Re MAYBE NOT. The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Bob Hinden <bob.hinden () gmail com>
> Date: February 28, 2018 at 10:56:46 AM EST
> To: Dave Farber <dave () farber net>
> Cc: Bob Hinden <bob.hinden () gmail com>
> Subject: Re: [IP] The Feds Can Now (Probably) Unlock Every iPhone Model In Existence
>
> Dave,
>
> For IP.
>
> There was an article on Bruce Schneier blog yesterday on this:
>
> https://www.schneier.com/blog/archives/2018/02/cellebrite_unlo.html
>
> It includes:
>
> "This story is based on some excellent reporting, but leaves a lot of questions unanswered. We don't know exactly 
> what was extracted from any of the phones. Was it metadata or data, and what kind of metadata or data was it.
>
> The story I hear is that Cellebrite hires ex-Apple engineers and moves them to countries where Apple can't prosecute 
> them under the DMCA or its equivalents. There's also a credible rumor that Cellebrite's mechanisms only defeat the 
> mechanism that limits the number of password attempts. It does not allow engineers to move the encrypted data off the 
> phone and run an offline password cracker. If this is true, then strong passwords are still secure.”
>
> Their ability to access the data on the phone may be more limited than what the Forbes article suggests.
>
> Bob
>
>
>
> > On Feb 28, 2018, at 5:37 AM, Dave Farber <farber () gmail com> wrote:
> >
> >
> >
> >
> > Begin forwarded message:
> >
> > > From: Dewayne Hendricks <dewayne () warpspeed com>
> > > Date: February 28, 2018 at 8:07:22 AM EST
> > > To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> > > Subject: [Dewayne-Net] The Feds Can Now (Probably) Unlock Every iPhone Model In Existence
> > > Reply-To: dewayne-net () warpspeed com
> > >
> > > The Feds Can Now (Probably) Unlock Every iPhone Model In Existence
> > > By Thomas Fox-Brewster
> > > Feb 26 2018
> > > <https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/amp/>
> > >
> > > In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, 
> > > a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.
> > >
> > > Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes 
> > > to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around 
> > > the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was 
> > > successfully raided for data by the Department for Homeland Security back in November 2017, most likely with 
> > > Cellebrite technology.
> > >
> > > The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new 
> > > iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk 
> > > on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and 
> > > is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s 
> > > literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security 
> > > of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running 
> > > iOS 5 to iOS 11.” Separately, a source in the police forensics community told Forbes he’d been told by Cellebrite 
> > > it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both 
> > > of Apple’s newest devices worked in much the same way.
> > >
> > > iOS 11 was only released in September last year and was even praised by Cellebrite competitor Elcomsoft for new 
> > > features that were designed to make it harder for forensics experts to hack into an iPhone. That included 
> > > protections against forced unlocks with fingerprints, a tactic previously used by U.S. police in the field.
> > >
> > > Though it’s always wise to take the claims of profit-focused vendors with a pinch of salt, whatever flaws 
> > > Cellebrite found in Apple’s tech in the last half year, they’re likely significant; just last year, the company 
> > > warned about a decline in its ability to break into iPhones.
> > >
> > > To take advantage of the Cellebrite service, which “can determine or disable the PIN, pattern, password screen 
> > > locks or passcodes on the latest Apple iOS and Google Android devices,” cops have to send the device to Cellebrite 
> > > first. In its labs, the company then uses whatever secret exploits it has to crack the lock and either hands it 
> > > back to investigators so they can take data from the device, or Cellebrite can do that for them. As Forbes 
> > > previously detailed, this can be relatively inexpensive, costing as little as $1,500 per unlock. Given there’s a $1 
> > > million price tag for a single iPhone vulnerability, that’s cheap.
> > >
> > > Cellebrite could put its latest iPhone unlocking tech into the software it sells to customers. But that would mean 
> > > Apple could test the tool and potentially figure out a way to stop it working, explained Don Vilfer, a partner at 
> > > private forensics firm VAND Group, who welcomed the new services. Vilfer said his company has already had some 
> > > success with the iOS 11 service, in a case where a client’s employee wouldn’t give over their passcode for their 
> > > work iPhone, though he recalled it was an iPhone 6 model, not one of the most recent devices.
> > >
> > > Neither Apple nor Cellebrite had provided comment at the time of publication.
> > >
> > > [snip]
> > >
> > > Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
> > > Twitter: https://twitter.com/wa8dzp
> > Archives  | Modify Your Subscription | Unsubscribe Now



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180228132311:6CD10F7A-1CB4-11E8-9311-84AEABCF7A39
Powered by Listbox: http://www.listbox.com