100% correct. People also don’t get that if the good guys have access, the bad guys will have access also.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access
- Thread starter MacRumors
- Start date
- Sort by reaction score
This is a very interesting idea. I wonder if Apple could create an option to allow you to record a "lock face" where you make a certain facial expression during the FaceID scan to disable FaceID
Even discounting the claim made early in the thread that this feature can be defeated by new hardware, the feature seems kind of pointless if it’s 7 days and not configurable to be less. 7 days is more than enough time for owners of graykey devices to connect the phone for the first time and upload the password cracking software payload onto it. Then, even if it takes a month for the password to be cracked, the rogue payload presumably can just be configured to send the unlocked contents of the phone via WiFi, and the physical port is no longer needed.
What’s the big deal with making it to require password every time it’s connected? Few people connect their phones to computers all that often anyway, we probably all enter passcodes way more often during the week anytime when FaceID or Touch ID fails.
What’s the big deal with making it to require password every time it’s connected? Few people connect their phones to computers all that often anyway, we probably all enter passcodes way more often during the week anytime when FaceID or Touch ID fails.
How about those of us with a 30 digit alphanumeric password?
Well if a 10 digit alphanumeric password takes about 10 to 20 years to crack, I'd say a 30 digit password might be slightly overkill!
[doublepost=1525834591][/doublepost]
If so, them multiply all the times by 3 and you'll get a pretty good idea on how long the GrayKey will take to crack an iPhone. I've erred on the side of caution and changed my passcode to a 10 digit one.
Last edited by a moderator:
The USB cable can be used to charge your phone but not access its data. Once charged, you would need to put in your password.
Selectable by user.
Selectable by MDM/EMM Profile when iOS is linked to server (non/inclusive of AppleDEP).
Lightning Cable is supposed to signal as-hoc for whatever needs are necessary right? So then have only serviceable by Apple themselves just in case you forgot your PW or SIM removed and no Apple store wifi was ever connected.
In Fact go 2 better:
iOS going forward connects to Apple Stores’ Wi-Fi as a built in certificate (forgo the manual connections and allows easy unlock for Genius’)
Next, this should be another function via Find My iPhone.
Having been very close to my relative, and many many very personal intimate conversations, we know what he wanted. And we acted in accordance with what he’d have asked of us.
And regardless of how you might feel, upon death everything is decided between the two people who have a legal say... his wife and his mother. If he is married, then the wife has all legal authority for decisions. And she must be notified. His mother has limited authority to make decisions without his wife granting those rights.
As you cannot just let everything be left undone, and there are immediate documents that must be handled with the authorities standing there in front of you, then yes the person who has legal rights (his wife) must be contacted before anything is done.
As we were there, and you weren’t, and you don’t have the details of why things had to be done a certain way, I will trust that we know better.
But... out of respect for your wishes, if you are suddenly dead, I will respectfully make sure that everything is left as it was. Untouched. And leave your body on public display. And I’ll make sure there is never an investigation about how you died. Your body can rot on the sidewalk and nobody will know why. And we’ll make sure not to let anybody know. It’s better if they find out by eventually tripping over you on the sidewalk (if they happen to ever take that street).
So a slightly off the initial subject question. You have an iPhoneX with face recog enabled. You are arrested. They want to see your phone contents. They hold it near your face (no touching involved) and it unlocks. Whats the legal status of this as no passcode was used and no questions might even have been asked?
Fine... But the sum of all their activities will get them busted and convicted anyway. Like people have said limiting my civil liberties is not an excuse for lazy investigating!
Bad actors will be bad actors. They surely soon will have or already have gained access to the GrayKey. They will use it to crack the access code of a iPhone to at least resale it at a minimum. Let the government require a backdoor for said iPhone and open the floodgates for all sorts of mischief!
The iPhone Xs will no longer have a lightning port, you heard it here first, there will be no ports whatsoever. That would show them. Besides who here actually use ports on their X? Wireless charging, and bluetooth headsets/carplay.
Charging via cable is so 1990s!
On the bypass of this feature: If I had sufficient funds, I would use a farraday cage to block any outside cellphone signal. I would then setup a GSM cell within that cage together with the phone in question.
You don't need to fool the phones NTP (does it really have NTP, I doubt it), just make sure you send the time signal in the GSM network, that is picked up by the phone. Yes, you as a users can turn that off too, but that would stop the phone from auto updating the time, and realizing you moving time zones which would be sort of a pita, so it would be safe to assume most people won't turn that feature off.
I would assume that iOS limits the amount of time you can move backwards so you wouldn't be able to just tell the phone it has gone back a week or more in time, that kind of checks is probably in place. But, if you make the phone completely out of power so the RTC stops, then the phone would have no other option than to believe the time signal coming via the GSM network as soon as it connects, and the phone does connect to whatever GSM network it is let into as soon as it's powered on so that emergency calls can be made, and if the RTC has stopped it will use AT-commands to the GSM-modem to acquire network time data and set the RTC, which then can be at an arbitrary time and date of your choosing.
Charging via cable is so 1990s!
On the bypass of this feature: If I had sufficient funds, I would use a farraday cage to block any outside cellphone signal. I would then setup a GSM cell within that cage together with the phone in question.
You don't need to fool the phones NTP (does it really have NTP, I doubt it), just make sure you send the time signal in the GSM network, that is picked up by the phone. Yes, you as a users can turn that off too, but that would stop the phone from auto updating the time, and realizing you moving time zones which would be sort of a pita, so it would be safe to assume most people won't turn that feature off.
I would assume that iOS limits the amount of time you can move backwards so you wouldn't be able to just tell the phone it has gone back a week or more in time, that kind of checks is probably in place. But, if you make the phone completely out of power so the RTC stops, then the phone would have no other option than to believe the time signal coming via the GSM network as soon as it connects, and the phone does connect to whatever GSM network it is let into as soon as it's powered on so that emergency calls can be made, and if the RTC has stopped it will use AT-commands to the GSM-modem to acquire network time data and set the RTC, which then can be at an arbitrary time and date of your choosing.
I would agree with being able to change at will. It would also be nice for developers to be able to disable it indefinitely though Xcode, but that's just me being selfish and just a couple of people here and there would want this.
I think you have to look at it. If you keep your eyes closed, it will not unlock; if they try to hold your eyes open, the biometrics will be wrong.
My first thought when I read this: Band Aid - Apple is unsure how this is being accomplished or it is a hardware fix that is required.
Which, on the face of it won't work if the device has WiFi switched off. My phone has WiFi off unless I am at home or in a place where I want to connect to the internet. Switching WiFi off does save quite a bit of battery and you don't advertise your presence to all those hotspots you pass by. I've even disabled WiFi in my car for that reason.
Security is your own responsibility. That's why I don't use FaceBook etc.
Exactly.. Apple is on the right track so far. An option for end user to decide how long before it is disabled would be nice.
They can use your image legally. Part of “booking” you is taking your picture. By extension, your face is fair game.
So are your finger prints.
They can force you to touch your phone to unlock it with your fingerprint. And they can scan your face.
If you want true security, then do not use biometric unlocking options.
You should only use a passcode, and make it long and complicated.
The law cannot legally force you to reveal contents of your brain. They could issue an order to compel. But that can be fought. There is no way to force you to reveal information verbally, and they cannot actually force you to write it.
They can legally use anything they find written down. But they cannot make you write it.
There is a law to permit you to avoid self incrimination.
But anything physical or visual is fair game. The contents of your brain are legally protected though.
It seems people obviously did not read the article in full, or they just did not understand the article because I have seen way too many posts about said people thinking they will not be able to get into their iOS device after a week even with their passcode!
Simple answer on how this works. If a week goes by and you have not unlocked your device, it simply shuts down the lightning port for any sort of data transfer, not charging capability. The second you put your passcode in, the lightning port is fully functional again for data transfer.
Easy!
Crypto, too (I’m not sure if macOS is configured to require it, but it’s an option according to the manpage), but I meant the maximum offset between client and server time:
That’s just a little over 15 minutes. So regardless of crypto, you can’t just force a several-days adjustment onto the client. (Assuming macOS doesn’t disable this.)
(edit) It should be noted that that was the manpage for ntpd, which macOS doesn't actually use. It uses timed, which works differently. It's reasonable to assume that timed has similar precautions.
Last edited:
