• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • iOS Security is a Nightmare for Law Enforcement


    iOS' security has come come a long way since the original iPhone. Its security has come so far, in fact, that the encryption is a nightmare for law enforcement trying to view information from devices seized from criminals for evidence. Apple uses an encryption method known as AES (Advanced Encryption Standard), which is a tough nut to crack. However, it's not just the encryption itself that makes iOS so hard to break into.

    Quote Originally Posted by Ovie Carroll
    I can tell you from the Department of Justice perspective, if that drive is encrypted, you're done," Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property Section in the Department of Justice, said during his keynote address at the DFRWS computer forensics conference in Washington, D.C., last Monday. "When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data.
    A copy of the AES key is hidden deep within the memory of Apple’s device, but as Gizmodo reports, it can only be taken advantage of if the person handling the device knows the passcode to the device. Even then, any information obtained from the iOS device remains encrypted. One major problem for law enforcement is that iOS has a memory wipe feature that can erase the device’s memory when the passcode is guessed wrong ten times in a row, effectively erasing the desired information and resetting the randomized AES key:



    Most criminals aren't going to be dumb enough to not have a passcode since it keeps most people away from their sensitive information, however devices without passcodes take less effort to crack, since that is one less layer of security that needs to be penetrated. Unfortunately, even for a security expert, getting through the encryption is still a challenge when no passcode is present.

    For criminals, the fact that iOS encryption is so secure makes the devices a great way to hide information from unwanted eyes, like law enforcement. Apple has always put heavy emphasis on user security from the part of their Web site that showcases their mobile operating system. As it appears, the gloating is certainly justified.

    While the NSA might not be able to crack your iPhone’s security in a realistic amount of time right now, that’s not to say that they won’t be able to with future technology. Enjoy your high amount of security while it lasts.

    Sources: Technology Review via Gizmodo
    This article was originally published in forum thread: iOS Security is a Nightmare for Law Enforcement started by Anthony Bouchard View original post
    Comments 20 Comments
    1. Cer0's Avatar
      Cer0 -
      And they need seperate warrant to have you give them passwords if needed. Was reading an article the other day about that and the FBI took guys computers but asked him for the passwords and that if he didn't give them they would have to obtain a sperate warrant.
    1. Senyaichiya's Avatar
      Senyaichiya -
      I love that picture a password, a maze, and a safe!

      Let's hope a lot of people don't get wind of this idea and store a lot of (baaaaaad) stuff on their iDevice very ingenious though.
    1. bigliquid530's Avatar
      bigliquid530 -
      Quote Originally Posted by Senyaichiya View Post
      I love that picture a password, a maze, and a safe!

      Let's hope a lot of people don't get wind of this idea and store a lot of (baaaaaad) stuff on their iDevice very ingenious though.
      DDont forget the laser beam security
    1. MXCO's Avatar
      MXCO -
      Quote Originally Posted by Senyaichiya View Post
      I love that picture a password, a maze, and a safe!

      Let's hope a lot of people don't get wind of this idea and store a lot of (baaaaaad) stuff on their iDevice very ingenious though.
      I love that picture as well ha
    1. regkilla's Avatar
      regkilla -
      I will passcode lock my iPhone from now on lol. Take that Law Enforcement!

      Quote Originally Posted by MXCO View Post
      I love that picture as well ha
      +2. cool pic
    1. mmaboi21's Avatar
      mmaboi21 -
      Yay
    1. qumahlin's Avatar
      qumahlin -
      This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

      Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by qumahlin View Post
      This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

      Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol
      The passcode can slow a hacker's move toward unencrypting a file. If you have the auto-wipe on, ten passcode failures will erase everything for good.
    1. Senyaichiya's Avatar
      Senyaichiya -
      Quote Originally Posted by bigliquid530 View Post
      DDont forget the laser beam security
      Holy crap!
      I didn't even notice those! (or they could be kerplunk sticks!)
      Should we count the screen as well?
    1. Donnutt's Avatar
      Donnutt -
      Quote Originally Posted by Cer0 View Post
      And they need seperate warrant to have you give them passwords if needed. Was reading an article the other day about that and the FBI took guys computers but asked him for the passwords and that if he didn't give them they would have to obtain a sperate warrant.
      So they could wave a warrant in your face to make you give up the pass code? I can't see that working very well to anyone with an IQ over 80. If there is something in the iPhone that is incriminating, why would you tell them? They can't make you give it up.
    1. Imahottguy's Avatar
      Imahottguy -
      Quote Originally Posted by qumahlin View Post
      This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

      Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol
      Doesn't that method rely on the LimeRain exploit or something? As in a 4S would not be susceptible? I thought I read that somewhere, but cannot seem to find the source.
    1. Donnutt's Avatar
      Donnutt -
      Quote Originally Posted by qumahlin View Post
      Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol
      What?? iCloud itself is encrypted! With the huge investment it is, I'm sure it's a veritable digital fortress!
    1. buggsy2's Avatar
      buggsy2 -
      Quote Originally Posted by Anthony Bouchard View Post
      …devices seized from criminals…For criminals, the fact that iOS encryption is so secure makes the devices a great way to hide information from unwanted eyes, like law enforcement.
      Oh. Many thanks to the author for showing me that all people whose devices have been taken by LEO are criminals...I'm going to write my representatives and have them do away with that pesky 3rd branch of government, the Judicial, since the police are 100% accurate. I'll also write Tim Cook and ask him to do away with encryption since only criminals want to keep things secret, and hey, I'm no criminal!!
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by Donnutt View Post
      So they could wave a warrant in your face to make you give up the pass code? I can't see that working very well to anyone with an IQ over 80. If there is something in the iPhone that is incriminating, why would you tell them? They can't make you give it up.
      There was a case recently where the lady would not give them the password because she says she forgot it. They kept her locked up and I can't remember what they told her would happen if she did not come up with the password within 30 days (update: she could be held in contempt and jailed until she complies). Gonna have to try and remember the case to see if I can find it. Know wired did the article on it that I read.

      Defendant Ordered to Decrypt Laptop May Have Forgotten Password | Threat Level | Wired.com
    1. Mrteacup's Avatar
      Mrteacup -
      Quote Originally Posted by Anthony Bouchard View Post
      The passcode can slow a hacker's move toward unencrypting a file. If you have the auto-wipe on, ten passcode failures will erase everything for good.
      I don't think his statement makes this article a fail but I don't think you understood what he said..

      He's saying they created a way to bypass the auto wipe and try as many pass codes as they want. This means they can just run a program that tries all of the possible combinations (may sound lousy but with a 4 pin security they can finish that in about an hour)

      I don't understand why you guys failed to mention they could wipe it from a computer..

      Also with iCloud And all I feel like apple could help them obtain the info they need without having to crack a pin...

      Concerning the picture haha I used to have an android lock xt and an iOS passcode lock on my phone for kicks. I even considered adding a face recognition too. Also I had igotya hahhaa love that app
    1. tabaks's Avatar
      tabaks -
      Quote Originally Posted by qumahlin View Post
      This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

      Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol
      Elcomsoft website states: "(****) iPhone 4S, iPad 2 and the new iPad support is limited to jailbroken devices only."

      So, obviously, iPhone security and hardiness is getting better and better. However, a big vulnerability is the computer which iPhone is syncing with. The "escrow file" can help them break into your iPhone, bypassing the need for the password.
    1. Zokunei's Avatar
      Zokunei -
      Can't wait to do some crimes
    1. jeo92109's Avatar
      jeo92109 -
      Quote Originally Posted by qumahlin View Post
      This article is full of fail. Elcomsoft already makes a cracker that takes an image of the phone so that it can fail as many times as it wants getting the passcode, that's why it smart to not use the default 4 digit one

      Also if the phone was backed to iCloud they can get all the data unencrypted, hell they could use the phonepw reset trick lol
      Your post goes to show how little you might know about law and law enforcement.
    1. soidroidios's Avatar
      soidroidios -
      This is why Apple iOS is the most secure platform to be in. Gives you a lot of piece of mind considering the amount of data we store in our smartphones these days. Then again, if they get into your cloud....
    1. RRoD420's Avatar
      RRoD420 -
      this article is nonsense, if law enforcement wants to get into your phone they have someone who knows how to install SSH and SSL, use itunnel_mux to create a virtual "router" usb tunnel and SSH into the phone with full access. Delete the keychain/keybag files and reboot. Passcode removed! all data intact!