GrayKey develops box to brute force iPhone unlock codes

[DrMacintosh]

1 hour ago, hey_yo_ said:

I wonder if "Erase Data" is enabled by default on all iPhones sold once passcode is added. Is this the case @DrMacintosh

I believe it’s off by default 

[Brooksie359]

14 hours ago, ARikozuM said:

It protects against self-incrimination, I believe. I would hate to see this used, without proper protocol such as a warrant, without permission *by accident*. If they accidentally stumble upon evidence they can obtain it more easily when they know where to search. 

 

That seems like more of a 4th amendment issue tbh. 

[ScratchCat]

6 hours ago, hey_yo_ said:

I'm just glad that "987987" is not my iPhone's passcode.

 

That would be nothing for rich people and government intelligence organizations. But if it's just the typical run in the mill thief in the street, I think he's better off robbing a bank than trying to unlock someone's iPhone.

 

Uhm what? Since when did a mobile OS from 2015 became the future of iOS? ?

 

But it would be interesting how they manage to get around iOS's anti brute force feature "Erase Data" which will initiate a secure wipe after accumulating 10 failed passcode attempts. I wonder if "Erase Data" is enabled by default on all iPhones sold once passcode is added. Is this the case @DrMacintosh

Quote

and in the future iOS

They will be adding support in the future.

I assume the Erase Data function is based off the number of failed attempts, if they can brute force the passcode on device it is highly likely they found a way to disable the counter.

[themctipers]

2 minutes ago, ScratchCat said:

They will be adding support in the future.

I assume the Erase Data function is based off the number of failed attempts, if they can brute force the passcode on device it is highly likely they found a way to disable the counter.

most people don't have that on. it's not even on by default.

iirc the FBI case had the erase data feature, and that was another thing that stopped them or something. i didn't follow that thing.

[DrMacintosh]

3 minutes ago, ScratchCat said:

it is highly likely they found a way to disable the counter.

It's the only way. All Apple has to do is figure out how to patch the Passcode counter. 

[mr moose]

1 hour ago, DrMacintosh said:

It's the only way. All Apple has to do is figure out how to patch the Passcode counter. 

That's assuming the counter is disabled (rather than just bypassed) or that it can be patched. 

[DrMacintosh]

25 minutes ago, mr moose said:

or that it can be patched. 

If it can be exploited it can be patched

[BuckGup]

US government buys 2 million of them. Apple patches it the next Day. Increases taxes for the poor to compensate.

[DrMacintosh]

4 minutes ago, BuckGup said:

US government buys 2 million of them. Apple patches it the next Day. Increases taxes for the poor to compensate.

Seems completely reasonable. Absolutely nothing else we could do to pay for them \o/

[mr moose]

2 minutes ago, DrMacintosh said:

If it can be exploited it can be patched

I would disagree,  only on a scale of complexity though, some exploits can be patched but at a major cost to performance.

 

Also you are assuming it is an ios level device.  For all we know it might talk directly to the hardware and bypasses ios by loading it's own standalone os that does the job.  Much like memtest does for ram testing.

[Shreyas1]

HA! I'm immune to this as I DON'T use a password!

 

/s

[DrMacintosh]

7 minutes ago, mr moose said:

For all we know it might talk directly to the hardware and bypasses ios by loading it's own standalone os that does the job. 

I’d bet real money that that is not the case. 

[mr moose]

11 minutes ago, DrMacintosh said:

I’d bet real money that that is not the case. 

Well,  that must make it true then.

[DrMacintosh]

Just now, mr moose said:

Well,  that must make it true then.

Going below the OS and then forcing it to hand over the passcode through an exploit that could not be patched via software would be an extraordinary achievement in mobile security. 

 

Something that I do not belive the people who made this are capable of. 

[mr moose]

2 minutes ago, DrMacintosh said:

Going below the OS and then forcing it to hand over the passcode through an exploit that could not be patched via software would be an extraordinary achievement in mobile security. 

 

Something that I do not belive the people who made this are capable of. 

Why?  without IOS in place to stop it,  the new OS only has to brute force encrypted files.   

Why are you so sure they can't do this?  It's not a new concept, it certainly isn't beyond anyone with enough resources.  After all people have been able to install Android on iphone before.

[DrMacintosh]

6 minutes ago, mr moose said:

the new OS only has to brute force encrypted files.   

So then just change the encryption.....seems like a good reason to charge a lot for something like this. Cash in while the exploit still works. 

[Mira Yurizaki]

25 minutes ago, DrMacintosh said:

Going below the OS and then forcing it to hand over the passcode through an exploit that could not be patched via software would be an extraordinary achievement in mobile security.

It's been done before in the desktop space

It was fixed several years before the presentation was given. However, it was a hardware fix, so anything before that is pretty much screwed. Especially since it involves an exploit in how the trust zone worked.

[mr moose]

7 minutes ago, DrMacintosh said:

So then just change the encryption.....seems like a good reason to charge a lot for something like this. Cash in while the exploit still works. 

Then they simply update the brute force to match the new encryption, we are talking about an update now for the grey box rather than a spanner in the works.

 

Build a better mouse trap and they'll build a better mouse.  Software can't always stop a hardware level attack. 

[DrMacintosh]

Just now, mr moose said:

Then they simply update the brute force to match the new encryption, we are talking about an update now for the grey box rather than a spanner in the works.

 

Build a better mouse trap and they'll build a better mouse.  Software can't always stop a hardware level attack. 

We don’t even know how this exploit works and until we do I am going to assume it’s on iOSes level based and can be patched. And correct me if I’m wrong, but you have to be on iOSes level to get data off of anything. 

[mr moose]

4 minutes ago, DrMacintosh said:

We don’t even know how this exploit works and until we do I am going to assume it’s on iOSes level based and can be patched. And correct me if I’m wrong, but you have to be on iOSes level to get data off of anything. 

You only have to know the file structure of the data stored in the device.   Given someone has supposedly already cracked the SEP on iphone it doesn't stand beyond reason that any of the surmised exploits are workable and beyond patching.

[DrMacintosh]

2 minutes ago, mr moose said:

iphone it doesn't stand beyond reason that any of the surmised exploits are workable and beyond patching.

At the same time there is no reason to believe that it can't be patched. Its so new, so limited, expensive, coupled with the fact that is will most likely be useless next year if it is a hardware exploit, it's likely most law enforcement agencies won't buy them. 

 

Also the legal battles that would ensue if said agencies just grabbed phones and just copied their data from anyone for any reason. Thankfully life is not an episode of NCIS.  

[mr moose]

6 minutes ago, DrMacintosh said:

At the same time there is no reason to believe that it can't be patched.

I never said it can't,  merely gave reasons why it may not be patchable.

 

6 minutes ago, DrMacintosh said:

Its so new,

new doesn't mean anything

6 minutes ago, DrMacintosh said:

so limited, 

How so? last time I read the article they claimed they watched it crack the user passcode, that's all it is supposed to do.

6 minutes ago, DrMacintosh said:

expensive,

$30K is nothing to a lot of government organisations.  I don;t know if you are aware but governments regularily spend 100's of thouseand's just on office upgrades.

6 minutes ago, DrMacintosh said:

coupled with the fact that is will most likely be useless next year if it is a hardware exploit,

Assumption, if it is hardware it will still work on all existing phones.

 

6 minutes ago, DrMacintosh said:

it's likely most law enforcement agencies won't buy them. 

At $30K they all will.

6 minutes ago, DrMacintosh said:

 

Also the legal battles that would ensue if said agencies just grabbed phones and just copied their data from anyone for any reason. Thankfully life is not an episode of NCIS.  

I don't see how that changes anything.  You do realise it is possible to use this device legally, ergo with a warrant in under due process.

[DrMacintosh]

1 minute ago, mr moose said:

How so? last time I read the article they claimed they watched it crack the user passcode, that's all it is supposed to do.

These devices have a unlock counter and will stop working after a certain number of unlocks. 

[themctipers]

26 minutes ago, DrMacintosh said:

These devices have a unlock counter and will stop working after a certain number of unlocks. 

there was a way to bypass that unlock counter on older versions of iOS.

even iOS 11.0 i think.. 

notice how graykey doesn't say what version of iOS 11, just iOS 11  

reminds me of this.. ^

 

 

[mr moose]

1 hour ago, DrMacintosh said:

These devices have a unlock counter and will stop working after a certain number of unlocks. 

We've addressed that already.