Apple's new USB security feature has a major flaw

[DrMacintosh]

3 minutes ago, Shorty88jr said:

Not at all what I said I said they shouldn't be saying that there devices are secure when clearly companies have broken their security. 

They advertise themselves as fighting for user security. I don’t think they have ever claimed that their devices are unhackable or will protect you always and forever from every single vulnerability.....but they sure as hell are more secure than the competition. That’s a fact. 

[TopHatProductions115]

Is there any way to change the timer for the USB Lock-down?

[Fasterthannothing]

2 minutes ago, DrMacintosh said:

They advertise themselves as fighting for user security. I don’t think they have ever claimed that their devices are unhackable or will protect you always and forever from every single vulnerability.....but they sure as hell are more secure than the competition. That’s a fact. 

They explicitly stated iPhones can't be cracked  

Quote

The Silicon Valley giant has steadfastly maintained that it is unable to unlock its newer iPhones for law enforcement, even when officers obtain a warrant, because they are engineered in such a way that Apple does not hold the decryption key. 

So yes they did claim they couldn't be cracked. I don't disagree at all that Apple has amazing security but they have built their brand around being more secure. Thats one of the biggest reasons people give about the positives of Mac books but time and time again they get hacked and it's usually huge exploits or stupid security mistakes like this leading to bad security.

[DrMacintosh]

2 minutes ago, Shorty88jr said:

They explicitly stated iPhones can't be cracked  

So yes they did claim they couldn't be cracked. I don't disagree at all that Apple has amazing security but they have built their brand around being more secure. Thats one of the biggest reasons people give about the positives of Mac books but time and time again they get hacked and it's usually huge exploits or stupid security mistakes like this leading to bad security.

So your recommendation is? 

[TopHatProductions115]

@DrMacintosh Apple just needs to start paying more attention to detail, and possibly give the engineers a bit more power than they've had in the recent past (instead of having them ruled over by the product designers). They can fix this if they actually try, IMO. I'm of the opinion that Apple was actually good at some point in the past (from personal experience)...

[ItsMitch]

9 minutes ago, TopHatProductions115 said:

Is there any way to change the timer for the USB Lock-down?

Don't think so. 

[Fasterthannothing]

15 minutes ago, DrMacintosh said:

So your recommendation is? 

My recommendation is that they start acknowledging the flaws in their products publicly so that consumers know that Apple stuff is not impenetrable like they want to lead people to believe. It's great that they have such good security and I think they should definitely highlight the strides they are making in securing their phones but at the same time acknowledge they aren't perfect.

[DrMacintosh]

1 minute ago, Shorty88jr said:

My recommendation is that they start acknowledging the flaws in their products publicly so that consumers know that Apple stuff if not impenetrable like they want to lead people to believe.

Yeah, might need a brush up on your corporate strategy. That’s not going to happen. Especially under Tim Cook. 

[Fasterthannothing]

4 minutes ago, DrMacintosh said:

Yeah, might need a brush up on your corporate strategy. That’s not going to happen. Especially under Tim Cook. 

If they really want want to be the champion of the peoples security that's the right thing to do. I know personally I'm alot more angry at a company for hiding a security flaw than disclosing it because by disclosing it they acknowledge they have an issue but it also let's the customer know it's being fixed.

[TopHatProductions115]

Can't trust a company that pretends to be perfect, only to be exposed every few months. There's a reason I stopped trying to have the latest version of MacOS after experiencing High Sierra - I actually prefer El Capitan (unfortunately). The latest is no longer the greatest. I'm still not into the idea of testing Mojave - even thought they're finally gonna add dark themes and more. Just too much to deal with atm...

[DrMacintosh]

9 minutes ago, TopHatProductions115 said:

Can't trust a company that pretends to be perfect, only to be exposed every few months. There's a reason I stopped trying to have the latest version of MacOS after experiencing High Sierra - I actually prefer El Capitan (unfortunately). The latest is no longer the greatest. I'm still not into the idea of testing Mojave - even thought they're finally gonna add dark themes and more. Just too much to deal with atm...

You should try High Sierra again. They just released a dot update that seems to have fixed the issues I was having with graphics. 

[Fetzie]

2 hours ago, captain_to_fire said:

Good thing iOS 12 is still in beta. No wonder Grayshift is bold enough to say they managed to circumvent URM. 

 

But then again, URM will kick in after an hour. The OP explicitly states that the seized iPhone should be unlocked within an hour. I think one hour is a good enough grace period for law enforcement. But for the security conscious person, aside from not unlocking the device for an hour, rebooting the iPhone will also activate URM. 

So if law enforcement want your phone, then simply hold the power button for a few seconds to force a reboot and they can't use the exploit?

[mynameisjuan]

17 minutes ago, DrMacintosh said:

Yeah, might need a brush up on your corporate strategy. That’s not going to happen. Especially under Tim Cook. 

Well that has made them look like a fool in the past. Like when they claimed you cant get a virus on a Mac and a huge vulnerability was found, people were infected and they said there is no reason to fix it because Macs cannot get a virus. Then finally patched it like 3 months later. This was back sometime in 2010ish. It was childish.

 

Admitting your flaws but showing your efforts to do your best is better than being cocky and saying you are invincible. 

[DrMacintosh]

2 minutes ago, Fetzie said:

So if law enforcement want your phone, then simply hold the power button for a few seconds to force a reboot and they can't use the exploit?

That would require the data lockout timer be activated and set to 1 hour whenever you shit down the phone. Something that I can’t definitively say happens. It should happen though. 

 

On iPhone X you can hit the power button 5 times and disable FaceID so police can’t force unlock your phone with your face. 

[DrMacintosh]

2 minutes ago, mynameisjuan said:

Admitting your flaws but showing your efforts to do your best is better than being cocky and saying you are invincible. 

The share holders only see results, something Tim has provided regusrless of the PR the company is receiving. 

[wasab]

4 hours ago, SC2Mitch said:

S: Engadget

 

Apple introduced a new security feature into iOS 11.4.1 yesterday but security researchers have already found flaws in the software which could allow law enforcement to bypass the security software. In a report from ElcomSoft they explain that a $39 USB 3 Camera Adapter from Apple can bypass it within specific parameters & requirements.

The flaw you may ask? 

It has been said that this could just be a gigantic oversight by Apple and it will most likely be fixed, but ElcomSoft do warn that this issue may be related to Apple's Lightning Communication Protocol.

 

Paper by Elcomsoft. 

https://blog.elcomsoft.com/2018/07/this-9-device-can-defeat-ios-usb-restricted-mode/ 

Summoning the LTT resident Mac Man @DrMacintosh for his insight on this (I don't use mac's nor apple devices)

 

tl;dr Law Enforcement can still grab your data if they act within the hour and do it properly. 

Law enforcement can grab your data anywhere, anytime. CIA had Apple placed a backdoor in all its devices which the government can use to bypass all encryption and security. Government  does this for espionage/counterespionage and to spy on its own citizens.  

[wasab]

12 minutes ago, DrMacintosh said:

You should try High Sierra again. They just released a dot update that seems to have fixed the issues I was having with graphics. 

Remember when macOS let user to login in as root whenever a blank password is enter?

 

That is state of the art security there.

[mynameisjuan]

9 minutes ago, DrMacintosh said:

The share holders only see results, something Tim has provided regusrless of the PR the company is receiving. 

Shareholders means jack shit to me and other customers. I get they are happy about the money but customers are the ones affected.

[DrMacintosh]

11 minutes ago, wasab said:

CIA had Apple placed a backdoor in all its devices which the government can use to bypass all encryption and security

Prove it. 

[aakopa]

10 minutes ago, mynameisjuan said:

Shareholders means jack shit to me and other customers. I get they are happy about the money but customers are the ones affected.

Companies act in the interest of their owners, so if the tactic they currently use is more profitable in long term and short term they choose that instead of admitting flaws etc.

[wasab]

11 minutes ago, DrMacintosh said:

Prove it. 

Enjoy the read

https://www.google.com/amp/s/www.cultofmac.com/260213/nsa-spyware-allegedly-gives-backdoor-access-iphones/amp/

[DrMacintosh]

2 minutes ago, wasab said:

Enjoy the read

https://www.google.com/amp/s/www.cultofmac.com/260213/nsa-spyware-allegedly-gives-backdoor-access-iphones/amp/

This is from 2013

https://www.cultofmac.com/260213/nsa-spyware-allegedly-gives-backdoor-access-iphones/ 

 

Would love something more recent. 

[wasab]

8 minutes ago, aakopa said:

Companies act in the interest of their owners, so if the tactic they currently use is more profitable in long term and short term they choose that instead of admitting flaws etc.

Shareholders can act against the interest of the company as well. I had read about many hostile takes overs in which the entire board of directors is replaced and former CEO fired. 

[wasab]

1 minute ago, DrMacintosh said:

This is from 2013

https://www.cultofmac.com/260213/nsa-spyware-allegedly-gives-backdoor-access-iphones/ 

 

Would love something more recent. 

2013 applies to 2018 as well. 

[DrMacintosh]

1 minute ago, wasab said:

2013 applies to 2018 as well. 

In no way does that make any sense.