Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Howto disable that "US Police Can Copy Your iPhones Contents In Under Two Minutes"
- Thread starter Quotenfrau
- Start date
- Sort by reaction score
I'm actually surprised no one knew about this. iFunBox can be used in conjunction with iTunes to pull documents and save data off of a phone for games and apps that don't support File Transfer. Beats having to use iFile and all of the other methods just to back up your games (and hey, you can't even use iFile on a jailed phone).
Best of all, it's free, and now it's cross platform (used to be Windows-exclusive). The Mac version somewhat sucks but it still offers the same functionality as the Windows version.
Anyway, this is why I don't bother doing passcode lock. It wastes a few seconds of my time (accumulate to hours once you have to do it multiple times a day, several days a week, and so on...), and doesn't really accomplish anything.
The problem with this is, when you say that, they will usually take you up on that offer.
That means they'll impound your iPhone, and may also detain you while they go find a judge willing to sign a warrant based on your saying "no" as probable cause, or for even less "probable cause" than that.
It does, doesn't it? Too bad that doesn't always work. Generally, the police officers who get their jollies rifling through people's cell phones for no good reason are also the ones who like to stop people for no good reason, too.
And, even if one does break the law, it does not give police officers the right to send explicit text messages using your cell phone, or using your phone to e-mail themselves copies of any pictures you might have of your significant other for them to "investigate" later. Probably at home. In a darkened room. Perhaps even with their pants down. But evidently, things like the constitution and ethics rules in evidence handling won't stop all of them:
http://www.stamfordadvocate.com/new...ce-officer-accused-of-sexting-with-846785.php
this isn't to say EVERY police officer will do this sort of thing. But, human nature what it is, there are bad apples out there, and those are the ones that makes this worrisome even for law abiding citizens, like yourself.
My suggestion (and I'm not a lawyer, so take my suggestions with appropriate grains of salt) would be to make sure "Find My iPhone" is enabled. Hopefully, you might be able to use your one phone call at the station to instruct a friend with internet access on how to remotely wipe your phone before it gets scanned in the evidence room. Though it should be noted that any police department worth their salt knows to remove the SIM and store the iPhone in a faraday bag until it can be scanned to prevent exactly that from happening.
What's supposed to happen with a secure wipe is, the encryption key for the file system is secure deleted, leaving behind gibberish (at least this is the case for the 3GS and later models).
Was the "erase data" option enabled in Settings -> General -> Passcode Lock? This is supposed to erase all data on the device after 10 failed attempts at the passcode.
It would also be interesting to see what one of these devices (it was probably the Cellebrite UFED that they were demoing) does with an iPhone that was ecure wiped. Cellebrite claims in their docs that they can even recover deleted data, but I'm wondering if that's limited to someone just deleting individual things like e-mails and texts, or if that claim extends to full wipes.
Last edited:
iFunBox uses iOS' backup API to get the data. It only works if you plug your iPhone into a computer and your iPhone does not have the passcode on or is not locked by the passcode.
If you take a computer that has never had your iPhone plugged into it and you lock your iPhone so that it immediately requires your passcode, then you plug your iPhone into the computer while it's still locked, iFunBox can't read a thing. Why? The computer isn't in the iPhone's list of authorized devices. Thus, it won't allow iFunBox to see its contents. Same thing when you open iTunes with a new iPhone and iTunes says "Please enter your iPhone passcode to sync this device with iTunes". It's iOS' built in lockout. Also applied to the iPhone Camera Roll in My Computer or other PTP applications.
Do your research next time. Source: https://support.apple.com/kb/HT4946 First paragraph quoted below, note bolded:
If it's a jailbroken device with afc2add installed, then the passcode is not required. You can use redsn0w to jailbreak and to install custom packages.
Please do YOUR research next time.
No, I never posted a link to it. The reason is because there are 2 separate links, one for the Windows version, and one for the Mac version. You can just Google it anyway, right?
iOS' device lockout still applies to the afc2 service because its rules are set forth both the lockdown process.
The iPhone 4S cannot be jailbroken without the user first entering their passcode to preform the backup as no bootrom exploit exists. Thus, the need for a passcode rendered the iPhone 4S invulnerable to current exploit methods, just as Apple designed iOS to be since day 1.
The 4S likely isn't vulnerable to this due to its method of jailbreaking, but other devices are very likely to be vulnerable.
afc2add is not the end of the chain. I won't write down all of the instructions here because someone who is looking to break into someone else's passcode-locked device may read it, and as far as I know, it's illegal to do so.
But my point is... there is a way. If someone has physical access to a device, then there is always a way. I respect Apple as a company, but when my device is compromised physically, then even they can only do so much to secure my information. It's up to myself to make sure no one gets physical access to my device without my permission, right?
People are surprised that they have this ability? Odd.
I would think it's safe to assume that, even if Apple (or any company for that matter) were to incorporate an absurd 16,384 bit encryption scheme, the police would be able to break into it and download everything within minutes.
I'm sure the original conversation when something like this:
I would think it's safe to assume that, even if Apple (or any company for that matter) were to incorporate an absurd 16,384 bit encryption scheme, the police would be able to break into it and download everything within minutes.
I'm sure the original conversation when something like this:
Data can be gotten off with a SSH ram disk. No need for jailbreaking or anything else. Very easy to do. However, it requires a bootrom exploit like limera1n. Something that the iPhone 4S, iPad 2, and the iPad 3 do not have. Because of this, they cannot be compromised, even with physical access to the device.
Girls, girls your both pretty. It basically comes down to this. If you don't want the cops to see whats you have on your phone don't put it on your phone in the first place. Not all but some local LEO and certainly most all federal LEA have the ability to crack your phone, it just currently at least for now requires them physically plug into your phone. Accept it and move on. Intell, if you think your so hot about this pm me your info and I will make sure you get invited to FOSE/GovSec next year and I'll let you fight it out there, k? Great!
This thread had me thinking...
What is on my phone that I don't want people to see? Anyone...
I just hope that they get some good "Awww!'s" and "HOW Adorable!'s" out of the pics of my daughter. And a tad bit of jealousy of pics of good beers I've had/taken to send to my friends lol.
What is on my phone that I don't want people to see? Anyone...
I just hope that they get some good "Awww!'s" and "HOW Adorable!'s" out of the pics of my daughter. And a tad bit of jealousy of pics of good beers I've had/taken to send to my friends lol.
lifeguard, the only way they could have gotten information off of your device is if you gave them an iPhone 4 instead of a 4S or your iPhone 4S' auto lock didn't trigger the passcode. Other then that, getting data off of an iPhone 4S in that way cannot be done at this time. Going with personal stories and not reliable sources doesn't make for a very credible story.
Next year? There could already be a bootrom exploit released for the 4S next year. Rendering this whole thing a bunch of silliness (which it already is, mostly to create public panic) and would give the FOSE/GovSec people a whole new door. The real test for them next year would be to break into the 6th generation iPhone or an iPad 3.
Next year? There could already be a bootrom exploit released for the 4S next year. Rendering this whole thing a bunch of silliness (which it already is, mostly to create public panic) and would give the FOSE/GovSec people a whole new door. The real test for them next year would be to break into the 6th generation iPhone or an iPad 3.
And what I am saying is you don't know everything that is out there. This expo is a place for agencies and vendors to show off. I have a 4s Verizon 16gig. They cracked it. I am sure they can and will crack what ever comes next, that's their job. Offer stands if you want to come to DC next year. I am sure they will be there, bring whatever toy you want hacked
How narcissistic does one need to be to think anyone, including the government, would care what's on their iPhone?
"Wow, not only is he a closet Neil Sedaka fan but look how terrible he is at Angry Birds."
Really?
Come on.
"Wow, not only is he a closet Neil Sedaka fan but look how terrible he is at Angry Birds."
Really?
Come on.
I think they we could see my music (I don't remember) but I am not sure about my Angry Birds score! LOL
I don't have enough info to take sides on this very interesting debate, but this comment feels off. What have you given besides "It's not possible"?
Besides that, it's much easier to believe someone saying, "It's possible, I've personally seen it."
Vs someone saying, "I know 100% of everything out there, and 100% know this is not possible."
Why do you so strongly believe you are privy to the results of every hacker group or security company out there, to the point where you can tell someone who claims to have seen it at a security expo (with his personal phone), that he's wrong?
Maybe they need to raise prices to ensure LEAs only request the stuff that is really important to an active case and discourage "just because" snooping.
LOL they would have to raise it drastically! We spend more than that on post it notes on every case! PLUS if they would raise it they would no longer be able to claim that they are just covering the cost of the manpower to pull the data.
Nothing wrong with that ... I can't think of any way that raising those prices would be bad for the customer.
Well if the amount they are charging starts to exceeds the actual cost then they will have to change their eula because then they are "selling for profit" your private information. Just a thought