Russia wants apple ...
 
Notifications
Clear all

Russia wants apple to unlock iPhone belonging to killer!

14 Posts
8 Users
0 Likes
511 Views
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

An interesting topic, didn't know weather to put this in the phone forensic section or here, so I just put it here.

Anyways, read a lot of different opinions on this on facebook, but I want to hear what you guys think. I say they even got a physical rip of the phone. Apparantley it's an iPhone 4s, but with the latest update, then I guess to modern commercial standard, it's pretty close to impossible to break into. Here it is,

Russia wants apple to unlock iPhone belonging to killer...

 
Posted : 22/12/2016 11:47 pm
(@thefuf)
Posts: 262
Reputable Member
 

The whole idea of invasive encryption (not to be confused with pervasive encryption) is a mistake. In a typical iPhone case, there are two problems
1. we don't know the password to unlock the phone;
2. we can't create a forensic image of encrypted data.

Pervasive encryption makes data encrypted by default. Invasive encryption also locks the user out of his/her encrypted device. If pervasive encryption was in place, we could make a forensic image of encrypted data, and then try to guess the right password. If we deal with invasive encryption (e.g. a locked boot loader and encryption keys stored in a separate hardware module), we are stuck. We should either acquire data using a standard interface provided by device developers (e.g. make a backup of user data), but we need to unlock the device first, or use an exploit to bypass the invasive part of invasive encryption (this may or may not require us to unlock the device first).

Crypto advocates try to confuse people by making false and loud claims like weakening encryption means putting politicians, decision-makers, and human rights activists at risk. Fortunately, some politicians and decision-makers begin to understand that bad guys always have 0-day "remote-to-root" exploits to gain access to an iPhone and to maintain persistence on the device (even if they haven't, we should assume that they have, because attacks always get better), and that there is no way a forensic examiner can confirm that the iPhone was or was not infected (even if the owner unlocks the device), because good guys don't have access to 0-day exploits allowing examiners to acquire a complete file system image. So, invasive encryption actually helps attackers to stay stealth and unnoticed. And this problem must be solved. After this, other problems (like described in the original post) will be easier to solve too.

 
Posted : 23/12/2016 12:54 am
(@tinybrain)
Posts: 354
Reputable Member
 

Excellent post and very accurate explained the difference and effects of invasive and pervasive crypto. Congratulations!

 
Posted : 23/12/2016 1:35 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

I guess to modern commercial standard, it's pretty close to impossible to break into.

What about IP-BOX and similar devices?

 
Posted : 23/12/2016 11:25 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

If the iPhone 4S is set to auto-erase after 10 bad tries, any bruteforce device is useless. Unless there is one, which will block the bad tries counter. ?!

For LEO Cellebrite CAIS might be a choice, but I've read lately that Belkasoft also started their lab services.

 
Posted : 23/12/2016 1:07 pm
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

Phone model is not important here - even 5S with turned on trigger for wipe can be unlocked if we talking about 4 digits code. Important is SW so iOS version…anything higher than 8.1 has got patched bug CVE-2014-4451 hole in iOS and due this it's not possible to enter codes without wipe (counter will rise each try)….

 
Posted : 24/12/2016 1:19 am
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

TheFuf

First time I have heard of the concepts of invasive encryption and pervasive encryption.

It appears Apple has adopted "invasive encryption" as a means to protect consumers from themselves; there is nothing preventing a user of a Windows computer from opening up Windows Explorer and deleting system files, but iPhone consumers cannot access nor delete iOS system files unless an iPhone is jailbroken.

My limited understanding of "remote-to-root" 0 Day exploits require the phone user to commit some act such as clicking on a link in a text message. You categorize those with access to 0 Day exploits as "bad guys", but it seems more so that people with significant money can receive services from Fin Fisher (http//www.finfisher.com/FinFisher/index.html) (No offense meant if Rolf Guttman is with FinFisher).

I am in the midst of a theft of trade secrets case in which one former employee would not provide us with his iPhone's PIN code. Due to the fact that the phone was company owned, I was able to work with my client's IT and Apple support to reset the iCloud password.

I then used Elcomsoft' Phone Breaker Forensic to download three iCloud mobile backups of the screen locked iPhone. D So, the screen lock was not insurmountable.

I also found mobile backups of the screen locked iPhone on the former employee's Windows laptop and recovered 17,000 iOS messages using Internet Evidence Finder.

The second former employee's iPhone screen was not locked, but there was an iTunes encryption password in place encrypting the mobile backup of the phone Cellebrite was able to create.

I was able to use Passware to crack the iTunes encryption password in 3 1/2 hours using their current recommended hardware setup.

Happy Holidays

 
Posted : 24/12/2016 11:50 pm
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

What about IP-BOX and similar devices?

ermm exploits on the iPhone are currently only available until iOS 8.1.1.

What I meant was now, not the past, sorry if I put that out there wrong.

 
Posted : 25/12/2016 12:54 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Phone model is not important here - even 5S with turned on trigger for wipe can be unlocked if we talking about 4 digits code. Important is SW so iOS version…anything higher than 8.1 has got patched bug CVE-2014-4451 hole in iOS and due this it's not possible to enter codes without wipe (counter will rise each try)….

Cellebrite's exclusive unlocking and decrypted physical extraction capabilities support the following devices
iPhone 4S / 5 / 5c, iPad 2 / 3G / 4G, iPad mini 1G, and iPod touch 5G running iOS 8.x (8.0 / 8.0.1 / 8.0.2 / 8.1 / 8.1.1 / 8.1.2 / 8.1.3 / 8.2/ 8.3 / 8.4 / 8.4.1) or iOS 9.x (9.0 / 9.0.1 / 9.0.2 / 9.1 / 9.2 / 9.2.1 / 9.3 / 9.3.1 / 9.3.2)

Link

 
Posted : 25/12/2016 1:05 am
(@thefuf)
Posts: 262
Reputable Member
 

I am in the midst of a theft of trade secrets case in which one former employee would not provide us with his iPhone's PIN code. Due to the fact that the phone was company owned, I was able to work with my client's IT and Apple support to reset the iCloud password.

I then used Elcomsoft' Phone Breaker Forensic to download three iCloud mobile backups of the screen locked iPhone. Very Happy So, the screen lock was not insurmountable.

I also found mobile backups of the screen locked iPhone on the former employee's Windows laptop and recovered 17,000 iOS messages using Internet Evidence Finder.

The second former employee's iPhone screen was not locked, but there was an iTunes encryption password in place encrypting the mobile backup of the phone Cellebrite was able to create.

I was able to use Passware to crack the iTunes encryption password in 3 1/2 hours using their current recommended hardware setup.

Cool, but you got user data only. Even when a user wants you to analyze his iPhone, you can't acquire more than that, unless you got an exploit. Thus, you can't search for malware. So, bad guys can install a malware program on an iPhone, because they have (assumed to have) a 0-day exploit, but you can't respond to this incident by performing a forensic examintation of that iPhone; in an enterprise environment, you can't build the infrastructure having incident response capabilities.

 
Posted : 25/12/2016 1:26 am
Page 1 / 2
Share: