Cops say iPhone Hackers Have Found a Workaround to Apple's New Security Feature

[DooKey]

Apple just announced a new security feature for their phones that helps to prevent intrusions through the USB port onboard. However, cops are pretty confident that hackers have already found a workaround for this feature and security firm Grayshift, makers of the GrayKey used by police to break into iPhones, say they have already defeated the feature. Regardless, this is still a step in the right direction for Apple and anything that makes their products more secure is fine with me.

Maryland State Police has purchased the GrayKey technology. In a statement to Motherboard, agency spokesperson Elena Russo said "the Maryland State Police (MSP) Digital Forensics Lab has a variety of hardware and software tools to conduct criminal investigations, to include but not limited to the GrayShift product. We will continue to use all the tools available to MSP investigators to produce the best outcome for any active criminal investigation."

 

[IcePickFreak]

Why do I get the feeling this is why Apple is disabling the feature. I mean it's basically free "good guy" points for them.

 

[Deleted member 243478]

Why do I get the feeling this is why Apple is disabling the feature. I mean it's basically free "good guy" points for them.

Contrary to popular belief, Apple does care sbout security. If they could make their devices 100% secure right now, they would.

 

[tikiman2012]

Apple needs to go after these companies.

 

[DTN107]

Wish Android would try to up their security like Apple.

 

[PeaKr]

Fix one backdoor after creating another, fuck you apple.

 

[ChefJeff789]

I can't stand Apple devices, but I have to admit they are pretty much unimpeachable on security. I wish Android phones were more unified that way.

 

[Usual_suspect]

Seems like they’re blowing hot air to keep their product relevant and selling, or to try and deter Apple.

 

[lcpiper]

I can't stand Apple devices, but I have to admit they are pretty much unimpeachable on security. I wish Android phones were more unified that way.

What does that mean "unimpeachable on security"?

Do you mean they try real hard?

How many times has Apple come out with a product, talked it up about how secure it is, and it hacked in ...... well before you can get your hands on one?

I'm just not so sure that I think a company that says they take your privacy and security serious and keep failing to actually provide it is really any better.

 

[Trimlock]

Apple needs to go after these companies.

Apple should call them out, I don’t think they will but it’d be a pretty entertaining show for sure.

 

[Trimlock]

What does that mean "unimpeachable on security"?

Do you mean they try real hard?

How many times has Apple come out with a product, talked it up about how secure it is, and it hacked in ...... well before you can get your hands on one?

I'm just not so sure that I think a company that says they take your privacy and security serious and keep failing to actually provide it is really any better.

How often have they failed?

 

[lcpiper]

How often have they failed?

Repeatedly since the first iPhones.
I'll just count backwards for you.

IOS 11 Cops hack it, criminals hack it, songs, image files, and wifi hacks abound.
https://mybroadband.co.za/news/security/264435-ios-12-will-block-police-hacking-tools-apple.html
https://www.wired.com/story/hackers-say-broke-face-id-security/
https://www.theverge.com/2016/5/2/11540962/iphone-samsung-fingerprint-duplicate-hack-security
https://www.cultofmac.com/450926/ios-devices-can-hacked-just-opening-jpeg/
https://www.forbes.com/sites/thomasbrewster/2017/04/04/apple-iphone-song-hack-ios-10-3/#72fee9ad7b10
https://www.techrepublic.com/articl...lware-on-your-iphone-to-steal-sensitive-data/

IOS 10;
http://fortune.com/2016/09/26/ios-10-steal-passwords/

IOS 9;
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwj5xvuntNbbAhUIQ6wKHaxHBtwQFghDMAQ&url=https://securityzap.com/ios-9-hacked-remote-hacking-exploit-wins-1-million/&usg=AOvVaw1AZ8D51CM87OqSGGB9kpN1
https://www.express.co.uk/life-styl...one-iOS-9-3-5-Update-Now-Cyber-Espionage-Hack
https://thehackernews.com/2015/09/io9-hack-passcode.html

IOS 8;
Oh, just look here
https://www.phonehack.net/hack/how-to-hack-an-iphone.html

So now let me qualify what I mean with all this. All systems have vulnerabilities, I'm not actually picking on Apple though I am sure it looks like it to some. I'm just saying that even iPhones aren't all that secure, but everything is relative. All of the guys writing these articles try to make it sound like the second coming of the apocalypse. Other phones have the same kinds of problems as do computers, etc. I mean hell, light bulbs are being hacked https://www.theverge.com/2016/11/3/13507126/iot-drone-hack so nothing is all that secure and that's just reality. And don't take this as a stance that they shouldn't try, of course they should keep working, cyber security is a constantly changing and evolving process.

If you want great security, stay in your home and get completely off the internet, don't do anything ..... don't talk ..... only breath when nobody is around. But if you are going to live your life like a normal person then don't trust the government, these companies, or their devices/products, and just don't put shit on your phone or across the web that will get your ass in a crack if someone finds out about it.

The Russians were known for targeting US Military personnel and trying to subvert or blackmail them. They would set good looking agents on a guys, catch them up in gambling debts, bad loans, anything to put them in a bind and sometimes they were very successful. Still today, people with security clearances are supposed to be very careful with relationships, debt, gambling, drugs, anything that could be used as a handle to gain control of them, even their own ego can be useful. I suppose their approach is "Don't do nuthing, won't be nuthing". I suppose the same holds true for your data today.

 

[Jovian]

This got me thinking, the only way to be secure and connected is to use software thats so obscure nobody knows it or is willing to put the time in to hack it.

The more popular the product the more time people will spend trying to exploit it.

Once AI is capable of writing its own code well enough that it can write a whole OS thats when things will get really secure. Think of it like custom compiling Linux but the AI is doing it on a deeper level custom writing everything you need to suit the needs. You basically request features or put requirements in that you need and the rest is handled. You wont be using a premade packages that everyone else has, so its harder to broad range target of things.

The biggest issues would be protocols and other standardized communications. Things you dont have control over and have to follow in order to communicate with other systems.

 

[darckhart]

eh the bigger issue here is law enforcement trying to take the easy way out of getting evidence by searching thru your phone..... and mostly finding that there's nothing in there they didn't already know by using the other accepted practice of evidence gathering. because, you know, if you were up to no good, chances are you're leaving traces of your actions everywhere.


For example, the San Bernadino case that got all the news attention:
http://www.cbsnews.com/news/source-nothing-significant-found-on-san-bernardino-iphone/
http://www.cnn.com/2016/04/19/polit...o-iphone-data0318PMVODtopLink&linkId=23593819

 

[Billy the Dimwit]

I have a better idea, pull the data pins on the charging port. and rip the traces off the logic board.

 

[umeng2002]

Am I missing something here? Like the lack of hackers actually defeating this. All this article says is that some cops are hopeful new cracks will come to light.

 

[Meeho]

Once AI is capable of writing its own code well enough that it can write a whole OS thats when things will get really secure. Think of it like custom compiling Linux but the AI is doing it on a deeper level custom writing everything you need to suit the needs. You basically request features or put requirements in that you need and the rest is handled. You wont be using a premade packages that everyone else has, so its harder to broad range target of things.

We can't write complex secure code, but we can write an even more complex AI to write complex secure code?

 

[Lakados]

Nothing is secure if somebody you don’t trust has physical access to the device. People breaking into it is a matter of time, the trick is to make it take more time than it’s worth.

 

[Poseur]

The whole thing is an ethically blurry mess. Are all hackers bad? What about the hackers breaking into phones for the police? Either EVERYONE breaking into phones is bad or nobody breaking into phones is bad. If the police are the bad guys, who are the good guys? Rhetorical question.

 

[noko]

I have an issue with the I7, with the lock screen enabled sometimes when I plug into my computer USB port it opens right up bypassing the lock screen??? Not consistent but I can repeat it. Not sure if it is looking at the computer from previous usage, some form of Malware or what. Anyways bought an S9 and converting over. Just thought to mention this.