Does apple do that ?Submitted by isahilkumar t3_zy6ba8 in iphone
brizzodaizzo t1_j25sqx5 wrote
Reply to comment by blkrfl556 in Does apple do that ? by isahilkumar
I appreciate your comment. But I’d like to clarify that this article stated that Apple officials “unlocked her phone“. It stated nothing about handing over iCloud data. Huge difference.
I think this raises the question amongst many security analysts, “how“ is Apple brute forcing an iPhone pass code? This is supposed to be the encryption key to the entire device. Without it, everything behind the encryption is just gibberish. Does Apple have a master encryption key? Can the phone actually be brute forced.
Several years ago we were led to believe that federal officials could not even brute force iPhones, and even asked Apple for help, when Apple infamously refused.
I think the big question here is, what’s really going on?
BCKDal t1_j25wo1a wrote
Or maybe the person who wrote this poorly worded tweet didn’t know what they were saying.
brizzodaizzo t1_j260dov wrote
I vote, yes, on this being what “actually” happened. Have an upvote👍🏻
zombiepete t1_j260evg wrote
This is the far more likely scenario in my mind.
zvckp t1_j270tet wrote
This is very much possible ( based on my experience interacting with people daily in India).
mrhobbles t1_j26b3cs wrote
I think the tweet and the article are misinformed. As you stated, Apple has said many times in the past that they don’t have the capability to unlock phones, and refuse to develop the capability to. When a subpoena is provided Apple provides any requested data from iCloud backups - if they have them.
Tim Cook is famously on the record as saying that he considers it a breach of civil liberties, as well as a massive compromise of the iPhones security to develop such ability. https://www.theguardian.com/technology/2016/feb/22/tim-cook-apple-refusal-unlock-iphone-fbi-civil-liberties
He has historically shown himself to be a man of principle - there hasn’t been anything to say that his stance has changed. If anything Apple’s recent push on Privacy and Security just reinforces this (See the new Lockdown mode).
That’s not to say iPhone unlocks aren’t possible - they are, the most famous tool being one provided by Israeli security company Cellebrite. However depending on the device this either works by exploiting bugs and zero days, or by brute forcing.
But to say Apple came and unlocked the device I firmly don’t believe. They are simply misinformed in my opinion. I think it’s more likely they provided the data from iCloud backups and the police being non-technically minded made an incorrect statement.
brizzodaizzo t1_j26bjh0 wrote
I couldn’t agree more
AzettImpa t1_j285tju wrote
> He has historically shown himself to be a man of principle - there hasn’t been anything to say that his stance has changed.
You mean the man who spends billions for lobbying in China, who is the chairman of an elite Chinese university advisory board and who has refused to comment on the protests in China, quite the opposite, who has made it impossible for Chinese protesters to share propaganda against the government?
More like a spineless businessman with the principle of “profit first.”
blkrfl556 t1_j262opr wrote
I did answer this… it is possible to brute force the passcode… it’s the same way we do it daily… it’s not just gibberish. There is no ‘master encryption key’ the phone is for a lack of better words ‘hacked’ and all the data can be retrieved. When the devices are brute forced, it basically tries a string of passwords (sometimes taking weeks to months) trying different combos. Every time I tries 2 that aren’t successful, it erases the “failed attempts” from the device meaning every 2 attempts it just starts over as if there were no failed passcodes. If we aren’t dumping the data, you can still brute into the device and unlock it. Just takes time and patience.
Truly_Unending_ t1_j265qeq wrote
How do you get past the 10 failed passcode attempts erasing all data on iPhone feature?
PerpetuallyOffline t1_j2665qy wrote
You have to turn that on manually. Most users never do.
Truly_Unending_ t1_j267nq2 wrote
Yeah but I made that comment assuming he was trying to break into a phone that has it turned on. I always have it turned on on my phone personally.
YangaSF t1_j26lkr8 wrote
If it resets the “two failed attempts” flag, it will never reach a 10th attempt no?
blkrfl556 t1_j2707mh wrote
We see phones with that all the time. Like I said, it sends a code to the device after 2 attempts and basically tells the computer of the device to erase the attempts, meaning the phone always thinks it’s either the first or second attempt.
Truly_Unending_ t1_j285qqb wrote
Good to know. I hope Apple builds a way to combat this sometime soon.
blkrfl556 t1_j28sw6u wrote
You might. Depending on the case, we don’t lol. But like I said, Apples security and encryption is why we dislike working with the phones, but the same reason all of us own one lol. If people knew how easy android was… everyone would own a iPhone.
brizzodaizzo t1_j2667zm wrote
I believe this option is off by default. The user has to turn it on.
Truly_Unending_ t1_j267oqb wrote
Yeah but I made that comment assuming he was trying to break into a phone that has it turned on. I always have it turned on on my phone personally.
mahnkee t1_j282sxa wrote
You repetitively clone the phone and button mash programmatically. When the timeout is too large, wipe and reclone. Have parallel targets. This is how the Israeli company does it, the contractor the FBI used to crack the San Bernardino shooters’ iPhones.
Truly_Unending_ t1_j285ud5 wrote
Good to know. Hope Apple builds a way to combat this disgusting state sponsored anti privacy tactic very soon.
brizzodaizzo t1_j264kl7 wrote
Guessing that, this, is still the limitation?
blkrfl556 t1_j270ekl wrote
I’ve seen it take a 6 passcode minutes and a 6 passcode take months. It just depends. Sometimes we get lucky with it. All depends on how many attempts it has to make to crack it
brizzodaizzo t1_j271yn7 wrote
What about people that turn on the “erase iPhone after 10 failed passcode attempts” option in settings. Would figure this would make things tuff for u guys.
flambic t1_j277xov wrote
There have been bugs in the attempt-counting code, exploitable by GrayKey.
Also, iPhone X & before have a boot ROM bug letting you DFU unsigned payloads, but that doesn't help get the key for flash encryption.
Neither of these techniques seem like something Apple would use.
AnOriginalName2021 t1_j29yxzp wrote
Apple can remove an iCloud lock from a device. After that lock is removed you should be able to change the password.
Viewing a single comment thread. View all comments