Passphrases are always going to be the strongest, but you can have more than 6 digits in your pincode.
Select "Custom Alphanumeric Code" in Passcode Options[1], but only enter digits using the keyboard. iOS will display a pin pad on the lock screen that will accept any number of digits[2].
I picked this up from the delicious iOS 11 security whitepaper[3].
This is plainly brilliant. Just done that and the interface seems to not give any clue about the expected number of digits. Meaning that an attacker have no mean to even estimat the time needed to unlock. One could only figure out that complexity of password increased after failing all attempts with less digits (which will already take a lot of time).
If this actually works there has to be some huge, embarrassing vuln in Apple's Secure Enclave Processor on par with the "CTS Labs" AMD secure coprocessor hoopla that hit the news just this week.[1][2]
The SEP is supposed to enforce a time delay between passcode attempts to prevent this sort of brute forcing. The timer could be defeated in older models by cutting power at just the right time, but Apple's whitepaper says it's supposed to survive restarts now.[3]
Based on the screenshots it looks like it can load custom firmware on the iPhone. That's bad.
It seems like they don't have the exponential delays, but they do have delays. Why else would it take 3 days to unlock the phone if it has a 6-digit passcode?
Apple's security paper says it would take more than 50 years to brute-force an alphanumeric 6-digit passcode at 80ms per iteration. I suspect that's still correct here (if “3 days or more” is for 6 numeric digits).
If this new time delay is via an off-chip RC circuit (one of the few ways for a timer to work with the power off as the capacitor acts like a battery) then it could be defeated by changing the components. RC circuits can be made on chip, however large value resistors and capacitors are very expensive to place on-chip.
Time delays only provide a false sense of security. In theory I could always cut open the casing and just plug wires straight into the EMMC or whatever you have in there. Your time delay UI is useless if I just bypass your UI and wire straight into the hardware.
Of course that's non-trivial EE work, but the point is it's possible, for someone with enough money and the right equipment. What would make it intractable is to ditch the idea that a 4 digit pin is protecting you from anything. There's simply not enough entropy in that.
Time delays are useful protection when over a network. But not when the attacker has physical console access, e.g. to a phone. At that point proper cryptography and mathematics is the only good protection.
However, it does mean that an iPhone’s security cannot be ensured if it falls into a third party’s hands.
That was and will always continue to be true. Even secure cryptoprocessors of the type used in smartcards and HSMs can be cracked with enough determination and time. There are companies in China who will read and clone them for surprisingly little money.
It has always amused me somewhat how scared (or the impression that articles like this give) some people are of governments, while at the same time completely accepting and trusting to being herded and controlled by the companies they purchase these locked-down computers from. Anything you truly want to keep secret should be encrypted by systems you have knowledge of, with a key that only you know, or even better --- not leaving your brain at all.
Unfortunately, the IP-Box 2 became widely available and was almost exclusively used illegitimately, rather than in law enforcement
If by "illegitimately" you mean third-party repair shops... I know Apple doesn't like that, but the whole *-box series are aimed at the mobile repair industry (a huge business in China), not law enforcement.
the fact the methods of accessing the device are so secret seems very prone to a court rules of evidence challenge.
The accused has a right to know exactly how evidence was obtained, and if the chain of custody was broken, just hiding behind an NDA isnt going to cut it.
Is it just me or does the price point seem extremely low?
They have a device that should be in high demand globally, and maybe one competitor.
And they are charging 15-30k, for basically unlimited usage??
You can't tell me federal law enforcement wouldn't pay at minimum ten times that amount for metered usage...
> The cheaper model isn’t much of a danger if stolen—unless it’s stolen prior to setup—but at 4″x 4″x 2″, the unlimited model could be pocketed fairly easily, along with its token, if stored nearby. Once off-site, it would continue to work.
Presumably even the cheaper model could be reverse engineered to reveal the exploit used. But once it becomes known, it would be patched.
I hate this stuff. I want to secure my device and not have the govt or companies steal it, I want to control my device. Still, it's fascinating to learn about.
Did no one think, when they take someone's phone for 5 minutes at the border, they could be doing this to your phone.
Can GreyKey or anything else really bypass the unlock attempt counter of an iPhone set to erase itself after 10 unsuccessful attempts? Have they found a way to replace the firmware that executes that erase procedure? In that case, only password complexity can save you. But no evidence is shown that proves they can accomplish this.
Humans being abysmal PIN and password generators, a decent fraction of phones can probably be unlocked within 5 attempts by just trying 123456, 123123, 111111, 654321, 000000. Unless/until the phone forces the user to learn rather than select a PIN that's probably going to remain the biggest vuln.
On the other hand, perhaps Apple could secretly partner with a law enforcement team and purchase one for themselves. $15k and $30k are literally nothing to Apple with their warchest in the tens of billions.
The ‘offer’ isn’t illegal - going through with it would be though, for both sides. Grand theft and receiving stolen goods. Both not great, plus you’d be actively acting against the law enforcement system which would ensure a zealous prosecution.
> An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market
My phone has no banking information, credit card information, Social Security numbers, or email accounts that can be used to recover or reset access to any online service. Why? Because I don't trust my phone.
But aside from all that, all that information is already on the black market. There have been so many breaches, Equifax just to name one, to think otherwise.
I wonder: Apple has hundreds of billions in overseas cash. Why don't they go after Cellebrite and Grayshift and offer the owners something to the tune of 1-2 billion US$ in hard cash? Given the reputation hit once this knowledge becomes widespread, a couple billion dollars are pocket change.
>The cheaper model isn’t much of a danger if stolen—unless it’s stolen prior to setup—but at 4″x 4″x 2″, the unlimited model could be pocketed fairly easily, along with its token, if stored nearby. Once off-site, it would continue to work. Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones.
If this gets stolen and put on the black market, that would be a good thing. Because then Apple can buy one, figure out what vulnerabilities it's using, and patch them.
This seems at odds with Apple’s claims about holding the device encryption keys in a secure coprocessor that only releases them in response to a valid passcode, and self-destructs the keys if too many passcodes are tried.
It’s not at odds with it - it’s pretty obviously using a vulnerability to run a crack against the passcode. Once the passcode is found, that is used to unlock the phone and this the Secure Enclave.
I thought iPhone were electronically secure, it seems they are not. I thought the FBI had to just do some Xray of some chip to read some ROM thing.
Sometimes I wonder if real security is really and theoretically possible, or if it's just engineers who never manage to achieve it because designers want things to be usable for consumers.
What ever happens it doesn't seem really secure, consumer oriented device do exist. I wonder if there are android devices who do a good job at that, and what's the status of the security of android device in general, I would guess it's not better.
Are you willing to pay $500k for a phone? Is there a vendor who is willing to put R&D investment of $20mil so you can buy one? How much more phones they would sell? If you would be Ed Snowden would you even trust that company?
Are you going to buy a safe to keep family photos in it?
What does it even mean for you to have absolutely secure phone if you are going to be hit by a bus tomorrow?
Yes it is, and has been done. Subject to [edit: a] security policy (NOT defined by implementation) and a meaningful statement of threat (what are you protecting against?)
I mean if they truly broke and iPhone lock, then it means they had to be tampering with a true Apple device (not a dummy) in order to make their device work. Therefore, they violate Apple TOS that I am sure forbids any sort of backdooring. I doubt they will go after a rouge chinese jailbreaker sitting in moms basement and trying to make a name for him/herself, but here we have example of a for-profit incorporated business that makes 100% of their money by breaking Apple's devices.
On the other hand, if this is all just some sort of marketing gimmick, or that device never been truly tested on iPhone, then I am sure they can go after them for attempting to shame iOS/iPhone for users to think their devices are less secure than they actually are, which could hit their bottom line.
[+] [-] thisacctforreal|8 years ago|reply
Select "Custom Alphanumeric Code" in Passcode Options[1], but only enter digits using the keyboard. iOS will display a pin pad on the lock screen that will accept any number of digits[2].
I picked this up from the delicious iOS 11 security whitepaper[3].
[1] https://i.imgur.com/KEEC71B.png [2] https://i.imgur.com/YrgQA5s.png [3] https://www.apple.com/business/docs/iOS_Security_Guide.pdf
[+] [-] Twisell|8 years ago|reply
But of course alphanumerical would be even safer.
[+] [-] teilo|8 years ago|reply
[+] [-] abalone|8 years ago|reply
The SEP is supposed to enforce a time delay between passcode attempts to prevent this sort of brute forcing. The timer could be defeated in older models by cutting power at just the right time, but Apple's whitepaper says it's supposed to survive restarts now.[3]
Based on the screenshots it looks like it can load custom firmware on the iPhone. That's bad.
[1] https://www.anandtech.com/show/12525/security-researchers-pu...
[2] HN discussion: https://news.ycombinator.com/item?id=16597626
[3] p15: https://images.apple.com/business/docs/iOS_Security_Guide.pd...
[+] [-] TazeTSchnitzel|8 years ago|reply
Apple's security paper says it would take more than 50 years to brute-force an alphanumeric 6-digit passcode at 80ms per iteration. I suspect that's still correct here (if “3 days or more” is for 6 numeric digits).
[+] [-] slededit|8 years ago|reply
[+] [-] Scaevolus|8 years ago|reply
[+] [-] dheera|8 years ago|reply
Of course that's non-trivial EE work, but the point is it's possible, for someone with enough money and the right equipment. What would make it intractable is to ditch the idea that a 4 digit pin is protecting you from anything. There's simply not enough entropy in that.
Time delays are useful protection when over a network. But not when the attacker has physical console access, e.g. to a phone. At that point proper cryptography and mathematics is the only good protection.
[+] [-] userbinator|8 years ago|reply
That was and will always continue to be true. Even secure cryptoprocessors of the type used in smartcards and HSMs can be cracked with enough determination and time. There are companies in China who will read and clone them for surprisingly little money.
It has always amused me somewhat how scared (or the impression that articles like this give) some people are of governments, while at the same time completely accepting and trusting to being herded and controlled by the companies they purchase these locked-down computers from. Anything you truly want to keep secret should be encrypted by systems you have knowledge of, with a key that only you know, or even better --- not leaving your brain at all.
Unfortunately, the IP-Box 2 became widely available and was almost exclusively used illegitimately, rather than in law enforcement
If by "illegitimately" you mean third-party repair shops... I know Apple doesn't like that, but the whole *-box series are aimed at the mobile repair industry (a huge business in China), not law enforcement.
[+] [-] SlowRobotAhead|8 years ago|reply
The faintest of ink will outlast the best of memory, or something like that.
[+] [-] throwaway2048|8 years ago|reply
The accused has a right to know exactly how evidence was obtained, and if the chain of custody was broken, just hiding behind an NDA isnt going to cut it.
[+] [-] jsizzle|8 years ago|reply
[+] [-] ashman5|8 years ago|reply
[+] [-] Mtinie|8 years ago|reply
The photo stagings remind me of ones I’d use on a pre-release marketing site for a vapor-ware product to test demand and a price point.
[+] [-] shawnz|8 years ago|reply
Presumably even the cheaper model could be reverse engineered to reveal the exploit used. But once it becomes known, it would be patched.
[+] [-] incresp|8 years ago|reply
[+] [-] saagarjha|8 years ago|reply
[+] [-] NotSammyHagar|8 years ago|reply
Did no one think, when they take someone's phone for 5 minutes at the border, they could be doing this to your phone.
[+] [-] djrogers|8 years ago|reply
[+] [-] nobeliefs|8 years ago|reply
[+] [-] rphlx|8 years ago|reply
[+] [-] Tempest1981|8 years ago|reply
[+] [-] solarkraft|8 years ago|reply
[+] [-] verroq|8 years ago|reply
[+] [-] craftyguy|8 years ago|reply
On the other hand, perhaps Apple could secretly partner with a law enforcement team and purchase one for themselves. $15k and $30k are literally nothing to Apple with their warchest in the tens of billions.
[+] [-] jlgaddis|8 years ago|reply
I imagine that telling someone, "Steal that TV and I'll give you $100 for it" would, additionally, make you a conspirator to the crime of theft.
[+] [-] djrogers|8 years ago|reply
[+] [-] roywiggins|8 years ago|reply
https://www.law.cornell.edu/uscode/text/18/1832
[+] [-] ryanlol|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] ams6110|8 years ago|reply
My phone has no banking information, credit card information, Social Security numbers, or email accounts that can be used to recover or reset access to any online service. Why? Because I don't trust my phone.
But aside from all that, all that information is already on the black market. There have been so many breaches, Equifax just to name one, to think otherwise.
[+] [-] laggyluke|8 years ago|reply
[+] [-] mschuster91|8 years ago|reply
[+] [-] nocobot|8 years ago|reply
Few people imagine themselves to ever be in a position where they would want to protect the info on their phones from LE.
[+] [-] Piskvorrr|8 years ago|reply
[+] [-] Buge|8 years ago|reply
If this gets stolen and put on the black market, that would be a good thing. Because then Apple can buy one, figure out what vulnerabilities it's using, and patch them.
[+] [-] closeparen|8 years ago|reply
[+] [-] djrogers|8 years ago|reply
[+] [-] matthewmacleod|8 years ago|reply
[+] [-] uselpa|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] jokoon|8 years ago|reply
Sometimes I wonder if real security is really and theoretically possible, or if it's just engineers who never manage to achieve it because designers want things to be usable for consumers.
What ever happens it doesn't seem really secure, consumer oriented device do exist. I wonder if there are android devices who do a good job at that, and what's the status of the security of android device in general, I would guess it's not better.
[+] [-] ozim|8 years ago|reply
Are you willing to pay $500k for a phone? Is there a vendor who is willing to put R&D investment of $20mil so you can buy one? How much more phones they would sell? If you would be Ed Snowden would you even trust that company?
Are you going to buy a safe to keep family photos in it?
What does it even mean for you to have absolutely secure phone if you are going to be hit by a bus tomorrow?
[+] [-] 0culus|8 years ago|reply
This paper might prove to be an enlightening read: http://www.mdpi.com/2078-2489/7/2/23
[+] [-] joering2|8 years ago|reply
I mean if they truly broke and iPhone lock, then it means they had to be tampering with a true Apple device (not a dummy) in order to make their device work. Therefore, they violate Apple TOS that I am sure forbids any sort of backdooring. I doubt they will go after a rouge chinese jailbreaker sitting in moms basement and trying to make a name for him/herself, but here we have example of a for-profit incorporated business that makes 100% of their money by breaking Apple's devices.
On the other hand, if this is all just some sort of marketing gimmick, or that device never been truly tested on iPhone, then I am sure they can go after them for attempting to shame iOS/iPhone for users to think their devices are less secure than they actually are, which could hit their bottom line.
[+] [-] unknown|8 years ago|reply
[deleted]