FBI stymied by Apple’s Lockdown Mode after seizing journalist’s iPhone
- Thread starter JournalBot
- Start date
Is he though? I’ll admit I haven’t read everything about what’s happened, but it seems to me that Tim Apple says nice things about Trump and gives him a (literal) shiny toy to play with as a way of keeping him from meddling too deeply with what Apple do.
I could be wrong of course, but from a company point of view this seems safer then making an enemy of a powerful man with the temperament of a vengeful child.
Upvote
9
(9
/
0)
“When Lockdown Mode is enabled, your device won’t function like it typically does,” Apple says. “To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.”
Such as Liquid Glass?
Such as Liquid Glass?
Upvote
-6
(0
/
-6)
Okay, for the sake of argument, I will entertain the idea that every administration does it.
And if that is indeed, the case, I certainly would not say that they are all equally as bad.
I would rate the current administration as by far the worst of any president in modern times.
One way or another, you cannot equivocate this administration to anything before it except perhaps Nixon.
Upvote
2
(2
/
0)
That’s why being able to trigger the lockdown mode would be helpful. That way you don’t erase the data.
You just make it harder to access on the assumption that Trump’s goons obtained their warrant in bad faith.
Gives lawyers time to hash that out.
Last edited:
Upvote
1
(1
/
0)
Without a doubt, that's what their looking for on the watch but that is not the Government's highly classified information.
Upvote
0
(0
/
0)
Just curious, for anyone who's in a position to answer:
I understand why someone would want to avoid using biometrics because of the legal case. But is a 4- 6- or 8-digit passcode really that secure? Seems like it would possible to brute force the passcode with some kind of specialized forensic tool, especially if it used numbers only? Or would that attempt be thwarted by the same increasingly long retry times an end user gets after multiple bad passcode entries?
I understand why someone would want to avoid using biometrics because of the legal case. But is a 4- 6- or 8-digit passcode really that secure? Seems like it would possible to brute force the passcode with some kind of specialized forensic tool, especially if it used numbers only? Or would that attempt be thwarted by the same increasingly long retry times an end user gets after multiple bad passcode entries?
Upvote
0
(0
/
0)
If you're talking about an iPhone, you can set it to auto-wipe after ten incorrect tries, so that should defeat any attempt unless you set a predictable passcode.
Personally, I don't think biometrics are a problem for most people. Especially on a phone, where there's an easy way to disable them (press and hold Volume Up and Power for 5 seconds and the phone vibrates) until you enter the passcode. Obviously YMMV, especially if you're a journalist protecting sources, or in the intelligence trade or something.
Trickier for laptops.
Upvote
2
(2
/
0)
Cellebrite cannot brute force anything past the iPhone 11 - only After First Unlock is available for anything else.
Upvote
3
(3
/
0)
It's really not. Just turning the laptop off will disable biometrics. You need to enter your password to unlock FileVault, before biometrics can be enabled.
Upvote
0
(0
/
0)
My 90-year-old father’s shaky hands so easily fudge’s the password, he’s managed to impose on himself some rather lengthy timeouts.
To the point where he finally will call in desperation.
You can get around this by resetting the password, but it’s not fun for someone who has to do that very often. And no, I’m not complaining. I love my father. It’s just that it is a pain in the ass, not that I’m going to tell him.
Upvote
1
(1
/
0)
In this context passkeys themselves are analogue to physical keys, but they must be stored in a secure way that requires some kind of lock.
It's the user's choice if the storage method used for passkey is unlocked with biometrics or pin / passcode. As far as I understand passkeys themselves don't have any built-in protection, they rely entirely on the unlocking mechanism of the storage method (dongle, TPM chip, password manager, etc.).
Upvote
1
(1
/
0)
Putting aside that the human owner is a weak link. There are hardware exploits (hence unpatchable), there are software exploits when the implementation of the crypto isn't perfect (even a mathematically perfect algorithm can have an implementation flaw and an exploitable sidechannel), and more extreme methods like invasively exploring the innards of the chip.
As far as I know the iPhone doesn't have (and can't reasonably have, if we want usability and repairability) the same kind of physical protections something like an HSM would have, which won't just wipe the keys at any attempt to breach the enclosure, but can also have time restrictions and wipe the keys if valid credentials aren't provided at regular intervals, which cuts the time the attacker has to investigate.
There is no perfectly secure system, especially not at the complexity level of an iPhone. Flaws are there, just waiting to be found. It only depends on how determined the "attacker" is. The Golden State Killer was caught after 45 years and at least that guy lived his whole life thinking he can't be caught. These people know their names are there in the phone just waiting to be revealed.
Upvote
-2
(0
/
-2)
When you have a passcode and want to check it, you can by design only do it on the iPhone itself. You can't do it on some supercomputer.
And by design, a 256 bit key in the CPU, a 256 bit random key, and your passcode are encrypted multiple times. The number of rounds depends on the speed of the hardware, so testing a single passcode takes 80ms. That's assuming you get past various methods to prevent brute force attacks.
A 4 digit passcode takes at least 800 seconds, 6 digits takes almost a day, 8 digits takes 3 months, 10 digits takes 30 years.
Upvote
0
(0
/
0)
There's no sidechannel on something that isn't running. The key simply isn't present to decrypt the data. Side-channels are how you get at AFU devices.
Gee if only somebody had already explained that possibility in this thread .. who might have said that? hmm, think his name starts with cloud and ends with gazer! And you should have noticed because I was talking about it in the very post you replied to in starting this discussion with me!
But thanks for explaining my point to me. Kudos.
Last edited:
Upvote
2
(2
/
0)
The key isn't present where, Cloudgazer? Typing the PIN doesn't invoke a "non-present" key, does it? You probably wanted to say "the key isn't present in RAM", but BFU devices still very much hold the key. If the key is there, a determined attacker with effectively unlimited funds will find a way to get it sooner or later. Wherever the key is stored (on the chip, interacting with firmware), it can have a sidechannel and be exploited. Ask Yubikey.
So you were smart enough to point out that possibility that the key can be physically extracted from the device (destructively, which I presume is what's holding them back for now) but then promptly forgot about it and claim that it's impossible to crack and that "the key simply isn't present"? That's a "gee" (or rather "d'oh") moment if I've ever heard one.
Is there even one complex, exposed (commercial), and high value target system in the tech world that stayed completely impenetrable for a decade? I'll say it again, HSMs are the closest thing to a tech fortress we have and one of the critical ways they achieve the security is by limiting the time the attacker has to extract the keys, by bricking itself absent a legitimate signal (some do, at least). Consoles are the next closest thing to a secure consumer device and the reason they don't get hacked faster is because the effort is futile with a permanently internet connected device.
Gaze real hard at that cloud and tell me, if you were a 30 year old and your name was in that phone, would you bet your freedom on the idea that an iPhone will stay impenetrable for the next 2, 5, or 30 years?
Anyway, good talk. And thanks for the valuable insights.
Last edited:
Upvote
0
(1
/
-1)
No - BFU devices hold a key. They don't hold the key. They hold a hardware key which is cryptographically combined with the PIN to make the actual decryption key. The hardware key alone can't decrypt your private data. There are devices where a biometric unlocks a key that is stored on the device, iPhones aren't those devices - which is why you can't unlock a phone from power on with a biometric.
Yubikeys aren't iPhones. Maybe check how the tech actually works before making these assertions that are so clearly wrong?
So even after you pull the hardware key off the phone using hardware hacking (which as discussed earlier there is no evidence that anybody has ever actually pulled off in practice with an iPhone) you still can't decrypt the data without brute forcing. If the password has enough entropy then even after getting the hardware key the government will never get the data.
Upvote
2
(2
/
0)
The Nazis objection to Jews was not Judaism per se (unlike almost all previous persecutions since before the second temple) but the biological taint of Jewish cultural identity (and no, that makes no sense to anyone else, not even the Nazi officials categorising mischlinge). That was an important difference: previously, converts to the approved religion (Roman paganism, the correct Christian denomination, or the correct branch of Islam) were safe, so long as they could convince the authorities that they had actually converted (which wasn’t easy, for fairly obvious reasons).
However, while the choice of Jews as the ultimate untermenschen was significant to those affected, it’s not particularly relevant to the structure of the ideology (eg the Indian Strasserites who have essentially replaced Jew with Muslim and left the rest of that pre-war ideology unchanged). There are more significant distinctions that also make trumpism significantly less stable than Nazism without the Nazis disastrous economic policies (not applicable to America today), but any community big enough to bother with and small enough to be practical targets can be substituted to suit local conditions.
Upvote
1
(1
/
0)
A single short press on the power/ID button does an ordinary screen lock, equivalent to win-l, but can be unlocked using Touch ID.
I believe you can set up a shell script that can disable fingerprint unlock and trigger that from a shortcut action, but I haven’t tested that all the privileges work correctly without further interaction (because the script needs sudo). Cmd-Opt-Ctl-power doesn’t do anything different to just power, at least for me.
Upvote
0
(0
/
0)
You can also clear the Touch ID setup so it just won't be available in any case, but obviously you'd then have to type in your password at every relevant opportunity which will expose you to others reading or recording it while you keep re-entering it.
Upvote
1
(1
/
0)
No, it is because a search warrant signed by a judge is considered "reasonable" in the eyes of the law.
Upvote
1
(1
/
0)
Yes, retry delays is the primary way brute force pin attacks are countered
Upvote
1
(1
/
0)
Dont all phones these days reset or brick the phone after just a handful of wrong PIN entries?
Upvote
0
(0
/
0)
On the Samsung S22 (One UI 8.0) it's possible to enable "Auto factory reset" after 20 incorrect unlock attempts (it's off by default).
Upvote
2
(2
/
0)
It's not the only way though ... even if you evade that it's slow, at least on iOS.
The passcode or password is entangled with the device’s UID, so brute-force attempts
need to be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. In fact, it would take more than five and one-half years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.
https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf
Upvote
1
(1
/
0)
Erasing to factory conditions can be enabled on an iPhone after ten attempts. Same on a Samsung phone I am told.
Now you don’t want your idiot mate to get hold of your iPhone and reset it. So there is a delay between attempts. The last two attempts take two hours, so some idiot needs to get hold of your iPhone for over five hours to erase it that way.
Upvote
2
(2
/
0)
Yes, but the entangled device key is exactly the lever that enforces attempts having to be done on the actual device and on the device the SoC enforces the delay.
Without the entangled and hidden device key an attacker could escape the delay enforcement on separate hardware, which would be the main motivation to try getting at the device key, and for Apple to counteract such attempts as securely as possible.
Last edited:
Upvote
0
(0
/
0)
Correct - if you can extract the hardware key then you can brute force low complexity passwords in a reasonable amount of time.
But you can't get around the 80ms in software, even if there are implementation errors that might allow you to get around the artificially introduced delays.
Upvote
1
(1
/
0)
Because that delay is enforced by the SoC hardware, and the device key cannot be read out by software to move the brute-forcing to an external system.
At least so far this seems to be a rather stable protection and I hope it will remain so for as long as possible!
Upvote
0
(0
/
0)
Years ago there was a bug in iPhones that allowed getting around the delay. You can read the complete encrypted content of the SSD and later write it back.
Now after five passcode attempts, obviously the number five has to be written somewhere and read again when you reboot the phone. It used to be written to the SSD. So if you made five attempts, shut down the phone, wrote the original SSD contents with a zero count back, and restarted the iPhone, you had ten attempts again. Still time consuming but you could crack 4 digits in a day or two.
This was fixed by writing the count to the Secure Enclave which is much much harder to hack.
Upvote
0
(0
/
0)
You can get around the programmed delay, assuming there is a suitable exploit but you can't get around the cryptographic delay, not on device anyway. That's the entire point of what that quote is saying.
There's no way (on-device) around the 80ms cryptographic delay because the device physically cannot generate the decryption key from the PIN any faster.
Last edited:
Upvote
2
(2
/
0)
Yes. And forensic investigators have discovered that if you reset the phone between each attempt, the counter tracking the number of attempts is cleared. Upside: you have to wait the entire reboot cycle for each attempt. Downside: you have an infinite number of attempts with a fixed delay.
And if this was modified so that the number of attempts was stored unencrypted on disk... well then, DFU mode would allow an attacker to continually reset that value to 0.
Upvote
0
(0
/
0)
I believe that is no longer correct on modern iPhones, the counter isn't stored in RAM or on the SSD but on special secure enclave storage, which has undergone several upgrades over time.
Cellebrite can't brute force any device tha has the 2nd gen Secure Enclave Storage Component.
Upvote
2
(2
/
0)
I believe they found a way to leverage debug mode to get around that? And that technique is disabled if the phone is in lockdown mode.
Upvote
0
(0
/
0)
Not according to their roadmap which I linked earlier and shows all devices from the iPhone 12 onwards as only accessible after first unlock.
Upvote
0
(0
/
0)
I don't have anything Apple...but I've had that problem frequently all over the place. PCs, Android devices, smart-locks, Busch Gardens (which apparently uses fingerprints to verify passes for the past some years), work ID cards...usually takes half a dozen tries to get the system to recognize my finger exists at all, and then its a toss-up if it saves the "data" whether or not it will work later or come up as a mismatch.
At work I was told they think its because they're too dry...but then using moisturizer my finger is detected reliably but it gets on the sensor and then it can't read the print thru the smudges so it still fails.
Upvote
0
(0
/
0)
Well with Tim Cook
Upvote
-6
(0
/
-6)
The distinction is simple:
FINGERPRINTS > 4th Amendmnet justification - Law enforcement are legally permitted to take DNA swabs and fingerprint sampes of a person they have been arrested. The courts that have ruled on this repeatedly for decades. Those courts tend to group using a fingerprint to bypass a security lockout as no different than taking said fingerprint sample for evidence. They point to the 4th Amendment laws surrounding the justification. THE CAVEAT HERE IS that the person that owns/controls the devices being compelled must be arrested for a criminal act in order to jsutify the device seizures and the compelled biometric unlocks.
PASSWORDS - 5th Amendment protection - This falls under the 5th Amendment Right Against Self Incrimination. A Password is somethign you know and retian mentally (unless your memory sucks and you write all your paswords down and keep them in plain sight then good luck with that argument). Law Enforcement and Courts cannot legally compell you to provide information that would directly lead to an admisison of incrimination (right to remain silent blah blah blah). Since you would have to source a password from memory then copy that information verbally or write it down or type it out and the law enforcement officers cannot simply turn you upside down and shake it out of you or roll your finger on a scanner or an ink pad to produce said password they cannot legally compel you to provide sid passsword if it leads to self incrimination.
Thos are the 2 main arguments in various spread out courts in various Federal Districts. The SCOTUS has not made an overall unifying ruling on any of this and they rightfully should have by now; however the caveat here is YOU REALLY DO NOT WANT THE CURRENT SCOTUS FOCUSING ITS ATTENTION ON BIOMETRICS VS PASSWORDS right now; because wtf ever the Heritage Foundation and whatever other groups controlling Congress and the presidency right now want is how the current SCOTUS will rule. The current SCOTUS will not look at this or any other topic objectively.
What is intersting here is that Natanson was not arrested and that she was a 3rd party to someone else who was arrested and charged. The 4th vs 5th Amendment comulsion arguments the FBI have are much more restricted and narrow - so unless there were specifics on the warrent - the wording here is presented as if it were a more general warrant and the recall of the oficers wordig soudns liek they implied they can do wtf they want to; whereas Natanson likely hda much more legal protection that the FBI seems to be ignoring when they compelled her to unlcok her devices. Good thing she locked that shit down.
Upvote
-1
(0
/
-1)
That wasn't kissing his arse, that was playing him. Trump is not the brightest bulb in any room, unless he is on his own. So giving him a shiny trinket was enough to satisfy his desire to be admired, and Tim Cook gave him a shiny trinket to avoid any situation where fighting for privacy is needed.
Upvote
4
(4
/
0)
Indeed. There is no evidence of Apple actually having compromised on any of their relevant policies.
As disgusting as Cook's public appeasement of Trump was/is, it's been more of an emotional pacifier than surrendering anything of substance.
And Trump isn't even particularly eager to erode privacy protections – his own closet is chock full of skeletons and not rattling its doors in any way (or those of any of his co-conspirators) is in his narrow self-interest.
It's more about industrial and trade policies where Cook tries to somewhat contain the damage to Apple.
Upvote
2
(2
/
0)
Apple's Touch ID is one of the most solid implementations (both in terms of recognizing correct and rejecting incorrect fingerprints) and many others are not quite on the same level, but besides wetness I've had a bit of trouble with it after some strenuous mechanical labour which had roughed up my fingertips;
And I've also heard that older folks find it working less well, but I'm not sure why that is; Could be a combination of changes in the skin and blood circulation being weaker so capacitive sensing gets more difficult.
Upvote
2
(2
/
0)