The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

Forbes ^ | February 26, 2018 | By Thomas Fox-Brewster

[SargeK]

The way people vomit their every personal detail in social media, you wonder why the government even bothers trying to break into their iPhones.

Send them a friend request or ‘like’ their lame assed sulfur’s and they’ll tell you what their first school was, their maternal grandmother’s name and their first car model.

Used to be hard to recruit intelligence sources. Flattery was a major tool. Now you can flatter a hundred people an hour enough for them to give you the keys to their houses.

[SargeK]

Sulfur’s=selfies. @#%¥ing spell check

[House Atreides]

“Ha! My Linux phone (powered by Unobtanium) is impervious to viruses and is guaranteed hack proof and unlockable.”
**************************************************
That’s only for Linux phones manufactured in Wakanda and not for those manufactured elsewhere.

[ImJustAnotherOkie]

The lustre has fallen from Apple dimming by one misstep after another. After San Bernardino they made themselves a target for this.

[FourtySeven]

Yeah, you lost me after the “logged in” part.

Ping me later with a simpler explanation. I’m hopping in the shower now.

[i_robot73]

>And let’s not even talk about the potential for political meddling.

POTENTIAL? Did you somehow MISS ~1yr prior to the last election > today?

Maybe the FBI having it’s OWN set of ‘spook tools’ (how ANYTHING can supposedly ‘come from Russia’ after knowing this....)

The obliteration of the 4th w/ the NSA

[Fightin Whitey]

I went to “Black Phone” and after about five seconds my laptop shut down completely.

Started back up just fine but...pretty potent stuff!

[Cats Pajamas]

Bookmark

[Fightin Whitey]

[ZULU]

I don’t trust the Federal government Period.

[Ransomed]

The NSA is the largest employer in Maryland. It is estimated that the NSA employs 30,000-40,000 people, if I recall. They can’t even tell us the real number for security reasons or something.

Freegards

[bigbob]

They should try Jennifer Lawrence’s phone and see if she’s added any new ones. As a scientific experiment, of course.

[Swordmaker]

Is the encryption-key-building algorithm different on each phone?

Apple uses several that are burned into the silicon of the Encryption Engine in the Secure Enclave Processor. What keeps the encryption difficult is the four separate pieces of the encryption KEY that is constructed.

1. The passcode of the user is used to generate a one-way hash, which is then used as a portion of the key.
2. A device Group ID (GID) that does remain the same for each unit in that product model burned into the silicon. This is the only part that is known.
3. A Random Unique ID (UID) that is burned into the silicon when the chip is made and not recorded anywhere.
4. A truly entropic random number environmentally sampled from the device's microphone, cameras, GPS sensors, position sensors, barometer, accelerometer, etc., at the time the user first inputs his/her passcode and stored in the Secure Enclave's EPROM.

All four of these are used by one of the algorithms to be entangled in a way that can be recreated each time the passcode is entered. This results in an at least 144 character KEY which includes every possible character in the Apple 223 character set.

This all happens inside a sealed read only area of the Secure Enclave that has access only to the limited things it is allowed to access. The main processor cannot access anything inside the Secure Enclave. . . there is no hardware read/write access from that main processor to that area so it cannot read those hidden pieces of data to provide them to anything outside and it can only receive data that is deliberately sent to it by the encryption engine. Even a hardware testing device cannot get access to read what's in it.

There are four inter-registered ICs in each Apple device that once removed from the device MUST be reregistered with each other before the device will be able to reboot and the Secure Enclave to operate correctly. This is designed to prevent anyone from dismounting the chipsets and attempting to insert the system into a super-computer to do a fast work-around of the lock-out protocols, or to attempt a shaving technique. Essentially any break-in has to be done on the iPhone itself.

To attempt a brute force decryption of the data one needs to try every one of the possible AES-256 keys. To do that is virtually impossible even with the most powerful computers the CIA or NSA has available today. I won't go into the math right now, but essentially it would take about 5.26 billion vigintillion (10¹⁹⁵) Years to break into your data.

To put that into perspective, it is estimated that the Universe, and every atom, electron, proton, and neutron in it will have devolved into a soup of sub-atomic particles, quarks, etc. by the time 4.72 X 10⁸² years will have passed.

I think, by that time, any interest in the data on your iPhone will be moot.

[Swordmaker]

The PIN/password verification is is in a read only area of the hardware?

It's far more complex than that, but essentially, for this purpose, yes. The passcode is not even stored on the hardware. . . and everything is inside what is called the Secure Enclave which has its own dedicated Encryption processor, which is separate from the main processor that handles everything else.

[TexasGator]

Fingerprint and face I’d processing are in the secure enclave but I don’t think password processing is.

[Presbyterian Reporter]

“””.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market”””

---

The Potomac River will be filled with the smartphones dumped by the FBI criminals!!!!

[AF_Blue]

What model of iPhone will be on the market then, the X⁸² or the X¹⁹⁵, and can I preorder now?

[Swordmaker]

Ask your self why we are only at 256bit encryption? What are the processing speeds of today’s computers.

It doesn't matter HOW fast the latest computers are. It STILL takes too long to break into a 256 bit AES encryption when there is only ONE key that will unlock it. Even if we take the FASTEST computer we have to day, and multiply its speed by ONE BILLION, it makes very little difference in how long it will take to decrypt an AES encryption by brute force. Since it would now take 5.26 Billion vigintillion (10¹⁹⁵) Years to break into your data using the fastest super computer we currently have available, multiplying that computers' speed by 1,000,000,000, means it would only take 5.26 X 10¹⁸⁵ Years to break into your data. Yeah, it's a shorter time, a billion times shorter, but it doesn't make much difference to us getting at that data.

Say we make that computer a trillion times faster. . . then it would only take us 5.62 X 10¹⁸¹ years. Whoopee! I might have time to finish my coffee. . .

Here's that first number of years written out. . .

5,260,096,410,168,500,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 YEARS

[Swordmaker]

Or maybe a few naked children inserted unwittingly?

they hid classified documents and photos on Sharyl Attkisson computer after breaking into her house and installing a hidden glass cable into her internet connection. These were hidden inside other graphic files by means of steganography, a sneaky way of encoding hidden stuff inside photos and other files by encrypting it inside the compression of the image.

[taxcontrol]

https://puri.sm/shop/librem-5/