“In the fight over digital privacy, Apple is forever adding layer on layer of security to its iPhones. For most users, Apple’s approach is a great boon, keeping all their information away from thieves and hackers. But for America’s cops, it’s causing a headache, preventing them getting into iPhones where they could find valuable and timely information,” Thomas Fox-Brewster reports for Forbes. “That’s why police are increasingly turning to private contractors like GrayShift, which Forbes uncloaked earlier this year as it promised to hack its way into the latest Apple cellphones.”
“Is either side winning? From emails leaked to Forbes, and in conversations with police officials, it would appear on first glance that Apple’s latest updates to its iOS operating system truly have stymied the cops and their GrayKeys,” Fox-Brewster reports. “But, at the same time, police still have a way to hack into iPhones, even the latest models, the emails show. The messages were shared by an anonymous source who had access to a private email list subscribed to by members of the police and digital forensics communities.”
“In one email, dated July 19, a detective at the Oklahoma City Police Department wrote: ‘We have run into our first phone with 11.4.1 yesterday and it’s confirmed. Plugging the device into the GrayKey results in the phone signalling that it’s charging but they GrayKey does not recognize that a phone is plugged into it,'” Fox-Brewster reports. “After the Oklahoma City detective’s comment, forensics professionals on the email thread started discussing a way to circumvent USB Restricted Mode, as recently revealed by Russian company Elcomsoft. The bypass is remarkably simple: connecting an iPhone to an accessory device, such as a $39 Apple camera adapter, will reset the one-hour timer.”
MacDailyNews Take: Presto, another avenue for Apple to close post haste. And iOS gets even more secure!
Read more in the full article here.
MacDailyNews Take: Always use long, custom, alphanumeric passcodes. Use at least seven characters – even longer is better – and mix numbers, letters, and symbols.
To change your passcode in iOS:
Settings > Face ID & Passcodes > Change Passcode > Passcode Options: Custom Alphanumeric Code
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
— Matthew Green (@matthew_d_green) April 16, 2018
Apple punches back at Grayshift, maker of the GrayKey iPhone-hacking box – June 15, 2018
Cops are confident Grayshift iPhone hackers already have a workaround to Apple’s new iOS security feature – June 15, 2018
Apple to undercut GrayShift, Cellebrite tools for cracking iPhones – June 13, 2018
Apple’s iOS 11.4 update with ‘USB Restricted Mode’ may defeat GrayKey, Cellebrite forensic tools – May 8, 2018
GrayKey box can guess a six-digit iPhone password in 11 hours on average – April 16, 2018
Police around the U.S. can now unlock iPhones – April 12, 2018
Law enforcement uses ‘GrayKey’ box to unlock iPhones – March 16, 2018
The man who wrote those password rules has a new tip: N3v$r M1^d! – August 8, 2017