±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35535
New Yesterday: 1 Visitors: 114

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Could IP-Box crack 6 digit passcode on iOS 9?

Discussion of forensic workstations, write blockers, bridges, adapters, disk duplicators, storage etc. Strictly no advertising of commercial products, please.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4  Next 
  

Chris_Ed
Senior Member
 

Re: Could IP-Box crack 6 digit passcode on iOS 9?

Post Posted: Oct 08, 15 11:51

To play devil's advocate; the danger with any frontdoor or backdoor is that if it exists, then there is the potential for hostile actors to discover it and abuse it.

Let's say that Apple provide a secret backdoor for all iDevices whereby if you show a locked phone a picture of Steve Jobs it says "WELCOME, YOUR HIGHNESS" and unlocks the phone. Their aim is to allow LE a way to access locked phones, as you say.
Unfortunately, this backdoor is discovered by accident by someone who is reading the Steve Jobs biography in Starbucks. They post their findings to Reddit, and now everyone knows that in order to unlock an iPhone all you need is a picture of Steve Jobs and now there is no secure way for anyone to protect their phone from physical intrusion.

This is a silly example, but the idea is really the same for any backdoor. What if we encrypt the phone using an encryption key that can be provided if required? Well, once that key is discovered you're back to square one.

I totally agree with you that it is frustrating for LE to have these obstacles, but I'm not sure what the solution is. In the UK we have RIPA, which can be used to send people to prison if they don't divulge their passwords - but this has been a controversial piece of legislation, to say the least. But what other option is there..?  
 
  

jaclaz
Senior Member
 

Re: Could IP-Box crack 6 digit passcode on iOS 9?

Post Posted: Oct 08, 15 12:12

- mark_adp

However, if my phone is seized in a murder enquiry where I am the prime suspect, there is (IMO) social norms that exist and a social expectation that authorised public bodies (LE) can and should be allowed to search my data in the interest of justice and public safety.

Sure, and let's say that you are innocent and that the good LE guys find nothing to connect you to that murder BUT casually find out that you are involved in illicit smuggling of meerkat images Shocked (credit for the meerkat idea goes to Adam10541 www.forensicfocus.com/...4/#6569664 ).
What would happen?
Will this info be ignored?
Will you be prosecuted for this other crime?
You won't be prosecuted for this other crime but you will be put under surveillance or simply entered in a secret database of meerkat pornography offenders?

Remember that any of the above would be in the interest of justice and public safety Smile , but what if initially you were suspected by mistake or the charge was put up just to have an occasion to snoop on your data (because you were actually suspected of smuggling meerkat pics but there were no grounds to seize your device)?

Or even without any crime involved, your device simply contains data that prove you are cheating on your partner and this info *somehow* is made public?

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

Chris_C
Newbie
 

Re: Could IP-Box crack 6 digit passcode on iOS 9?

Post Posted: Oct 08, 15 16:38

There's a very intelligent discussion of this encryption topic in the appendix of the 2015 Europol Internet Organised Crime Threat Assessment, which is available here  
 
  

BERT_UK
Member
 

Re: Could IP-Box crack 6 digit passcode on iOS 9?

Post Posted: Oct 08, 15 18:59

- mark_adp
I believe where Apple should change their policy is with regards to providing assistance to LE when the authority is in place.

gorvq7222 I think you are right, there should be a "backdoor", but that "backdoor" should perhaps be more like a "frontdoor" meaning transparency exists as to who and when these requests are invoked and a well thought out and consistent justification framework exist.


- gorvq7222
Thank you guys. In my opinion, there is an invisible war between manufacturers and Forensic guys(including LE). Those manufacturers claim that the purpose is to protect privacy, but in the meanwhile they also build huge barriers for forensics. Actually they care about sales and revenue, not security. They just use security as a feature to make more money.

Manufacturers should offer "backdoor" or "frontdoor" for LE, this is a responsibility and no negotiation they have to cooperate with LE. Think about those victims, don't let them disappointed just because stupid smartphones protect bad guy's privacy.


I think both ideas are ridiculous. In weakening security, you weaken it for everyone. iPhones are used by high ranking government officials, diplomats, Chief Police officers etc - people who we would see as "friendly" and sitting on the side of LE. In weakening security to allow easier access for LE we have also weakened ourselves to our enemies. There are enough nations that are hostile towards your own nation* (or at least have interests in your nations dealings) with plenty of resources and money to throw at breaking compromised encryption.

If Apple were the holder's of a special key to unlock all iPhones then they would simply become the target for any hostile nations. There's reports of spy agencies hacking other another country's Internet core-router(s); it would not be beyond reason that Apple could be hacked and this key obtained.

You could argue that manufacturer's only care about sales, perhaps that is true. No company wants to be the one with a poor record of security. Perhaps they have increased their security efforts to boost sales. A government sees that iPhones are very secure and so mandates that all of their officials will use iPhones for official use. Apple have (maybe inadvertently in the pursuit of profit if your accusation is correct) made the security of all that government's data secure from hostile actors. The net benefit is that the "good guys" government business is now more secure.

Disclaimer - I am a "good guy". I work in forensics for LE. Yes, I would love companies to provide "backdoors"to their encryption. It would make my life simpler and we could get the "bad guys" easier. Unfortunately I don't think it's the right thing to do overall.

* - As this is an International forum I would assume that whichever country you hail from your Government will have allies and enemies so pick and choose any appropriate ones.  
 
  

twjolson
Senior Member
 

Re: Could IP-Box crack 6 digit passcode on iOS 9?

Post Posted: Oct 08, 15 19:43

- BERT_UK

If Apple were the holder's of a special key to unlock all iPhones then they would simply become the target for any hostile nations. There's reports of spy agencies hacking other another country's Internet core-router(s); it would not be beyond reason that Apple could be hacked and this key obtained.


I agree with what you said, Bert, but I do have one quick response.

Apple DID have a special key to unlock all iPhones, for many years. As far as I know, no one outside of Apple (and even then, from what I heard, it was just one guy) knew the details of it.

Once Apple locked themselves out, read 'made their devices more secure', thats when forensics started working hard to get back in. Now, Cellebrite can get into disabled and locked iPhones (some models anyways).

For my two cents, Apple should provide a service to get into locked phones. They can keep it as secret as they want, they can charge what they want. But, the fact of the matter is, bad people are walking the streets because of Apple. Good people are getting hurt because a locked iPhone can kill an investigation.  
 
  

WHinkle
Member
 

Re: Could IP-Box crack 6 digit passcode on iOS 9?

Post Posted: Oct 08, 15 22:28

The SV strike from SecureView can get into 6 digit pins.  
 
  

jaclaz
Senior Member
 

Re: Could IP-Box crack 6 digit passcode on iOS 9?

Post Posted: Oct 08, 15 23:17

- WHinkle
The SV strike from SecureView can get into 6 digit pins.


Maybe you should update your site, as right now:
secureview.us/svstrike.html

The SV Strike is capable of acquiring 4 digit pincode/passcodes on the most popular phones including the new iPhone 6 and 6 plus.


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 2 of 4
Page Previous  1, 2, 3, 4  Next