physically carve out the flash chip, then read that, but it's highly error-prone, and we know for a fact that that's not GrayKey's current approach.
Not necessarily, since entering the code is a form of self incrimination and thus protected by the 5th in the US, whereas biometrics such as fingerprints aren't; so I would guess holding a phone to your face to unlock it would not be protected.
If the user has the default 6-digit passcode, the key must somehow be derived from that, so it theoretically takes at most a million guesses to crack. There could be factors like hashing difficulty involved, but I think GreyKey's solution is cracking the key, so it must not be an issue.I would guess if they encrypt the data even reading it from flash wold be of little use unless you can also determine the key.
On a hardware note, apple could prevent that by coating key chips with epoxy.
If the user has the default 6-digit passcode, the key must somehow be derived from that, so it theoretically takes at most a million guesses to crack. There could be factors like hashing difficulty involved, but I think GreyKey's solution is cracking the key, so it must not be an issue.
If the user has the default 6-digit passcode, the key must somehow be derived from that,
so it theoretically takes at most a million guesses to crack. There could be factors like hashing difficulty involved, but I think GreyKey's solution is cracking the key, so it must not be an issue.
I wonder if they would need a warrant to break into the phone?