APPLE SECURITY PING!
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.
Posted on 06/19/2019 7:36:21 PM PDT by Swordmaker
Israeli forensics company Cellebrite – which has gained a reputation for unlocking mobile devices like the iPhone to obtain personal data without the passcode or biometrics – claims it can now unlock any iOS device running up to iOS 12.3.
The firm boasted of its capability in a tweet posted on Friday, which promoted UFED Premium, the latest version of its Universal Forensic Extraction Device.
(Excerpt) Read more at mactrast.com ...
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.
So you are claiming Cellebrite can’t try all the same numbers and letters on iOS 12.3.1?
It’s a mystery to me that more people don’t use (more than six) alpha/numeric/symbol characters in their passcode. It just takes a couple seconds longer.
I don’t even have one on my iPhone 10s. Just swipe and you are in!
In short, even if you have a 20 character password, the exploit gets around that.
Brute force is only used when exploits do not allow cracking the phone.
check .... iOS 13 ? When ?
I imagine from the first second a new iPhone or updated iOS system is out, someone somewhere is throwing everything they have at it...just so they can tweet out that they’ve broken it.
Preview release doesn’t install on my iPhone 6.
I assume that they can. 12.3.1 did not address anything having to do with this. iOS 13 will. Perhaps iOS 12.4 will as well.
My personal strategy is two fold:
1. Don't put anything incriminating on my phone, and
2. I don't do criminal acts.
While this is actually not a perfect defense against being accused, it is pretty good, and if I then back it up by updating to the latest version of iOS I am reasonably secure.
ConservativeMind, I fully grasp what Cellebrite is doing. They have a chart of how long it will take to crack each length of various passcodes people use. That means they are only using the vulnerabilities to get past the time-out countdown clock that prevents one from making multiple tries.
Their own manuals time table sets down estimated times for average cracking of four numeric codes, six numeric codes, etc. They STILL have to crack the passcode to find build the key to the encryption. That passcode is buried inside the Secure Enclave as a ONEWAY hash code. To use that, one must find the passcode and unlock the device. It is NOT instantaneous.
From Ars Technica’s recent article on Cellebrite’s technique on breaking into iOS devices”
”Cellebrite cannot magically discover your passcode. They can bypass all the counters and lockouts, but, at the end of the day, they need to brute force your passcode. It can be easy, if you don't have one set or it is only four digits, or it can be difficult, if you set a complex passcode with letters and numbers. As long as your passcode is a sufficient length, then Cellebrite will spend forever trying to brute force it without success."
A vulnerability is not going to uncover a passcode that literally does not exist on the device, nor is it going to find a random number created and stored in the Secure Enclave, something that cannot output its data even to the iOS device’s own processor, when that passcode was first created, nor can it read a secure code buried in that Secure Enclave, again, because it is impossible for that component to be read or to write external from itself except in a very constrained way. . . To check if the oneway hash matches. Only then will the internal encryption engine processor assemble and output the 256 bit AES,128 byte decryption key, which is made of four disparate components using an unknown algorithm. Without that decryption key the data on the device is just so much gobbledegook!
To brute force the 256bit AES encryption key would require 6.52 X 10195 years with the fastest super computer currently available on earth.
Want to try again saying I don’t understand what Cellebrite is using? The fact is I fully understand how Apple’s security works and you don’t. I’ve read all of Apple’s white papers on security in iOS and the articles and manuals on both Cellebrite’s and GreyKey’s methodology and use.
Beta versions are in testing now, but gold version likely in September. For now, ignore ConservativeMind and use a complex alphanumeric/symbol passcode. Even a five character complex alphanumeric/symbol at one try per second would require ~17,000 years to try all potential passcodes. I think that may be long enough to discourage them. A four character, alphanumeric/symbol from the 223 character set, if you use obscure symbols and characters, would likely take up to 78 years to try every possible combination. Obscure characters just take more key presses or holds to get to.
Only Cellebrite and GreyKey have ever been successful. Both bought their exploits from a white hat hacking competition and so far no one has duplicated it. iOS 12chas been out nine months blocking both and they finally found a way to get around it again, but it will be closed.
In short, breaking into my phone wouldn't be worth the effort beyond seeing my slightly eclectic collection of humorous (to me anyway) memes.
However, given that it's Apple... I would expect the encryption to be top notch. I'd also expect there is a back door or two in there they could exploit if necessary. Perhaps one or more of these back doors has been compromised.
Forget about getting in line for Bagster - Will you marry me?
LOL! My lovely lady might have some objections. . .
I’m curious how their brute force attack can even run - since iOS flips its lid after only a few incorrect attempts...
Celebrite requires the user to have physical access to the phone.
Apple provides a way for the user to erase the phone before surrendering it, but it takes some time to execute.
The Find iPhone app allows for the user to remotely erase the phone, providing the phone is on and still connected to a network.
Apple also allows the user to set the phone for automatic erasure after 10 failed passcode attempts, which will defeat any brute force attack.
Compared to the rest of the market, Mac OS and iOS devices are damnably difficult to hack. Market prices for successful exploits reflect this. Apple exploits are orders of magnitude more costly.
HOWEVER, the Achilles heel for ALL devices using cellular communications is the Control Channel in cellular communications systems. To allow for roaming and interoperability among various vendors and systems, it is wide-open, unsecured, simple to access, and readily comprehended.
Those vulnerabilities will not permit access to your device, but they can monitor, capture, and spoof all incoming and outgoing traffic, as well as track your location.
There is nothing Apple, or any other cell phone vendor can do to close those vulnerabilities. They are the responsibility of the cellular providers, who have no real incentive to fix them.
Same here. Mine is simple for me to remember, but hard to guess. Since I use the fingerprint to authenticate most of the time, I don't even have to enter it very often. One thing I'd like to see as an option is the ability to change how often you do need to enter it. I'd feel better about having to enter it once a day. Would also like to have a wipe password, which would wipe the phone if it were used.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.