Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

New York Law Enforcement Officials Operate $10 Million Lab Designed to Crack iPhones

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,046
12,596



Manhattan District Attorney Cy Vance Jr. built and oversees a $10 million high-tech forensics lab built expressly for the purpose of cracking iPhones, according to a new profile done by Fast Company.

The lab is equipped with "mind-bending hardware" and a team of technology experts, many of whom are ex-military. The facility itself features a radiofrequency isolation chamber that prevents iPhones being used in investigations from being accessed remotely to keep them from being wiped.


Vance's team has thousands of iPhones at the facility in various stages of being cracked. There's a supercomputer that generates 26 million random passcodes per second, a robot that can remove memory chips without using heat, and specialized tools for repairing damaged devices to make them accessible once again.

All of the iPhones are hooked up to computers that are generating passcodes in an effort to get into the iPhones, and sometimes that requires going through tens of thousands of number combinations. Those who work at the facility, including director Steven Moran, also attempt to narrow down possibilities using birthdays, significant dates, and other info that could be used in each specific case for an iPhone passcode.

Proprietary workflow software tracks all of the iPhones at the facility, including their software and their importance, for the purpose of deciding which iPhone to work on and which might be able to be cracked using a newly found third-party solution.

Vance has been a major critic of Apple and has called on the government to introduce anti-encryption legislation to make it easier for law enforcement officials to get into iPhones needed for criminal investigations. According to Vance, 82 percent of smartphones that come into the unit are locked, and his cybercrime lab can crack "about half."

Apple's frequent software updates continually make breaking into iPhones harder by making the process more complicated, which can make it close to impossible to breach an iPhone in a timely manner. "The problem with that, particularly from a law enforcement perspective, is, first of all, time matters to us," said Vance.

Vance believes that it's "not fair" that Apple and Google can prevent law enforcement officials from accessing smartphones. Vance says that law enforcement is entrusted with a responsibility to "protect the public" but Apple and Google have limited access to information "just because they say so." Vance is of the opinion that there should be a "balance" between protecting user privacy and getting justice for victims of crimes.
"That's not their call. And it's not their call because there's something bigger here at issue rather than their individual determination of where to balance privacy and public safety. What's bigger is you've got victims and you've got a law enforcement community who have strong imperatives that should be recognized and balanced equally with the subject decision-makers by the heads of Apple and Google. Today, I think it's unbalanced.
Apple's argument is that it provides iPhone data from iCloud without breaking into the iPhone itself, but Vance says that a serious criminal doesn't have an iCloud backup. A user can also choose what information is stored remotely, and "in many cases" smartphones do not backup between the time when a crime takes place and an iPhone is shut off.

Law enforcement officials can also obtain device metadata like the time and location of a phone call from SIM cards or phone carriers, but Moran says that's the difference between being able to read a letter and being limited to just the envelope the letter came in.
"Even if we are lucky enough to get into the cloud or even if we're lucky enough to get some of the metadata, we're still missing an awful lot of important information that's critical to the investigation."
Vance says that he's not "whining" about the encryption problem, but his lab is "not the answer" as most of the U.S. can't afford to do the work that the New York cyber lab does.

Fast Company's profile of Vance's cyber lab comes as Apple is gearing up for another battle with the FBI. Apple has been asked to unlock the iPhones used by Florida shooter Mohammed Saeed Alshamrani, and while Apple has provided iCloud data, the company will fight requests to unlock the actual devices.

For more on New York's High Technology Analysis Unit and facility, make sure to check out Fast Company's full profile.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: New York Law Enforcement Officials Operate $10 Million Lab Designed to Crack iPhones
 
Last edited:

crawfish963

macrumors 6502a
Apr 16, 2010
800
1,082
Texas
I'm on record as a law enforcement officer to say that I do not agree with private companies being forced to create backdoors to get into people's devices. If the agency or government comes up with a method on their own, or purchases it from the private sector, then that's fine. But putting a gun to a company's head must never be allowed.
 
Comment

techwhiz

macrumors 65816
Feb 22, 2010
1,168
1,510
Northern Ca.
So they have a faraday cage ad they use intelligent social engineering to get a start at passwords, okay.
The answer is not a backdoor that he is asking for.
For everyone that reads this you need an alphanumeric passcode.

My current passcode has 12 digits/letters and symbols.
This means that even if they can generate 26 million passcodes a second.

There are 46 keys * 2 functions for each key.
This means that my password will has 3.68x10^23 combinations.
This is 1.4x10^16 seconds to brute force the attack or 3.9x10^12 hours.
So they will never brute force it unless they just get lucky.
Couple that with at the end of every attempt, the enter key must be used.
If you use a 4 digit passcode, a brute force attack renders it useless in 9999 attempts.
Actually it's half that if the approach is either sequential or starts from the middle.
A six digit passcode isn't better.
Use a password that has letters (upper and lower case) numbers and symbols.

A password that is any length is more secure than a passcode.
A password can be any length and makes it much more difficult to brute force.

If you use a less secure 4/6 digit passcode, you should have your phone set to wipe after 10 attempts.

I say don't give them a chance and I'm not doing anything illegal.
My right to privacy, is a right.
 
Comment

nt5672

macrumors 68020
Jun 30, 2007
2,170
4,625
Vance would probably be just fine if there was law that required that we all just wear a government audio and video recording device that transmitted our daily grind in real time to government servers. That would stop all crime. Yeah, right! Failure to wear the device, would be jail time. We all know that the only people that would object are criminals right? How is his attitude any different?
 
Comment

mannyvel

macrumors 6502a
Mar 16, 2019
750
1,209
Hillsboro, OR
What data are they really looking for when they want to break into an iPhone?

They can get a list of numbers called from the carrier.
They can get the location history of the phone from the carrier.
They can get the SMS messages from the carrier.

Are they looking for messages re: planning? Logistics? Are they trying to break into "plan my heist" data?

Are they just looking to see what other contacts the potential perpetrator might have/be talking to?
 
Comment

26139

Suspended
Dec 27, 2003
4,315
374
Super curious as to how many iPhones they have in there.
[automerge]1579637316[/automerge]
What data are they really looking for when they want to break into an iPhone?

They can get a list of numbers called from the carrier.
They can get the location history of the phone from the carrier.
They can get the SMS messages from the carrier.

Are they looking for messages re: planning? Logistics? Are they trying to break into "plan my heist" data?

Are they just looking to see what other contacts the potential perpetrator might have/be talking to?

I don't believe they can access iMessages through the carrier though, only SMS.
 
Comment

crawfish963

macrumors 6502a
Apr 16, 2010
800
1,082
Texas
What data are they really looking for when they want to break into an iPhone?

They can get a list of numbers called from the carrier.
They can get the location history of the phone from the carrier.
They can get the SMS messages from the carrier.

Are they looking for messages re: planning? Logistics? Are they trying to break into "plan my heist" data?

Are they just looking to see what other contacts the potential perpetrator might have/be talking to?

Some carries store SMS history longer than others, and some will only store SMS sent over the network, but will not include those sent over Wi-fi. Additionally, network records will not help you with WhatsApp, Snapchat, Facebook messenger, or videos and photos stored on the device.
 
Comment

26139

Suspended
Dec 27, 2003
4,315
374
Some carries store SMS history longer than others, and some will only store SMS sent over the network, but will not include those sent over Wi-fi. Additionally, network records will not help you with WhatsApp, Snapchat, Facebook messenger, or videos and photos stored on the device.

WhatsApp probably being key here, and Signal.
 
Comment

calzon65

macrumors 6502a
Jul 16, 2008
915
3,413
For decades, U.S. law enforcement has had the ability to secure a court ordered wire tap forcing a telecommunications carrier (at the carrier's cost) to provide access (a/k/a lawful intercept) to switching facilities for the installation of a tap. Lawful intercept interfaces are required in telecommunications switches/infrastructure and cost carriers a lot of money.

I realize a lawful search warrant ordering Apple to open an iPhone is a bit different, but I see some similarities to what telecom carriers are already required to do.
 
Last edited:
  • Disagree
Reactions: Victor Mortimer
Comment

MikeSmoke

macrumors 6502
Mar 26, 2010
254
185
Maryland USA
With all the blatant open air crime that takes place which the Authorities seem to be unable to solve, I hardly doubt that having access to private citizens personal information is a legitimate solution.
 
  • Like
Reactions: FriendlyMackle
Comment

laz232

macrumors 6502a
Feb 4, 2016
583
1,048
At a café near you
Couple of things.

10M USD is not a huge price for a well-equipped lab if that include personell and offices...
"many of whom are ex-military"... tja, depending on the branch, that don't impress me much (S Twain)... Ex NSA, or GCHQ, then we are talking :)

I see they use JBC soldering equipment. Like I do, in my lab...

"Vance believes that it's "not fair" that Apple and Google can prevent law enforcement officials from accessing smartphones. Vance says that law enforcement is entrusted with a responsibility to "protect the public" but Apple and Google have limited access to information "just because they say so." Vance is of the opinion that there should be a "balance" between protecting user privacy and getting justice for victims of crimes. "

Vance should read philosophy and history and realise that life is not fair, and that there are plenty of examples where the government has misused and abused its power (go back to the FBI and COINTELPRO)... but I guess that Vance and his team can be trusted for now and forever into the future....
 
Comment

coolfactor

macrumors 601
Jul 29, 2002
4,840
5,101
Vancouver, BC
NYC spending $10 million for such a stupid anti-consumer intrusive purpose.... they could have spent it instead on the countless homeless and vagrants roaming the streets of NYC.

OFF-TOPIC: Disagree. The homeless problem is growing in our community, too. Shelters have been built, safe injection sites funded, and the problem continues to get worse. I don't think throwing money at the problem is going to help, unless the people themselves want to help themselves.

ON-TOPIC: It's not anti-consumer to try and solve crimes. It's anti-consumer to demand tech companies to lower security standards just make your investigation job easier.
[automerge]1579638933[/automerge]
All this talk about iPhones being difficult to crack.

How does this compare against your typical Android phone? Strong encryption is available from the likes of Samsung, but most consumers are not employing that. What's it like for investigators getting data off your typical Android?
 
Comment

mannyvel

macrumors 6502a
Mar 16, 2019
750
1,209
Hillsboro, OR
Some carries store SMS history longer than others, and some will only store SMS sent over the network, but will not include those sent over Wi-fi. Additionally, network records will not help you with WhatsApp, Snapchat, Facebook messenger, or videos and photos stored on the device.

So...they're going to keep photos and videos of their crime on-device?

And, they can also subpoena the various app makers for data. Are they trying to get it via the phone because it's less work? It's not like subpoenas for data are being blocked by the courts.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.