FBI stymied by Apple’s Lockdown Mode after seizing journalist’s iPhone

Status
You're currently viewing only adespoton's posts. Click here to go back to viewing the entire thread.

adespoton

Ars Legatus Legionis
10,711
As previously reported, the FBI executed a search warrant at Natanson’s home as part of an investigation into a Pentagon contractor accused of illegally leaking classified data. FBI agents seized an iPhone 13 owned by the Post, one MacBook Pro owned by the Post and another MacBook Pro owned by Natanson, a 1TB portable hard drive, a voice recorder, and a Garmin watch.
I shudder to think what would happen if authorities found some reason to visit my home. I've got collections of computers and computer-adjacent electronics going back to the 1980s.

Not a lawyer and the language may not be correct, but I believe it boils down to your fingerprints (and face for that matter) are "publicly accessible," while something like a password or PIN is private knowledge.
Yeah; and this is the reason that my work devices require a PIN before you get to the Yubikey prompt (which also needs a different PIN), and I never use index finger or thumbprints for unlocking my personal devices. And I use a full keyboard password instead of a numpad PIN on my phone, so a robo-unlocker is going to have serious difficulties.
 
Upvote
97 (97 / 0)

adespoton

Ars Legatus Legionis
10,711
Dont all phones these days reset or brick the phone after just a handful of wrong PIN entries?
Yes. And forensic investigators have discovered that if you reset the phone between each attempt, the counter tracking the number of attempts is cleared. Upside: you have to wait the entire reboot cycle for each attempt. Downside: you have an infinite number of attempts with a fixed delay.

And if this was modified so that the number of attempts was stored unencrypted on disk... well then, DFU mode would allow an attacker to continually reset that value to 0.
 
Upvote
0 (0 / 0)

adespoton

Ars Legatus Legionis
10,711
I believe that is no longer correct on modern iPhones, the counter isn't stored in RAM or on the SSD but on special secure enclave storage, which has undergone several upgrades over time.

Cellebrite can't brute force any device tha has the 2nd gen Secure Enclave Storage Component.
I believe they found a way to leverage debug mode to get around that? And that technique is disabled if the phone is in lockdown mode.
 
Upvote
0 (0 / 0)
Status
You're currently viewing only adespoton's posts. Click here to go back to viewing the entire thread.