Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access
- Thread starter MacRumors
- Start date
- Sort by reaction score
You need to update. Mic is hardware problem on 7 and 7 Plus. You need to replace your iPhone if you affected.
[doublepost=1525855170][/doublepost]
It’s jusy another thing everyone needs to do. Like backups, everyone needs emergency kit, master password stored in a safe place. Sharing your master password with spouse also will work and it’s easy with 1Password.
Last edited:
Yes. One protects the user, and the other is stunningly creepy.
This has been the case since iOS 7.
[doublepost=1525861292][/doublepost]
Then you charge it. This doesn't disable charging via Lightning. It disables data via Lightning.
[doublepost=1525861648][/doublepost]
Right. I've posted likely durations a few times here. GrayKey is basically impractical as soon as you have seven digits, much less any alphanumeric characters…
[doublepost=1525861963][/doublepost]
iOS does use NTP.
iOS does not use GSM's time signal. At least early versions did not, and I'd be surprised if Apple ever bothered to implement it.
Leaving aside how seldom most people move between time zones, iOS uses Location Services for that, not GSM.
You're making an awful lot of assumptions here based on 1980s'-level implementations of cellphones.
[doublepost=1525862191][/doublepost]
Or bad news for trolls.
There is an option in FaceID with selects whether you need to be looking at your phone directly or not.
I use Apple maps. Don’t even gave google maps installed.
This whole MITM NTP server nonsense is very easily circumvented with something like a timer that starts ticking after you unplug it from the USB (or many other ways). I'm sure Apple has thought of this as it's such an obvious attack vector.
Authenticated NTP also exists.
Authenticated NTP also exists.
Bold: Wrong
It can be cracked in 1 second even, chance that happens is like 0.00000000000....1 % but it is possible.
Most likely it will take much loner though.
Example: I have a 1 digit password, so, 0-1-2-3-4-5-6-7-8-9, it takes 1 second for each password so the maximum amount to crack this is 10 seconds, yet if my password is lets say 5 and the first attempt is 5 it only takes 1 second to crack.
You might not know but this is illegal in most countries.
Last edited:
And in high value cases the search warrant will scoop up hardware in the home/office.
My password is something like:
I7guy_MacRumors_here_and!_There.
Have fun cracking it.
I wonder if they will add the option to reduce that from 7 days to 3 for criminals and miscreants use?
A little preparation ahead of time helps; unless you truly have something to hide you can't share with your SO, cross-enable Touch ID on each other's phones at a minimum and keep those fingerprints updated/accurate. In the case of the X, memorize/store each other's passphrases in a secure password manager on the other's device at a minimum.
It takes less than 5-10 minutes to configure a pair of devices to prevent exactly this type of situation.
Should be limited to 1 day
Having seen what losers do when they get your personal info..... I recall a relative in 2014, obviously not going into more personal detail, that spoke out against conservatives and was later doxxed by those imbeciles. They were sent death threats, people knocking on their door, leaving lewd voice mails on the house phone. Absolutely hate scum like that. Why give them more ammo?
That’s not really a smart question to ask y’know. My first thoughts instantly swung to bank details, personal information like addresses of friends and family members, some of whom might be living in protection or be vulnerable. In addition in my case I don’t want people finding out business receipts, my planner as it would indicate when the house is empty, photos of my partner and kids, home video footage that could be used by that “ai fakes” thing to cause any kind of personalized mayhem.....
Having seen what losers do when they get your personal info..... I recall a relative in 2014, obviously not going into more personal detail, that spoke out against conservatives and was later doxxed by those imbeciles. They were sent death threats, people knocking on their door, leaving lewd voice mails on the house phone. Absolutely hate scum like that. Why give them more ammo?
7 days is just likely a compromise between security and giving LE time to obtain a warrant.
For those of you talking about how easy it will be to defeat with a fake cell and NTP server, remember that the iPhone is quite capable of keeping time on it's own. Trivial to put code in there to not adjust time while the phone is locked.
And if you've ever worked with NTP, you'd know that a) there is a delta above wich the time will not adjust, period. And within that delta, the time will not just jump. It takes time for a NTP client to adjust to the time served by the server.
For those of you talking about how easy it will be to defeat with a fake cell and NTP server, remember that the iPhone is quite capable of keeping time on it's own. Trivial to put code in there to not adjust time while the phone is locked.
And if you've ever worked with NTP, you'd know that a) there is a delta above wich the time will not adjust, period. And within that delta, the time will not just jump. It takes time for a NTP client to adjust to the time served by the server.
This is an excellent first step. Next iteration, let's get user configurable time frames and the ability to security wipe if necessary. OR... the ability to disable data through the lightning port completely. I don't think I ever use that port for data, so I would be good with it. Hell, with Qi charging, don't even need the lightning port (have to think that one through to be sure).
Huh???
That setting is on by default... allowing manipulation (potentially) if your phone is taken.
I am saying you, the person that owns it, now before it is taken, turn that setting off so it can't be used to manipulate the date/time while locked or attacked.
Also, I am not 100% sure how iPhones get their time info when that setting is on, but the options are:
A) From the cell network (non GSM only, i.e. CDMA (Verizon, Sprint))
B) GPS
C) NTP server
All I know is with that setting off, the phone date and time won't auto-set to whatever is represented as the current date and time no matter method.
Maybe someone could definitively confirm how, say an AT&T iPhone, gets it's "Automatic Time" value.
NTP?
GPS?
[doublepost=1525878027][/doublepost]By the way.... I do work in the reverse engineering field from time to time, and have for quite a long time. What OldSchoolMacGuy is saying is not impossible. So just be aware. I have actually done some law enforcement forensics myself.
That said, it's not all super hand-wavy top secret stuff other than that often someone finds an exploit and they milk it and try to keep it secret as long as possible. There is some hard-core stuff that goes on too.... sure. Like de-capping memory chips, etc. But that is rare and extreme.
Also, keep in mind that the average person who would have their phone confiscated will have the trusted PC associated with it in their home. Law enforcement could get a warrant for that PC, and then gain access to it using any number of Windows exploits for example if it is a Windows PC.
If you are really that worried:
A) Don't use iCloud for backups
B) Don't use iCloud Drive
C) Don't use iCloud Keychain
D) Encrypt local iTunes backups
E) Use a mac and use drive encryption
F) Use a 16 character alphanumeric device passcode that contains little or no known words from any language
G) Use a strong password on your Mac
H) Turn off frequent locations in your iPhone settings
I) Turn off automatic time set
J) Set require passcode to immediate
K) Set erase data after failed attempts
L) Don't use the same password or passcode for any two accounts or devices
M) Don't keep anything in email you don't want seen
N) Don't do anything illegal
I am sure there are more. Maybe there should be a security best practices Wiki.
Anyway, even with all of this, this only makes you reasonably secure and will hinder abuse only.
Do the above, don't do anything illegal, and if law enforcement does spend time to get around all of these measures to only find that you have done nothing illegal, it will likely discourage the behavior.
Last edited:
Yes, but even with the setting on, NTP manipulation is hard.
They use NTP.
Early iOS, at least, never supported setting the time via GSM (much less GPS), but rather used NTP. I see no reason to believe Apple eventually added support for those since NTP has always been there.
Right.
Why even have a delay at all? Aside from charging (and it should be easy to disable data communication over the port while still allowing the phone to be charged), I can't think of a reason why I'd want the lightning port to work when my phone is locked. I'm ok with having to always unlock my phone anytime I connect it to anything.
On a related note, I completely agree that 7 days is too long. I'd want it to be on the order of hours or a max of 1 day.
On a related note, I completely agree that 7 days is too long. I'd want it to be on the order of hours or a max of 1 day.
When I die, the last thing I want is for anyone, family included, to decide it’s appropriate to go snooping through my phone. You wouldn’t snoop on your living family members’ phones or computers. What is it about death that makes it okay to disrespect them like that?
First, charging will still work.
Second, it's a balance of security and convenience. For LE, 7 days gives them a reasonable time frame to secure a warrant.
For the user, having to always unlock when connecting to a trusted computer will be a pain.
If the police have stolen your phone, they’ve probably also stolen your laptop, too.
Plenty of police activities are illegal in most countries, including owning or carrying guns.
[doublepost=1525881034][/doublepost]
Ah, I was wondering if they had something like that. But how frequently does iOS check the NTP server? If it's 15 minutes or less, you can keep the phone at the same time forever or go backwards slowly.
Edit: People are saying the poll frequency is variable in Linux and macOS. You might be able to trick it into polling more frequently by reporting some drift initially. Also, I know it allows any size drift when you initially enable auto time setting, so maybe there are other exceptions like when it's booting up.
Last edited: