Forums
Main Category
General (Technical,...
iPhone and IP Box e...
 
Notifications
Clear all

iPhone and IP Box experts please

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jaclaz 9 years ago
17 Posts
7 Users
0 Reactions
1,406 Views
RSS
 wotsits
(@wotsits)
Reputable Member
Joined: 10 years ago
Posts: 253
Topic starter 01/06/2016 10:48 am  

I think it's fair to say these range of iPhone passcode cracking tools such as IP Box and svStrike have boggled many including myself.

We know that they will not work on anything later than iOS 8.1.

But what about device compatibility? My original understanding was if you have an iPhone 5S on iOS 7 then it will work but you're at risk of the wipe function after 10 incorrect entries.

Now I'm hearing that any i device that has what's referred to as the Secure Enclave has never been broken into. The iPhone 5S and all subsequent touch ID devices have the Secure Enclave (NOT the 5C).

Can anyone with experience of these tools confirm if they only work on anything pre-5C pre-iOS8.1?
Or what effect will it have on a 5S on iOS 7?

Also, since most every new iPhone is for now at least impenetrable what's your procedure when you get handed a new iPhone? Is it just simply check if there's a passcode or if it's jailbroken, find if you have a lockdown file and if not send instructions to ask the suspect for the passcode? I can see this making mobile examiners obsolete in the future.


   
Quote
Chris_Ed
 Chris_Ed
(@chris_ed)
Reputable Member
Joined: 16 years ago
Posts: 314
01/06/2016 2:06 pm  

Also, since most every new iPhone is for now at least impenetrable what's your procedure when you get handed a new iPhone? Is it just simply check if there's a passcode or if it's jailbroken, find if you have a lockdown file and if not send instructions to ask the suspect for the passcode?

This is exactly what the procedure is, yes. Also bear in mind that if the device has been switched off, you must enter a passcode the first time you switch it on.

I can see this making mobile examiners obsolete in the future.

Bear in mind that most defendants will willingly provide their passcode, in my experience. And the same goes for any device-wide encryption (TrueCrypt FDE on PCs, for example).


   
ReplyQuote
 mobileforensicswales
(@mobileforensicswales)
Reputable Member
Joined: 17 years ago
Posts: 274
01/06/2016 2:17 pm  

All covered in great detail in this paper

http//www.teeltech.com/wp-content/uploads/2014/11/IP-Box-documentation-rev2-1-16-2015.pdf


   
ReplyQuote
 wotsits
(@wotsits)
Reputable Member
Joined: 10 years ago
Posts: 253
Topic starter 01/06/2016 2:26 pm  

Also, since most every new iPhone is for now at least impenetrable what's your procedure when you get handed a new iPhone? Is it just simply check if there's a passcode or if it's jailbroken, find if you have a lockdown file and if not send instructions to ask the suspect for the passcode?

This is exactly what the procedure is, yes. Also bear in mind that if the device has been switched off, you must enter a passcode the first time you switch it on.

Well I would assume most every phone that an examiner gets is powered off due to having run flat, unless a case was so urgent it got handed in under a day?

I can see this making mobile examiners obsolete in the future.

Bear in mind that most defendants will willingly provide their passcode, in my experience. And the same goes for any device-wide encryption (TrueCrypt FDE on PCs, for example).

What's your experience of this? My experience is most defence solicitors advise their client not to give out passwords and the like in interview.


   
ReplyQuote
 wotsits
(@wotsits)
Reputable Member
Joined: 10 years ago
Posts: 253
Topic starter 01/06/2016 3:05 pm  

All covered in great detail in this paper

http//www.teeltech.com/wp-content/uploads/2014/11/IP-Box-documentation-rev2-1-16-2015.pdf

Thanks for posting the document.

It seems to only talk about the iOS version relevance. There's no mention of model type and the document is 18 months old.

What about the Secure Enclave issue ever since the 5S? If it's no impediment to the IP Box so long as on pre-iOS8 then why is it generally held in most circles that no one has ever broken into an iPhone with a Secure Enclave?

Roughly since when has the IP Box been a feature of most law enforcement forensic labs?


   
ReplyQuote
minime2k9
 minime2k9
(@minime2k9)
Honorable Member
Joined: 14 years ago
Posts: 481
01/06/2016 4:32 pm  

What's your experience of this? My experience is most defence solicitors advise their client not to give out passwords and the like in interview.

If your in the UK, Section 49 of RIPA means they can charged for failing to provide a password. Up to 5 years for CSE offences. That often helps.


   
ReplyQuote
 wotsits
(@wotsits)
Reputable Member
Joined: 10 years ago
Posts: 253
Topic starter 01/06/2016 4:35 pm  

What's your experience of this? My experience is most defence solicitors advise their client not to give out passwords and the like in interview.

If your in the UK, Section 49 of RIPA means they can charged for failing to provide a password. Up to 5 years for CSE offences. That often helps.

This is a useless piece of legislation. Only one person was ever prosecuted for it.

Now even when people refuse to comply no further action is taken. The most blatant example is the NCA Laurie Love case.


   
ReplyQuote
minime2k9
 minime2k9
(@minime2k9)
Honorable Member
Joined: 14 years ago
Posts: 481
01/06/2016 4:55 pm  

Pretty sure I've had more than 1 conviction using this legislation…
And there is case law on it for terrorism offences.


   
ReplyQuote
Chris_Ed
 Chris_Ed
(@chris_ed)
Reputable Member
Joined: 16 years ago
Posts: 314
01/06/2016 5:02 pm  

Well I would assume most every phone that an examiner gets is powered off due to having run flat, unless a case was so urgent it got handed in under a day?

Absolutely! )

What's your experience of this? My experience is most defence solicitors advise their client not to give out passwords and the like in interview.

Then I'm sorry for you - but in my experience (and we had a quick straw poll in the office here), there are probably 25% iDevices which we cannot get into because the owner refused/forgot the passcode. So that's a significant amount of devices where the passcode is provided.

This is a useless piece of legislation. Only one person was ever prosecuted for it.

This doesn't make it useless! )


   
ReplyQuote
 wotsits
(@wotsits)
Reputable Member
Joined: 10 years ago
Posts: 253
Topic starter 01/06/2016 5:53 pm  

Then I'm sorry for you - but in my experience (and we had a quick straw poll in the office here), there are probably 25% iDevices which we cannot get into because the owner refused/forgot the passcode. So that's a significant amount of devices where the passcode is provided.

What usually happens with these devices once the case is concluded? Are they returned to the owner regardless of what they may hold as they have undeniable rights to the property? Or are they held onto as evidence until such time as they can be examined (if ever)?


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: