Could IP-Box crack 6 digit passcode on iOS 9?

I believe where Apple should change their policy is with regards to providing assistance to LE when the authority is in place.

gorvq7222 I think you are right, there should be a "backdoor", but that "backdoor" should perhaps be more like a "frontdoor" meaning transparency exists as to who and when these requests are invoked and a well thought out and consistent justification framework exist.

Thank you guys. In my opinion, there is an invisible war between manufacturers and Forensic guys(including LE). Those manufacturers claim that the purpose is to protect privacy, but in the meanwhile they also build huge barriers for forensics. Actually they care about sales and revenue, not security. They just use security as a feature to make more money.

Manufacturers should offer "backdoor" or "frontdoor" for LE, this is a responsibility and no negotiation they have to cooperate with LE. Think about those victims, don't let them disappointed just because stupid smartphones protect bad guy's privacy.

I think both ideas are ridiculous. In weakening security, you weaken it for everyone. iPhones are used by high ranking government officials, diplomats, Chief Police officers etc - people who we would see as "friendly" and sitting on the side of LE. In weakening security to allow easier access for LE we have also weakened ourselves to our enemies. There are enough nations that are hostile towards your own nation* (or at least have interests in your nations dealings) with plenty of resources and money to throw at breaking compromised encryption.

If Apple were the holder's of a special key to unlock all iPhones then they would simply become the target for any hostile nations. There's reports of spy agencies hacking other another country's Internet core-router(s); it would not be beyond reason that Apple could be hacked and this key obtained.

You could argue that manufacturer's only care about sales, perhaps that is true. No company wants to be the one with a poor record of security. Perhaps they have increased their security efforts to boost sales. A government sees that iPhones are very secure and so mandates that all of their officials will use iPhones for official use. Apple have (maybe inadvertently in the pursuit of profit if your accusation is correct) made the security of all that government's data secure from hostile actors. The net benefit is that the "good guys" government business is now more secure.

Disclaimer - I am a "good guy". I work in forensics for LE. Yes, I would love companies to provide "backdoors"to their encryption. It would make my life simpler and we could get the "bad guys" easier. Unfortunately I don't think it's the right thing to do overall.

* - As this is an International forum I would assume that whichever country you hail from your Government will have allies and enemies so pick and choose any appropriate ones.

If Apple were the holder's of a special key to unlock all iPhones then they would simply become the target for any hostile nations. There's reports of spy agencies hacking other another country's Internet core-router(s); it would not be beyond reason that Apple could be hacked and this key obtained.

I agree with what you said, Bert, but I do have one quick response.

Apple DID have a special key to unlock all iPhones, for many years. As far as I know, no one outside of Apple (and even then, from what I heard, it was just one guy) knew the details of it.

Once Apple locked themselves out, read 'made their devices more secure', thats when forensics started working hard to get back in. Now, Cellebrite can get into disabled and locked iPhones (some models anyways).

For my two cents, Apple should provide a service to get into locked phones. They can keep it as secret as they want, they can charge what they want. But, the fact of the matter is, bad people are walking the streets because of Apple. Good people are getting hurt because a locked iPhone can kill an investigation.

The SV strike from SecureView can get into 6 digit pins.

The SV strike from SecureView can get into 6 digit pins.

Maybe you should update your site, as right now
http//secureview.us/svstrike.html

The SV Strike is capable of acquiring 4 digit pincode/passcodes on the most popular phones including the new iPhone 6 and 6 plus.

jaclaz

Maybe you should update your site, as right now
http//secureview.us/svstrike.html

D

Its a newer update… sometimes things come out fast than the web developers can update the site….haha D

Its a newer update… sometimes things come out fast than the web developers can update the site….haha D

Yeah, sure ) , the good guy/gal had noly one job … wink

jaclaz

Thank you guys. What a pity IP-Box does not work with 6-digit passcode…I think there is a conflict between security and forensics. The great irony is that the more secure the iDevices is, the more difficult for forensic guys to examine and analyze iDevices. Could someone ask Apple not to enhance security so fast??? Or leave a backdoor for Law Enforcement???

Why don't we just tell everybody that if you want to do something illegal, you have to use iDevices…So Suspects won't worry about being monitored or examined.

Gorvq7222,

I work in LE and personally I hate the term backdoor. The hell with the backdoor, I want to go in the frontdoor. "No warrant shall issue, but upon probable cause." OK, so now if I have PC, not shaky PC, but top notch/awesome PC, I can't get in the phone?

I don't know of any houses that the Government, with a search warrant couldn't get in, so why is information in a phone given any greater protection than information in a residence?

Prior to iOS 8 the system seemed to work pretty good. LE got the Warrant, sent off the phone and got the data. However, post Snowden Apple doesn't want to appear to be acting as agents of the government. Complying with a search warrant, heaven forbid!

And does anyone believe if the CEO of Apple got their phone locked the folks in the back couldn't get into it? Please!

First of all I just want to make sure you are all well aware that I have not, and never intent to smuggle meerkats, they have both my respect and my confidence in providing me with reasonably priced car insurance. p

Let's say that Apple provide a secret backdoor for all iDevices whereby if you show a locked phone a picture of Steve Jobs it says "WELCOME, YOUR HIGHNESS" and unlocks the phone. Their aim is to allow LE a way to access locked phones, as you say.

While this would be a very cool feature, and would drastically change the way mobile forensic labs looked when walking into them in the future I think a slightly more secure mechanism could be found!!

I think both ideas are ridiculous. In weakening security, you weaken it for everyone. iPhones are used by high ranking government officials, diplomats, Chief Police officers etc - people who we would see as "friendly" and sitting on the side of LE. In weakening security to allow easier access for LE we have also weakened ourselves to our enemies. There are enough nations that are hostile towards your own nation* (or at least have interests in your nations dealings) with plenty of resources and money to throw at breaking compromised encryption.

You could be right, and probably are! but I think it is a little defeatist to not look at the potential. There are many mechanisms that include "backdoors". Internet and telecom switches, arguable have an effective "backdoor" which allows for LI. SIM cards have a "backdoor" PUK code to circumvent PIN code lockouts. GSM uses SS7 which is a highly compromising network of interconnected system that could be (and have been) compromised with the right resources, yet we all still use our mobile phones, on a daily basis.

In terms of the nuts and bolts of how it could work, it's not something I've looked into, I don't know whether it could be implemented with any degree of security against national espionage in mind, but is it not worth the research?

Sure, and let's say that you are innocent and that the good LE guys find nothing to connect you to that murder BUT casually find out that you are involved in illicit smuggling of meerkat images Shocked (credit for the meerkat idea goes to Adam10541 www.forensicfocus.com/...4/#6569664 ).
What would happen?
Will this info be ignored?
Will you be prosecuted for this other crime?
You won't be prosecuted for this other crime but you will be put under surveillance or simply entered in a secret database of meerkat pornography offenders?

This is an interesting point, but what does common sense tell us? What do our social norms expect of Policing in this situation? AND more importantly, has the context really changed? Has a violation of privacy against social norms been committed? Personally, I don't feel that in this situation that it has.

Loving this thread, perhaps we should give it it's own rather than hijacking the OP's topic of IP-BOX and 6 digit passcodes!

Or even without any crime involved, your device simply contains data that prove you are cheating on your partner and this info *somehow* is made public?

jaclaz

This definitely would feel like a violation. When your phone is seized, there is still an expectation that the data on the device, the data about the owner and people connected to that owner is managed in a responsible way.

It very much comes down to the control of the flow of information, rather than it being public or not public.

If for example, SMS messages that identified the suspect was cheating were important to the case, this information may be presented at court, in effect "making them public", but in most cases (not included high profile cases etc..) it would be revealed in court and not "flow" outside of that context.

However, if it wasn't part of the case against the suspect, would there not be an expectation that the privacy of the other individual is protected? This happens at present where call data records go through a process of redaction to remove the numbers of people that are not connected to a case before being presented in court.

It could still be seen by both defence and prosecution for reasons of disclosure and transparency.

If the case example you provided were to come true, and information from a mobile phone was somehow made public, this could seriously degrade the integrity of the police. In the same way that when you intrust private information to a close friend, if that close friend reveals that information to someone he shouldn't, you would now be less likely to reveal information to that friend in the future as the integrity of your relationship would be lost/reduced. Police must also have integrity when handling personal/private information to ensure people continue to provide help and assistance.

We do after all, operate policing by consent.