[ad_1]
Apple passcodes. Apple iphone-based company by iphone-iphone.
Atlanta-based Grayshift is one of two companies that claimed it could thwart Apple iPhone passcode security through brute-force attacks.
The blackbox technology has been successfully developed, and has been contracted by the United States Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.
Another vendor, Israel-based Cellebrite, also discovered a way to unlock encrypted iPhones running iOS 11 and marketed its product to law enforcement and private forensics firms around the world. According to a police warrant obtained Forbes, the U.S. Department of Homeland Security tested the technology.
Multiple sources familiar with the GrayKey have told Forbes that running iOS 12 or above.
iOS 12 was released by Apple last month.
The use of Grayshift's de-encrypting device – a 4-in. x 4-in. box with two iPhone-compatible Lightning cables – was first discovered by Motherboard; it has been reviewed by public authorities and obtained from the United States. The GrayKey could have been unlocked if it used to be a four-digit passcode if it had a six-digit passcode was used.
Forensic Extraction Device (UFED), a $ 558,000 contract signed with ICE in August, according to a Freedom of Information Act filed by the Electronic Privacy Information Center (EPIC).
A request for comment today from Apple was not immediately returned.
The UFED Cloud Analyzer tool can unlock, decrypt, and extract phone data, including "real-time mobile data … call logs, contacts, calendar, SMS, MMS, media files, data apps, chats, passwords," according to the FOIA request .
The technology can also extract private information from private cloud-based accounts, such as those used by Facebook, Gmail, iCloud, Dropbox, and WhatsApp.
Grayshift is reportedly hired to train Apple Security Engineer.
If the devices did not work, police would not be buying them
Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation (EFF), said this year was one of the reasons the iPhone's encryption had been cracked. Otherwise, law enforcement agencies would not be buying the hacking technology.
"The FBI huffed and puffed up and said that it's not going to get into the iPhone [to decide the case], "Cardozo said.
He was referring to the investigation of San Bernardino gunman Syed Rizwan Farook. The FBI was not able to use the password on an iPhone used by Farook.
The Justice Department petitioned the courts to force Apple to comply with an order to unlock the device; a judge granted the request, but delayed making a final decision until hearing arguments from both sides. The evening before a court hearing, the agency announced it had gotten help from an outside group.
The FBI's attempts to get Apple to help with unencrypting the iPhone were rebuffed. Apple maintained that to break into an iPhone would be weaken security for all others.
The news that two unencrypting methods were not enough analysts, who said it was inevitable.
"There is no such thing as unbreakable encryption," said Jack Gold, senior analyst with J. Gold Associates. "The idea is to make it as long as possible by adding layers of encryption or long keys to encode, decode.
The GrayKey box retails for $ 15,000. That model is a specific location, requiring an internet connection that allows up to 300 unlocks. There is also a $ 30,000 GrayKey model that can be used independently of internet connectivity and offers an unlimited number of devices unlocks, according to Motherboard.
Conversely, Cellebrite charges $ 5,000 to unlock a single iPhone, according to Malwarebytes.
EFF's Cardozo said consumers should not be overly concerned about iPhone-cracking technology because law enforcement agencies must still obtain a short-issued warrant to unlock a device.
But those concerned about privacy rights should be aware that it is reasonable to believe that it will not be possible to gain access to it.
"If you believe the only people with access to GrayKey or Cellebrite are the cops, I have got a bridge to sell you," Cardozo said.
Apple's early efforts to limit law enforcement access
Apple took its own steps to further limit unauthorized access to locked iOS devices. In its beta release of iOS 11.3, Apple introduced a feature known as USB Restricted Mode.
Security software vendor Elcomsoft first discovered the new feature, which was buried deep within the beta release documentation. The feature was apparently cut out of iOS 11.3 before it was released publicly.
The documentation describes the new feature as a way to improve security.
For For locked iOS via iOS via iOS via iOS via iOS via via via via via via via via via via via via via via via via via via via via.
If an iOS device is not unlocked after seven days, an iPhone's or iPad's Lightning port turns into nothing more than a charging port, locking out any data connection to the USB-interface level, according to Elcomsoft's description.
"Its effects on passcode unlocking techniques developed by Cellebrite and Grayshift is yet to be seen," Elcomsoft explained in its blog post.
Just this week, Apple CEO Tim Cook reiterated the company's efforts to protect user privacy at a conference of European privacy commissioners in Brussels.
Source link
