Question about FBI case re iOS 10

Discussion in 'iOS 10' started by techguy15, Dec 24, 2016.

  1. techguy15 Suspended

    Joined:
    May 24, 2015
    #1
    So I understand that the FBI was able to get into that one shooters 5C running on iOS 9. Now that iOS 10 is out do you think they'd be able to crack into one now? Did Apple add anything that would make it more difficult this time around?
     
  2. SSAJ macrumors 6502

    Joined:
    Aug 30, 2016
    #3
    Yup they are making it difficult and difficult to break in on anyone's phone
     
  3. yankeebobo macrumors regular

    yankeebobo

    Joined:
    Mar 7, 2014
    Location:
    Somewhere in my head
    #4
    They shouldn’t have been able to get into the 5C. But the user didn’t have a passcode initiating the encryption.

    Lesson? Use that passcode.
     
  4. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #5
    5c is a 32-bit device that doesn't support TouchID, which I believe played a role in it all, aside from iOS itself.
     
  5. DaIfoneboss macrumors regular

    Joined:
    Oct 6, 2011
    #6
    This. 64 bit iOS device on iOS 10.2 is much much more secure and harder to crack then the 5C was on iOS 9 with no Touch ID

    Ios 10 itself got a big boost in security
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #7
    32-bit-ness had nothing to do with it. Neither had Touch ID. What the FBI eventually used was a NAND mirroring technique that allowed them to clone the disk and trick the device into allowing as many password tries as they wanted. A Cambridge researcher has confirmed that this works on any later device as well, up to iPhone 6S (source).

    The only real protection against this is a decent password. If you are using a 4-digit passcode, then you are not secure. You should be using a password instead. You should also not use iCloud, particularly not iCloud Backup and iCloud Keychain.

    How do you know? Apple has not released an updated security guide yet.
     
  7. DaIfoneboss macrumors regular

    Joined:
    Oct 6, 2011
    #8
    Ios 10 uses FBE now. In 10.1 KPP was added, etc, all the bug fixes and security holes of past iOS versions patched up. Etc

    And inherently a 64 bit device running 64 bit version of the os is more secure then 32 bit version
     
  8. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #9
    Kernel Patch Protection was added in iOS 9, not 10. I suppose with FBE you mean file-based encryption?

    Please, enlighten us.
     
  9. DaIfoneboss, Dec 29, 2016
    Last edited: Dec 29, 2016

    DaIfoneboss macrumors regular

    Joined:
    Oct 6, 2011
    #10
    I meant an updated version of KPP in 10.1.1. And yes iOS 9 used FDE(Full Disk Encryption) and now iOS 10 is using FBE which is better for smartphones as they typically aren't dying often and shutting off often.

    And um.. ASLR to start with 64 bit ArmV8 chips? I can go on.

    Also here, from the CEO of the biggest blackhat hacking group currently in the world (Zermodium) saying it himself;


    ""Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions," he told Ars. Asked why a string of iOS exploits commanded 7.5 times the price of a comparable one for Android he said: "That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both."


    https://www.google.com/amp/arstechnica.com/security/2016/09/1-5-million-bounty-for-iphone-exploits-is-sure-to-bolster-supply-of-0days/?amp=1?client=safari


    So yeah iOS 10 is quite a bit more secure then past iOS versions.. Thought it was pretty obvious for some but I guess not
     
  10. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #11
    I don't think that iOS ever used full-disk encryption. It was file-based encryption since iOS 4, specifically to overcome the performance penalties of full-disk encryption. iOS 4 has also introduced address space layout randomisation, it was not new to ARMv8 processors.

    One improvement I do know of is the hardened JIT Compiler in WebKit, which uses a feature of ARMv8's instruction set.

    iOS 10 of course fixes bugs and updates the kernel, and it has traditionally been trickier to jailbreak a newer version on a new device. Even in iOS 9 it was already a fact that in order to perform a jailbreak, you have to chain several exploits together. This is becoming ever more difficult, hence the statements that exploits are becoming more and more expensive. I do not see a 'big boost', just a continuation.
     
  11. Mcmeowmers macrumors 6502

    Joined:
    Jun 1, 2015
    #12
    I believe they got in through essentially brute force - they "cloned" the phone and then tried a password....
     
  12. Suckfest 9001 Suspended

    Suckfest 9001

    Joined:
    May 31, 2015
    Location:
    Canada
    #13
    They talked about it at WWDC.
     
  13. techguy15 thread starter Suspended

    Joined:
    May 24, 2015
    #14
    I'm liking the security discussions here guys
     
  14. GreyOS macrumors 68040

    GreyOS

    Joined:
    Apr 12, 2012
    #15
    One thing I always wondered with so-called FDE on iOS is how widgets, notifications, your wallpaper, etc could appear before you type in your passcode, if the passcode is supposed to decrypt the disk and some of those features necessarily require data lying on the encrypted disk. My experience of FDE on a windows laptop is a very simple password UI immediately when turning it on, with windows only loading after the password is put in.

    If iOS actually uses FBE (and always did) does that make that easier to explain the above? Or is all of that still possible with FDE and I just misunderstand it? Would be interested to hear you remark on this topic in any case as you seem knowledgable. Thanks
     
  15. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #16
    You mean Ivan Kristic’s talk? The ‘What’s new in security’ session? They barely talked about the internal security mechanisms of iOS 10. What they talked about either pertained to existing technology covered by the security guide before or networking and sandboxing APIs in Foundation and Cocoa, such as App Transport Security and Gatekeeper. Even Kristic’s Black Hat talk was hardly surprising, it was a recap of the security guide.

    I have seen the WWDC talks, read the available developer documentation and am following some blogs. There is a wealth of information about iOS security, and most of it is not even new. What we have here is an ambiguous quote from Zerodium, but no hard facts. iOS 10.1.1 had not even a security note of its own that backs up the supposedly updated KPP. Again, I do not know to which ’big security boost’ DaIfoneboss is referring.

    iOS does not use full-disk encryption, that is precisely the point. It uses a fairly elaborate file-based encryption scheme. It attempts to encrypt only the sensitive data and it does that by encrypting individual files and their metadata. Apple uses many other technologies to secure the boot process, but the system components themselves are not encrypted, unlike on macOS with FileVault.
     
  16. electronicsguy macrumors 6502a

    electronicsguy

    Joined:
    Oct 12, 2015
    Location:
    Pune, India
    #17
    Whatever it is will be covered under a gag order. Unless Timmy and his gang wanna goto jail, they're never going to give you the real info - because they cannot. Secondly, the agencies like NSA, etc. may have undocumented access into phones - they'll never reveal it willingly to the companies about these bugs.
     
  17. GreyOS macrumors 68040

    GreyOS

    Joined:
    Apr 12, 2012
    #18
    Yes I know that's your stance, my question was about whether that's obvious from the fact notifications etc appear when locked, or whether thats still possible with fde. Wondering how anyone could ever claim it had FDE given those features
     
  18. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #19
    Push notifications are sent by a server, thus the information is not encrypted. It is of course possible to encrypt only a particular volume, such as the volume that contains the user data and application data, like macOS used to have before FileVault 2.
     
  19. GreyOS macrumors 68040

    GreyOS

    Joined:
    Apr 12, 2012
    #20
    Say an app lets you set a favourite bus stop, and that app has a widget showing you favourite bus stop departure times. I can see that widget before unlocking my phone, and the widget is using my preference which is saved to the disk. i just never understood how the phone could supposedly have its whole disk encrypted when it was obvious certain information was not encrypted when the phone was locked. Even an iMessage notification on the lock screen will display the name of the sender - which comes from your contacts on the disk.

    Now i get what you're saying - it doesn't use FDE, it uses 'elaborate file-based encryption scheme' - and so the 'problem' above dissolves. there's no issue. my question was - how can others (journalist in the media, a user above, etc.) claim it has FDE, to me the features described above rule it out quite obviously? so, i know iOS doesn't use FDE, but could it do so and still have those features? doesn't seem like it could, to me. so the claims of others are even stranger, to me.

    anyway, it's probably not worth pursuing this line of question, i think i'm just confusing things. thanks anyway.
     
  20. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #21
    Interestingly, if you restart your phone and don't unlock it (assuming you have a TouchID and/or passcode) you won't really see that information as I recall. I just recently restarted my phone and didn't get a chance to unlock it before a phone call from one of my contacts came in and the call just showed up with the phone number rather than the contact information from my contacts.
     
  21. Clete2 macrumors 65816

    Clete2

    Joined:
    Sep 20, 2008
    Location:
    USA
    #22

    There is a Blackhat talk where an Apple employee describes why you don't see that information. Essentially there is a key you have to unlock by using your passcode when you start your phone. The phone physically does not have access to your contacts until you use the passcode to unlock it for the first time.
     
  22. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #23
    Yup, that's basically what's behind it.
     
  23. GreyOS macrumors 68040

    GreyOS

    Joined:
    Apr 12, 2012
    #24
    Good example of more elaborate FBE, e.g. it can't see the title of reminders but it can see how many you have, which FDE wouldn't allow.
     
  24. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #25
    Well, the case would still stand.. Apple won't hand over anything, but of course other organizations can get in...... It's like we actually want our phones to be the silver bullet and Apple is the big daddy so no one in the world can crack it..... That's why organizations like Cellebrite exist.

    If Cellebrite couldn't get in, they'd be out of a job.

    iOS 10 would be "more" secure" not "impossible"
     

Share This Page