iPhone iOS 12.1.2 crackable for law-enforcement?

[Hans300]

Hello guys, i am from germany. Today i had little trouble with the police. They took my iPhone 6 and want to look at my data. I have iOS 12.1.2 installed and a 4-digit passcode.

The latest news i have is, that with iOS 12 bruteforce with "GrayKey" is no more possible. This news was from end of october. Do you guys think this is still the case? German source below.

https://www.mactechnews.de/news/art...-ist-GrayKey-wirkungslos-geworden-170797.html

 

[C DM]

There's also this: https://www.macrumors.com/2018/11/27/drivesavers-ios-passcode-recovery-service/

 

[NoBoMac]

Old saying out there that basically goes along the lines of "if it's a computing device and accessible, it's vulnerable".

Who knows what tools law enforcement has access to. Or what vulnerabilities there are on one model of device vs other model.

Four digit passcode is terrible to use in this day and age. Six is better, but still not as good as a long/strong upper/lower, number, special character passcode.

Touch ID can be foiled: right tools and skills, can lift a fingerprint from the home button and generate a mold when viable latent print on the button.

Not sure about the laws in Germany, but in the USA, the courts have generally upheld the right to not provide a passcode to unlock your device for law enforcement. Biometrics, that has been trending in the other direction (ie. must provide).

No matter, a little late now to be worried about how vulnerable the device is.

 

[BugeyeSTI]

4 digit passcode is not very secure in this day and age. 8-10 digit is minimum if you want to make it difficult. Adding a couple of symbols, punctuation or lowercase letters really makes it almost impossible or at least not realistic for them to get into the phone in a reasonable amount of time..

 

[C DM]

While a 4 digit PIN is certainly not as secure as a 6 (or more) digit PIN, and even less so than something alphanumeric, for practical purposes as far as basically brute force goes and all the limitations related to that in iOS, it seems that even a 4 digit PIN would still be more than enough in most cases.

 

[crawfish963]

US law enforcement here. I'm kinda in the minority boat of my profession. I applaud Apple's stance on privacy as a consumer, and I believe in a person's right to privacy. I also must obviously get into devices as a part of my job. Generally speaking, when I need access to a phone, I'm usually not feeling guilty about it. I'm not going to write a search warrant for a phone unless it's a felony, and usually a bad one. Android devices are a joke. Apple can be tough, but if time is not of the essence, any phone can be broken.

That being said, we do a lot of our work with various federal agencies which I will not name, nor will I go into detail about. Suffice to say, if we want to get into the phone, we generally will. As mentioned about, a warrant will give us the ability to compel (by force if needed) access to biometric means such as a fingerprint or facial recognition. We cannot force you to give up your passcode. I won't go into the methods or tools available but they are out there. It would be in the best interest of any Apple product owner to be familiar with ways to disable the biometric access features of your device.

EDIT: The Constitution of the United States is held as a sacred thing. We are not accessing people's devices without probable cause supporting a warrant issued by a judge. It's easy to get a warrant with probable cause. It's almost impossible to get a warrant based on weak probable cause. Don't believe what movies and TV tell you-there is a rigorous set of rules in place for this kind of thing and the defense is entitled to all information we have, especially if it exonerates someone. If I get a warrant for your device, you can bet that I followed the rules and you are probably in trouble.

 

[MEJHarrison]

US law enforcement here.

Thanks for the input! It's always nice to hear how things actually work from those who know vs. listening to all the conspiracy theorists and arm-chair lawyers. Even as someone with nothing to hide, that's very useful information to have should I ever find myself in the wrong place at the wrong time.

 

[old-wiz]

Well, if you are really a criminal with incriminating info on your iPhone you should use a second method of encryption. ie Get a program that is known to be secure and encrypt all of your incriminating info so that even if they unlock the iPhone they will still have to decrypt your secret info.