Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Recent news give me this thought:
We have a wAr on and everything happen right now is just calm before the storm. This war may involve every single individual whether he/she want or not, at the same time.

Hell. I want to watch Sora no Woto again...such a damn good anime projecting the end of our world.
 
Somebody must have watched Hellraiser this Halloween! Sounds similar, but the demons were cenobites and the box was the "lament configuration" or something like that. Great franchise back in the day.

Hahaha, exactly, a halloween favorite of ours, and I know the original source, movies and even comic literature +extremely+ well (so yeah, I knew cenobites vs. cellebrite, just a bad joke :D )
 
According to James Comey, every government agency take part in criminal activity because they practice "essential tradecraft" like encryption. Way to make it sound like only criminals want encryption.
 
  • Like
Reactions: longpath
Very much non-news. Would be more interesting if the tech could crack the newer/newest iPhones with the Secure Element/Touch ID.

There's a way around touch you just dont know about it yet. Nothings 100% secure, there is always a vulnerability hack what ever you want to call it
 
It's news if the Indian government decides to make the service a subscription, and lock every current owner of the technology out of it. Then it becomes ransomeware. "We need your service." "Pay us $1million to use it this one time."

LOL that's just an invitation to built a better tool, which would occur in short order. Just the fact that Cellebrite now becomes willing to sell its current unlocking tool to India should tell India something...
 
My passcode is an alpha-numeric password of unknown length to those attempting to break into my iPhone 6S Plus.

Will they be successful?

Do you really think Celebrite's method involves going in through the front door? It more likely makes use of some venerability Apple is not aware of, just like the basement jailbreaker.
 
Do you really think Celebrite's method involves going in through the front door? It more likely makes use of some venerability Apple is not aware of, just like the basement jailbreaker.

Oh... I thought it tried every possible combination of letters/number... while shutting the power down between each try to not trigger the 10-attempt wipe.
 
Oh... I thought it tried every possible combination of letters/number... while shutting the power down between each try to not trigger the 10-attempt wipe.

1) I'm pretty sure Apple considered the phone being powered down when it made that feature, so it would not reset the number of attempts counted.

2) Yeah, the FBI paid $15,000 for a brute force attack program a high-school student could have coded.
 
  • Like
Reactions: longpath
Countless governments own this tech and have for years.

This isn't news.

Any tech that countless governments have owned for years won't be able to touch any new iPhone (5s, 5se, 6 or 7). And there's no tech that can beat an eight digit passcode.
[doublepost=1478452815][/doublepost]
My passcode is an alpha-numeric password of unknown length to those attempting to break into my iPhone 6S Plus.

Will they be successful?

Yes. If the unknown length is 1 :)

Trying a passcode takes 80 milliseconds, with absolutely no way around that. If you magically can get around any protections in the phone, and enter the next code with zero delays, then each passcode attempts takes 80 milliseconds. That's 12.5 passcodes per second, 750 passcodes per minute, 45,000 per hour, 1.08 million per day, less than 400 million per year. 8 digits cannot possibly be cracked faster than in 3 months. 8 random lowercase letters take 500 years.
[doublepost=1478453025][/doublepost]
There's a way around touch you just dont know about it yet. Nothings 100% secure, there is always a vulnerability hack what ever you want to call it
Fact is: Without the correct passcode, all the information on the iPhone is just scrambled. You need the correct passcode to read anything. There's no way around it. It's not like a super secure safe where you might hope to find a hack to open the safe door. Instead as long as you don't enter the right combination, the safe contents is just an undecipherable mess, and the safe needs the right combination to be able to turn it into something readable.
 
  • Like
Reactions: longpath
Trying a passcode takes 80 milliseconds, with absolutely no way around that. If you magically can get around any protections in the phone, and enter the next code with zero delays, then each passcode attempts takes 80 milliseconds. That's 12.5 passcodes per second, 750 passcodes per minute, 45,000 per hour, 1.08 million per day, less than 400 million per year. 8 digits cannot possibly be cracked faster than in 3 months. 8 random lowercase letters take 500 years.

Ah... so the answer to my earlier question is:

"they will be successful... if they have infinite time."

:)
 
  • Like
Reactions: longpath
Any tech that countless governments have owned for years won't be able to touch any new iPhone (5s, 5se, 6 or 7). And there's no tech that can beat an eight digit passcode.
[doublepost=1478452815][/doublepost]

Yes. If the unknown length is 1 :)

Trying a passcode takes 80 milliseconds, with absolutely no way around that.
Just curious, where does the 80ms come from? I thought your brief explanation was great.
 
Just curious, where does the 80ms come from? I thought your brief explanation was great.

Your passcode is "hashed", which basically means scrambled up into something completely unreadable. So it's not the passcode that is used to unlock your phone, but the hashed passcode.

But this hashing is very quick. Apple decided that they want this to take 80 milliseconds, so they measure how often a passcode can be hashed on your phone in 80 milliseconds, and that's how often it gets hashed. So an iPhone 7 that is a lot faster will do this more often than an iPhone 4. Each phone then takes exactly 80 milliseconds to hash the passcode 100,000 times on an iPhone 4, or a million times on an iPhone 7, or ten million times on the iPhone 12 in ten years time (I made up the numbers obviously).

The advantage compared to a waiting loop: There is just no way around this. There is no shortcut. If you want to unlock an iPhone, you _must_ enter the correct passcode, and you _must_ work for 80 milliseconds to turn it into the key that could decrypt what's on your phone. And that's why no hack in the world can possibly help against a 10 digit or 8 letter / digit passcode.

In addition, the hashing method used requires the processor _of your iPhone_. My iPhone cannot hash your passcode in the way your iPhone does. More important, the NSA's supercomputers cannot hash your passcode in the way your iPhone does. So there is no way to do the hashing faster than 80 milliseconds by using a faster computer. It _must_ be done on _your_ iPhone.

Servers use the same method to some degree, which helps against hackers, but they have two disadvantages: One, a hacker can use a faster computer. Two, it takes time on the server. Apple wastes 80 milliseconds _on your phone_ every time you enter a passcode, not 80 milliseconds on Apple's server, which would be a lot of time if a billion iOS users all unlock their phones at the same time :)
 
Last edited:
Any tech that countless governments have owned for years won't be able to touch any new iPhone (5s, 5se, 6 or 7). And there's no tech that can beat an eight digit passcode.

As someone that has been part of the computer forensic community for more than 10 years, advised Apple and numerous Fortune 500s in addition to governments around the world, I can tell you that you're completely wrong. There are certainly solutions to work with phones after the iPhone 4.

You weren't even aware that the iPhone 4 and earlier could be easily accessed until this case broke. You're equally clueless to the abilities to perform forensic investigation on current models.
[doublepost=1478546389][/doublepost]
Am I right in thinking perhaps the biggest government in the world did NOT and hence the FBI had to buy into it?

FBI has had this tech for years. They attend forensic conferences frequently and work with many of these vendors to supply them with the tools they need to go after criminals.

Back in 2007 I sold them a device that pulls passwords, emails, chat, web browsing history, contacts, wifi networks connected to, and countless other items from any Mac, Windows, or Linux machine. Wired did an article on it back then and was PISSED that we wouldn't give them a copy of the hardware to try themselves (we only sell to licensed law enforcement). That tech has been around for years and 99.99% are blissfully unaware that the government has the ability to do that.

It's funny to see so many get up in arms when they realize this tech exists, even though it has for years and they've simply been unaware.

If they want to be mad at someone, they should be mad at Apple. Back in 2008, we met with their head of iOS security and demo'd the product. We showed them how we could pull all types of information from the iPhone. He simply dismissed it. So rather than working with their blessing, we worked with their government sales guys to sell it to countless government agencies. They turned down that opportunity but they've also done nothing to patch the way we exploit the OS. Our profit.
 
As someone that has been part of the computer forensic community for more than 10 years, advised Apple and numerous Fortune 500s in addition to governments around the world, I can tell you that you're completely wrong. There are certainly solutions to work with phones after the iPhone 4.

You weren't even aware that the iPhone 4 and earlier could be easily accessed until this case broke. You're equally clueless to the abilities to perform forensic investigation on current models.
[doublepost=1478546389][/doublepost]

FBI has had this tech for years. They attend forensic conferences frequently and work with many of these vendors to supply them with the tools they need to go after criminals.

Back in 2007 I sold them a device that pulls passwords, emails, chat, web browsing history, contacts, wifi networks connected to, and countless other items from any Mac, Windows, or Linux machine. Wired did an article on it back then and was PISSED that we wouldn't give them a copy of the hardware to try themselves (we only sell to licensed law enforcement). That tech has been around for years and 99.99% are blissfully unaware that the government has the ability to do that.

It's funny to see so many get up in arms when they realize this tech exists, even though it has for years and they've simply been unaware.

If they want to be mad at someone, they should be mad at Apple. Back in 2008, we met with their head of iOS security and demo'd the product. We showed them how we could pull all types of information from the iPhone. He simply dismissed it. So rather than working with their blessing, we worked with their government sales guys to sell it to countless government agencies. They turned down that opportunity but they've also done nothing to patch the way we exploit the OS. Our profit.
If you sold them something then they either didn't have it before or wanted to waste money having two? Also, what makes you think I’m not mad at Apple. This doesn't surprise me one bit. My opinion is that they pay a lot of lip serivce. I’m well aware that exploits happened over the years that they chose not to patch until it suited them. Maybe it was for marketing reasons I don't know.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.