iOS 11 Will Make It Even Harder for Cops to Extract Your Data

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Sep 12, 2017.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    11,092
    Joined:
    Aug 20, 2006
    Russian forensics software firm ElcomSoft has shown how it’s about to get tougher for police to get at your iPhone’s data: they dove into iOS 11’s new security measures and found that a passcode is now required even after a handset is connected to an unfamiliar computer. That means even if forensic analysts do seize a phone while it's unlocked or use its owner's finger to unlock it, they still need a passcode to offload its data to a program where it can be analyzed wholesale (suspects may plead the Fifth and refuse to offer a password or passcode in some situations).

    Prior to iOS 11, it was possible to perform logical acquisition of an iOS device by unlocking the device with Touch ID. The new pairing procedure requires the use of device passcode in order to establish trust between the device and the computer, thus making logical acquisition possible only if you know the passcode. This change is very important from the legal standpoint. While in certain cases the user may be compelled to unlock their device using their fingerprint, obtaining the passcode from the user may be challenging and, in many jurisdictions, not legally possible.
     
  2. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    11,802
    Joined:
    Aug 16, 2004


    So basically we should all just stick to passcodes and never use biometrics to lock/unlock our devices.
     
    RayderR6, tunatime and SvenBent like this.
  3. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,222
    Joined:
    Dec 15, 2003
    I think a key component is that it now prevents offloading of the data. It gives the users that extra protection to stop and say "hey, do you have a warrant?"

    It's kinda like an officer asks you to let them see your phone to verify you weren't texting and driving (may be mandatory depending the DMV). You can do so without them downloading an image of the device. That officer isn't going to have the time to go through all your photos and back texts without the help of his snooper device.
     
  4. theBrownLlama

    theBrownLlama [H]Lite

    Messages:
    73
    Joined:
    Aug 3, 2017
    While in certain cases the user may be compelled to unlock their device using their fingerprint, obtaining the passcode from the user may be challenging and, in many jurisdictions, not legally possible.
    Considering the preferred method regarding encrypted devices these days, they will just lock the user up till they give in.
     
    Makaveli@BETA and DigitalGriffin like this.
  5. Biznatch

    Biznatch [H]ard|Gawd

    Messages:
    1,575
    Joined:
    Nov 16, 2009
    This has been true for a long time now. They can compell you to unlock with a fingerprint (or unlock it while you are unconcious), but they can't do the same with a password. I stopped using biometric scanners to replace passwords years ago.
     
  6. EchtoGammut

    EchtoGammut 2[H]4U

    Messages:
    2,209
    Joined:
    May 7, 2007
    I beg to differ with the title... all they have to do is point the phone at your face now. After watching the presentation I loaded up the simulator and I can't find any means of setting a timed lock out (i.e. after 10-20 minutes of not using it, you must enter a pin). So it would appear all cops have to do is point the phone at your face, which they would probably argue is not protected information.
     
  7. ZedJones

    ZedJones n00bie

    Messages:
    3
    Joined:
    Apr 10, 2017
    Sure, until they strap you down, shove your phone at your face, and Face ID unlocks it for them.
     
  8. DigitalGriffin

    DigitalGriffin 2[H]4U

    Messages:
    3,459
    Joined:
    Oct 14, 2004
    What about that guy still sitting in jail for refusing to surrender a passcode
     
  9. katanaD

    katanaD Limp Gawd

    Messages:
    333
    Joined:
    Nov 15, 2016
    I think the best way to "secure" your phone is to not be placing stupid shit on it in the first place.
     
    DigitalGriffin likes this.
  10. Makaveli@BETA

    Makaveli@BETA 2[H]4U

    Messages:
    2,050
    Joined:
    Mar 24, 2004
    ^^^

    If you are going to be doing dodgy stuff get a burner phone and keep your personal phone clean simple yet effective.