Cops around the Country Can Now Unlock iPhones, Records Show

[Megalith]

The FBI insists that it is increasingly tougher for law enforcement to gather evidence due to encrypted devices, but a Motherboard investigation has found that at least one tool is readily available to police for unlocking even the latest iPhones. Records show that both the FBI and numerous state agencies have ordered the device, called GrayKey, which works as advertised and makes the argument for encryption backdoors questionable.

The issue GrayKey overcomes is that iPhones encrypt user data by default. Those in physical possession normally cannot access the phone’s data, such as contact list, saved messages, or photos, without first unlocking the phone with a passcode or fingerprint. Malwarebytes’ post says GrayKey can unlock an iPhone in around two hours, or three days or longer for 6-digit passcodes.

 

[bizzmeister]

It’s obvious they’ve been able to do this for some time now. Regardless of the bullshit you hear or see on the news.

Do you really think they wouldn’t be able to get into your locked iPhone or Android or whatever?

Yah right

 

[Vercinaigh]

Inb4 illegitimate hackers get hold of this. If the governments can do it, so can anyone else.

 

[lostin3d]

Good article, nice easy Sunday morning read. A guess unlocking is a bit of a gray area. . . haha

 

[Chupachup]

So, the takeaway being, make sure to use codes six digits or more and enable a limited number of tries before initiating a master reset. Gotcha!

 

[vegeta535]

So, the takeaway being, make sure to use codes six digits or more and enable a limited number of tries before initiating a master reset. Gotcha!

Lol you think they need a code to get in.

 

[bds1904]

So, the takeaway being, make sure to use codes six digits or more and enable a limited number of tries before initiating a master reset. Gotcha!

More like an 12+ character alpha-numeric code with no pattern and using symbols that you don’t use on anything else.

 

[RussianJ]

Have a feeling it copys over the security check onboard the device and runs it there vs setting off device reset

 

[Jim Kim]

https://www.eff.org/issues/know-your-rights

 

[nightfly]

It sort of begs the question, of why anyone would keep anything on their phone that would incriminate themselves in the first place? Most can't even be bothered to have a password on the damn things.

 

[bds1904]

Have a feeling it copys over the security check onboard the device and runs it there vs setting off device reset

Yep, that’s what I’m assuming. That’s why my employer requires 12+ character alpha-numeric passwords on our company devices. They use MobileIron management software on iOS devices because it allows them developer level access to iOS. I’m sure any good coder that has access to source code would be able to identify many ways to brute force the devices.

 

[Rebel44]

Lol you think they need a code to get in.

This method is actually just an automated password guess machine - so its useless for phones with a limited number of attempts before data is erased.

To unlock updated iPhone with a limited number of attempts before data is erased, you either need to find the code or pay $$$$$$$ for some unpatched exploit.

 

[Grebuloner]

It sort of begs the question, of why anyone would keep anything on their phone that would incriminate themselves in the first place? Most can't even be bothered to have a password on the damn things.

It's not necessarily the content you put on the phone. Just having your phone on and connecting to towers can be enough to record information about when and where you were somewhere. Or a contact list, or other logs/calls/voicemails/texts that may be automatically stored but telecoms/manufacturers are unwilling to give up, etc.

 

[Spidey329]

If I was running a criminal enterprise, I'd develop my own OS fork that accepted two pincodes. My usual and a f-you-coppers one. The latter would look normal on unlock (hence why you'd give it them), but it'd delete my "dirty deeds master plan" partition where I store all of my criminal enterprise contact lists and browsing history.

That, or I'd just not keep them on a god damn phone.

 

[Mega6]

Just more proof privacy is dead. Cops used to have to actually go door to door and create a case, like investigate? now they just steal your phone and unlock it.

 

[Zarathustra[H]]

I still think Cops should be required to get a warrant in order to search someone's phone, but as always, the concern here is not the legitimate use for this, but when it is abused.

Any power, any backdoor, any technology that can be used in law abiding ways can also be abused and used either by criminals or by scummy cops trying to fabricate or otherwise intentionally misinterpret information in order to get a conviction.

Having seen this happen second hand almost 15 years back (some friends were arrested for something they didn't do, and the full force of the local police department was set to work putting together a bullshit case against them) I can only imagine the bullshit they throw together today when they can raid peoples phones.

Just more proof privacy is dead. Cops used to have to actually go door to door and create a case, like investigate? now they just steal your phone and unlock it.

Some aspects of phones I feel are legitimate for cops to access IF THEY HAVE A WARRANT. For instance, call logs. They used to be able to request this information from the phone company with a warrant.

There are other ways - however - we use our phones that ought to be off limits. Web browsing history is one. This is the modern equivalent of the cops gaining access to which newspapers or books you have been reading, and is getting dangerously close to big brother territory. Privacy and intellectual freedom is protected in a library. Why not on your phone?

 

[Mega6]

Legitimate or not, they will get it all under the "Patriot Act". God I hate that name, it's so UN-american.

 

[Big_Rig_Stig]

https://www.eff.org/issues/know-your-rights

This Shit Right Here.

Now to find an app that'll overload the battery & set the phone on fire... <_< >_>

 

[Big_Rig_Stig]

It sort of begs the question, of why anyone would keep anything on their phone that would incriminate themselves in the first place? Most can't even be bothered to have a password on the damn things.

Crooks certainly don't.

All cops want is an easy arrest; all prosecutors want is an easy conviction. So they target otherwise-law-abiding citizens for those "performance bonuses", because they're the easiest target.

 

[Mega6]

This Shit Right Here.

Now to find an app that'll overload the battery & set the phone on fire... <_< >_>

So True, just have to Physically Destroy it.

 

[Big_Rig_Stig]

Yep, that’s what I’m assuming. That’s why my employer requires 12+ character alpha-numeric passwords on our company devices. They use MobileIron management software on iOS devices because it allows them developer level access to iOS. I’m sure any good coder that has access to source code would be able to identify many ways to brute force the devices.

Eh, the cops'll just beat you for the code.

 

[Big_Rig_Stig]

It's not necessarily the content you put on the phone. Just having your phone on and connecting to towers can be enough to record information about when and where you were somewhere. Or a contact list, or other logs/calls/voicemails/texts that may be automatically stored but telecoms/manufacturers are unwilling to give up, etc.

All that's needed is a subpoena and the carriers will roll over on you like a dog wanting a belly-rub.

 

[Khahhblaab]

...and if you think about it, some of the most likely coders with the ability to figure it all out are the same guys that were on the other side of the law hacking some sites servers.

Would be funny if after the break the cops had to pay some ransomware to get at the hacked password