Apple Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 02/27/2018 4:27:52 PM PST by Swordmaker
In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.
Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.
The Israeli firm, a subsidiary of Japan's Sun Corporation, hasn't made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren't authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe.
(Excerpt) Read more at forbes.com ...
Making changes to any firmware that exists inside that area requires one to have already logged in. . . making such access impossible unless one has already unlocked the device.
The claim that such an unlocking was successful just 17 days after the iPhone X models were shipped is highly unlikely.
One means of gaining access to any iPhone that will theoretically work is electron microscopic shaving to read the data in the Secure Enclave to discover the four parts of the encryption key plus the encryption key building algorithm that could then be used to decipher the 256 bit encrypted data on the FLASH memory drive. That means is by its very nature destructive and is extremely risky in that the electron microscope changes the state of the EPROMS inside the Secure Enclave as they are being read and in the past recovery, especially on the super small memory locations has been very problematic, with a sub-90% success rate. Even one wrong byte wrong means failure when trying to get an encryption key correct.
You must be the only Freeper who actually understands how this sort of encryption works.
Is the encryption-key-building algorithm different on each phone?
The US just passed a budget that gives $60 billion to secret surveillance programs. Its both a sign of their vast power that they get so much money, as well as their bureaucratic incompetence that they only now can unlock most cellphones.
And let’s not even talk about the potential for political meddling.
This means more naked celebrity photos taken on their iPhone released on the internet.
If you want on or off the Mac Ping List, Freepmail me.
And yet they can’t from Mrs. Pickles’ non-.gov email address that she’s conduction national affairs from a non-government server.
Sweet!
Still, true or not, it gives our betters a fig leaf of cover for plausibly producing any data they wish in court, without admitting they archive ALL transmitted data.
“disingenuous because the protection is NOT in iOS but rather in hardware in Apple’s devices, buried deep within the Secure Enclave encryption processor which cannot even be accessed by the Data Processor and is essentially a read only area of the hardware.”
The PIN/password verification is is in a read only area of the hardware?
Another one that did not read the article!
I guess the Patriot Act genie will never be placed back in the bottle.
They could if they wanted to.
They being defined as no one who can be blackmailed, shot in the back during a botched robbery, has a vulnerable loved one nor anyone who works down the chain of command from anyone fitting in any of those categories...
Ha! My Linux phone (powered by Unobtanium) is impervious to viruses and is guaranteed hack proof and unlockable.
It’s obvious to me: don’t use the net for any supersecret communication.
Nice try, Minnesota, but the Fappening turned out to be a complete hoax, at least in relation to it being photos stolen from Apple's iCloud. On investigation, it turned out to be a guy who was a member of a 4Chan group who collected nude pictures of celebrities who traded those pictures with the agreement they were never to be sold outside the group, who decided to break that agreement. He made the offer to sell his collection on Reddit... and to obfuscate their actual source claimed he had hacked into iCloud.
The guy trying to sell the photos was found, arrested, pled guilty, and had to admit exactly what he did in court.
The photos' meta data showed they came from various digital cameras, phones, including Android phones, some iPhones, some from PC Internet cameras, screen captures, many were captured from commercial movie frames. . . but what they did NOT have were any meta data showing a source from Apple's iCloud. Some celebrity iCloud accounts were compromised by the collectors through phishing to get their AppleID passwords, but there was no wholesale hacking of iPhones or Apple's iCloud.
This was all covered here on FR when it was going down.
Now they’re on to you...
I think you are right. This is what this is all about. . . they are trying to obfuscate where more of the revelations are going to be coming from.
It was not more than two weeks ago the government was demanding that Apple unlock another iPhone for them. If they already had this capability, they would not be demanding Apple unlock an iPhone for them. That's why I am pretty sure this is again FAKE NEWS.
Ask your self why we are only at 256bit encryption? What are the processing speeds of today’s computers.
“This means more naked celebrity photos taken on their iPhone released on the internet.”
Or maybe a few naked children inserted unwittingly?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.