Cops around the Country Can Now Unlock iPhones, Records Show

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Apr 15, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    12,474
    Joined:
    Aug 20, 2006
    The FBI insists that it is increasingly tougher for law enforcement to gather evidence due to encrypted devices, but a Motherboard investigation has found that at least one tool is readily available to police for unlocking even the latest iPhones. Records show that both the FBI and numerous state agencies have ordered the device, called GrayKey, which works as advertised and makes the argument for encryption backdoors questionable.

    The issue GrayKey overcomes is that iPhones encrypt user data by default. Those in physical possession normally cannot access the phone’s data, such as contact list, saved messages, or photos, without first unlocking the phone with a passcode or fingerprint. Malwarebytes’ post says GrayKey can unlock an iPhone in around two hours, or three days or longer for 6-digit passcodes.
     
    Big_Rig_Stig and lostin3d like this.
  2. bizzmeister

    bizzmeister [H]ard|Gawd

    Messages:
    1,312
    Joined:
    Apr 26, 2010
    It’s obvious they’ve been able to do this for some time now. Regardless of the bullshit you hear or see on the news.

    Do you really think they wouldn’t be able to get into your locked iPhone or Android or whatever?

    Yah right
     
  3. Vercinaigh

    Vercinaigh Gawd

    Messages:
    768
    Joined:
    Jul 31, 2008
    Inb4 illegitimate hackers get hold of this. If the governments can do it, so can anyone else.
     
  4. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,350
    Joined:
    Oct 13, 2016
    Good article, nice easy Sunday morning read. A guess unlocking is a bit of a gray area. . . haha
     
  5. Chupachup

    Chupachup Limp Gawd

    Messages:
    440
    Joined:
    Jan 12, 2014
    So, the takeaway being, make sure to use codes six digits or more and enable a limited number of tries before initiating a master reset. Gotcha!;)
     
    Revdarian, Big_Rig_Stig and Dudhunter like this.
  6. vegeta535

    vegeta535 2[H]4U

    Messages:
    2,232
    Joined:
    Jul 19, 2013
    Lol you think they need a code to get in.
     
  7. bds1904

    bds1904 Gawd

    Messages:
    996
    Joined:
    Aug 10, 2011
    More like an 12+ character alpha-numeric code with no pattern and using symbols that you don’t use on anything else.
     
    Revdarian, Big_Rig_Stig and Chupachup like this.
  8. RussianJ

    RussianJ n00bie

    Messages:
    60
    Joined:
    Feb 10, 2012
    Have a feeling it copys over the security check onboard the device and runs it there vs setting off device reset
     
    Big_Rig_Stig likes this.
  9. nightfly

    nightfly 2[H]4U

    Messages:
    2,882
    Joined:
    Jun 7, 2011
    It sort of begs the question, of why anyone would keep anything on their phone that would incriminate themselves in the first place? Most can't even be bothered to have a password on the damn things.
     
    Khahhblaab and Big_Rig_Stig like this.
  10. bds1904

    bds1904 Gawd

    Messages:
    996
    Joined:
    Aug 10, 2011
    Yep, that’s what I’m assuming. That’s why my employer requires 12+ character alpha-numeric passwords on our company devices. They use MobileIron management software on iOS devices because it allows them developer level access to iOS. I’m sure any good coder that has access to source code would be able to identify many ways to brute force the devices.
     
    Revdarian and Big_Rig_Stig like this.
  11. Rebel44

    Rebel44 2[H]4U

    Messages:
    2,515
    Joined:
    Nov 7, 2006
    This method is actually just an automated password guess machine - so its useless for phones with a limited number of attempts before data is erased.

    To unlock updated iPhone with a limited number of attempts before data is erased, you either need to find the code or pay $$$$$$$ for some unpatched exploit.
     
    Big_Rig_Stig likes this.
  12. Grebuloner

    Grebuloner Limp Gawd

    Messages:
    398
    Joined:
    Jul 31, 2009
    It's not necessarily the content you put on the phone. Just having your phone on and connecting to towers can be enough to record information about when and where you were somewhere. Or a contact list, or other logs/calls/voicemails/texts that may be automatically stored but telecoms/manufacturers are unwilling to give up, etc.
     
    Khahhblaab and Big_Rig_Stig like this.
  13. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,798
    Joined:
    Dec 15, 2003
    If I was running a criminal enterprise, I'd develop my own OS fork that accepted two pincodes. My usual and a f-you-coppers one. The latter would look normal on unlock (hence why you'd give it them), but it'd delete my "dirty deeds master plan" partition where I store all of my criminal enterprise contact lists and browsing history.

    That, or I'd just not keep them on a god damn phone.
     
  14. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    Just more proof privacy is dead. Cops used to have to actually go door to door and create a case, like investigate? now they just steal your phone and unlock it.
     
    mynamehere and Big_Rig_Stig like this.
  15. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    25,290
    Joined:
    Oct 29, 2000
    I still think Cops should be required to get a warrant in order to search someone's phone, but as always, the concern here is not the legitimate use for this, but when it is abused.

    Any power, any backdoor, any technology that can be used in law abiding ways can also be abused and used either by criminals or by scummy cops trying to fabricate or otherwise intentionally misinterpret information in order to get a conviction.

    Having seen this happen second hand almost 15 years back (some friends were arrested for something they didn't do, and the full force of the local police department was set to work putting together a bullshit case against them) I can only imagine the bullshit they throw together today when they can raid peoples phones.

    Some aspects of phones I feel are legitimate for cops to access IF THEY HAVE A WARRANT. For instance, call logs. They used to be able to request this information from the phone company with a warrant.

    There are other ways - however - we use our phones that ought to be off limits. Web browsing history is one. This is the modern equivalent of the cops gaining access to which newspapers or books you have been reading, and is getting dangerously close to big brother territory. Privacy and intellectual freedom is protected in a library. Why not on your phone?
     
    Last edited: Apr 15, 2018
    Trixar, Revdarian and Big_Rig_Stig like this.
  16. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    Legitimate or not, they will get it all under the "Patriot Act". God I hate that name, it's so UN-american.
     
  17. Big_Rig_Stig

    Big_Rig_Stig Gawd

    Messages:
    970
    Joined:
    Jan 24, 2018
    Mega6 likes this.
  18. Big_Rig_Stig

    Big_Rig_Stig Gawd

    Messages:
    970
    Joined:
    Jan 24, 2018
    Crooks certainly don't.

    All cops want is an easy arrest; all prosecutors want is an easy conviction. So they target otherwise-law-abiding citizens for those "performance bonuses", because they're the easiest target.
     
  19. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    So True, just have to Physically Destroy it.
     
    Big_Rig_Stig likes this.
  20. Big_Rig_Stig

    Big_Rig_Stig Gawd

    Messages:
    970
    Joined:
    Jan 24, 2018
    Eh, the cops'll just beat you for the code.
     
  21. Big_Rig_Stig

    Big_Rig_Stig Gawd

    Messages:
    970
    Joined:
    Jan 24, 2018
    All that's needed is a subpoena and the carriers will roll over on you like a dog wanting a belly-rub.
     
  22. Khahhblaab

    Khahhblaab Limp Gawd

    Messages:
    485
    Joined:
    Apr 23, 2017
    ...and if you think about it, some of the most likely coders with the ability to figure it all out are the same guys that were on the other side of the law hacking some sites servers.

    Would be funny if after the break the cops had to pay some ransomware to get at the hacked password :facepalm:
     
    Big_Rig_Stig likes this.