Stories
Slash Boxes
Comments

SoylentNews is people

Law Enforcement Does Not Need Apple to Unlock a Suspect's iPhone

posted by janrinok on Sunday January 19 2020, @03:04AM   Printer-friendly
from the counter-counter-countermeasures dept.

upstart writes in with an IRC submission for SoyCow1337:

Trump, Barr, and the FBI do not need Apple to unlock a terrorist's iPhones:

Previously, Cellebrite relied on a brute force system. With its machine plugged into an iPhone's Lightning port, Cellebrite would override limits on passcode attempts and would then try every possible passcode combination until it hit on the right one. But Apple added a Restricted USB Mode with iOS 12 that prevents the Lighting port from connecting to another device if an iPhone has not been unlocked within the last hour. Cellebrite's updated software allows it to communicate with the chipset used on certain iPhone models, apparently regardless of the iOS version that the phone in question is running. This new technology could be very useful.

Neil Broom, who works with law enforcement to unlock phones, said, "This Cellebrite tool would let the government get a whole lot of information out of the phone, more than we've previously been able to extract.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Law Enforcement Does Not Need Apple to Unlock a Suspect's iPhone | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday January 19 2020, @06:00AM (5 children)

    by Anonymous Coward on Sunday January 19 2020, @06:00AM (#945212)

    How difficult is it to crack these passcodes via brute force. These phone passcodes aren't exactly long and complicated or am I missing something?

  • (Score: 0) by Anonymous Coward on Sunday January 19 2020, @06:17AM (4 children)

    by Anonymous Coward on Sunday January 19 2020, @06:17AM (#945216)

    its in the summary "limits on passcode attempts".

    • (Score: 0) by Anonymous Coward on Sunday January 19 2020, @11:25AM (1 child)

      by Anonymous Coward on Sunday January 19 2020, @11:25AM (#945249)

      Then an easy solution would be to have phone manufacturers reserve one secret code for law enforcement (say "0666"), and entering this code turns off passcode attempt limits. Then users can have the security of a passcode and law enforcement can have the ability to access criminal's data. Win-win.

      • (Score: 1, Informative) by Anonymous Coward on Sunday January 19 2020, @12:40PM

        by Anonymous Coward on Sunday January 19 2020, @12:40PM (#945263)

        Security through obscurity is no security at all. How long do think it would take for criminals to find out the police passcode?

    • (Score: 0) by Anonymous Coward on Sunday January 19 2020, @04:00PM (1 child)

      by Anonymous Coward on Sunday January 19 2020, @04:00PM (#945333)

      I get that but the passcode (or hash for the passcode) is still on a chip that the authorities still have physical access to. Can't that hash be extracted from that chip, put on a faster computer, and cracked in seconds?

      • (Score: 2) by FatPhil on Sunday January 19 2020, @11:52PM

        by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Sunday January 19 2020, @11:52PM (#945553) Homepage
        secure storage is typically inside the cpu, and typically hanging off a different bus (so you can't even use attacks like rowhammer). The operations that may be performed are also retricted, as there's a separate embedded CPU that acts as a gatekeeper.

        This is all from the marketting fluff - core designers don't evel let chip manufacturers know what really goes on. (I've worked for a chip manufacturer.)
        --
        Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves