Forensics firm Cellebrite has released a new update its UFED Physical Analyzer software that could be used to access data on the Pensacola Islamic terrorist’s iPhones at the center of the latest battle between Apple and the U.S. government.
The tool uses an exploit called Checkm8 that allows access to chips running on iPhones released between 2011 and 2017. Cellebrite, owned by Japan’s Sun Corp. said its latest version of the tool works with the iPhone 5S, first sold in 2013, through the iPhone X, sold in 2017.
This could help investigators analyze at least one of the iPhones that belonged to Mohammed Saeed Alshamrani, the perpetrator of a Dec. 6 terrorist attack at a Navy base in Florida. Alshamrani died and his iPhone 5 and iPhone 7 were locked, leaving the FBI looking for ways to hack into the devices.
The FBI has been pressing Apple to help it break into the attacker’s iPhones. President Donald Trump called on the company to step up. But the government can hack into the devices without the technology giant, experts in cybersecurity and digital forensics said on Tuesday.
MacDailyNews Take: The U.S. government isn’t as interested in what’s on the terrorist’s iPhones as it is in somehow trying to force Apple to provide a repeatable method to unlock them. The duplicitous U.S. government wants into every iPhone for whatever reason, valid or otherwise. That’s their goal.
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. – Benjamin Franklin
Once again, this highlights another good reason to upgrade your older iPhone.
iOS uses the Secure Enclave Processor (hardware) to throttle passcode input requests, introducing waiting times when too many incorrect passcode attempts have been made. GrayKey bypasses this on older iPhone models, so passcodes can be tried in succession until discovered.
This brute force method is precisely why those concerned with security don’t use four-digit passcodes. Instead, use long, alphanumeric passwords and, even if there is a GrayKey box on every corner, your data will remain secure.
Use at least seven characters – even longer is better – and mix numbers, letters, and symbols.
To change your password in iOS:
Settings > Face ID & Passcodes > Change Passcode > Passcode Options: Custom Alphanumeric Code
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
— Matthew Green (@matthew_d_green) April 16, 2018
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]