[ad_1]
Apple has apparently been able to permanently block the decryption technology of a mysterious Atlanta-based company, whose black box device has been adopted by government agencies to bypass the access codes for iPhone.
Grayshift, based in Atlanta, is one of two companies to say it could thwart the security of Apple's iPhone codes through brute force attacks.
Black box technology has allegedly worked, Grayshift's technology having been seized by regional law enforcement and winning contracts with the US Immigration and Customs Enforcement (ICE) and Secret Service.
Cellebrite, another Israeli-based company, has also discovered a way to unlock encrypted iPhones under iOS 11 and has marketed its product to law enforcement agencies and private crime companies around the world. According to a police warrant obtained by Forbes, The US Department of Homeland Security has tested the technology.
Several sources familiar with the GrayKey have said Forbes This device from GrayKey can no longer decrypt the access codes of any iPhone running iOS 12 or higher.
iOS 12 was released by Apple last month.
The use of the Grayshift decryption device – a 4-in. x 4 in. case with two Lightning compatible iPhone cables – was discovered by Motherboard; he reviewed public records of police departments and emails obtained from federal agencies revealing the purchase of the device. The GrayKey box could apparently unlock an iPhone in about two hours if the owner was using a four-digit authentication code and three or more days if a six-digit authentication code was used.
GrayKey's competitor, Cellebrite, also sold its Universal Forensic Extraction Device (UFED) to law enforcement, including a $ 558,000 contract signed with ICE in August, according to a statement. Application under the Freedom of Information Act filed by the Electronic Privacy Information Center (EPIC)
A request for comment made today by Apple was not immediately returned.
The UFED Cloud Analyzer tool can unlock, decrypt and extract data from the phone, including "real-time mobile data … call logs, contacts, calendar, SMS, MMS, media files, data from the phone." 39, applications, online chats, passwords, "according to the FOIA request. .
The technology can also extract private information without a password from private cloud-based accounts, such as those used by Facebook, Gmail, iCloud, Dropbox, and WhatsApp.
Grayshift reportedly hired a former Apple security engineer.
If the devices did not work, the police would not buy them
Nate Cardozo, a lawyer at the headquarters of the Electronic Frontier Foundation (EFF), a nonprofit digital rights advocacy group, said earlier this year that he thought the encryption of the company was "not enough." iPhone had been cracked. Otherwise, law enforcement agencies would not buy the hacking technology.
"The FBI blew and said it could not get into the iPhone, and then we discovered that it was not true … the night even before the hearing. [to decide the case]"Said Cardozo.
He was referring to the investigation of the San Bernardino shooter, Syed Rizwan Farook. The FBI initially maintained that he was unable to decipher the access code of an iPhone used by Farook.
The Department of Justice has asked the courts to force Apple to comply with an order to unlock the device. one judge granted the request, but was slow in making his final decision before hearing arguments from both sides. The evening before the hearing in court to settle the case, the agency announced that she had received help from an outside group.
The FBI's attempts to get Apple's help to decrypt the iPhone have been rejected. Apple maintained that breaking an iPhone would weaken the safety of everyone else.
The information that two methods of decryption on the iPhone were widely available to government agencies did not surprise analysts, who said it was inevitable.
"Unbreakable encryption does not exist," said Jack Gold, senior analyst at J. Gold Associates. "The idea is to make the task as difficult as possible by adding encryption layers or long keys to code, decode, but a decoder can decipher it, with enough tools and time."
The GrayKey box is selling for $ 15,000. This model is georeferenced to a specific location, requiring an internet connection allowing up to 300 unlockings. There is also a $ 30,000 GrayKey model that can be used regardless of Internet connectivity and offers unlimited unlocking of devices, depending on Motherboard.
Conversely, Cellebrite charges $ 5,000 to unlock one iPhone, according to Malwarebytes.
EFF's Cardozo said that consumers should not worry too much about iPhone's hacking technology, as law enforcement agencies still need to get a court-issued warrant to unlock a device.
However, those concerned with privacy rights should understand that once anti-piracy technology becomes available, it will be reasonable to assume that law enforcement agencies will not be the only ones available. to have access to it.
"If you think the only people who will have access to GreyKey or Celebrate are the cops, I have a bridge to sell you," Cardozo said.
Apple's first efforts to limit access to the forces of law and order
Apple has taken its own steps to further limit unauthorized access to locked iOS devices. In its beta version of iOS 11.3, Apple introduced a feature called USB Restricted Mode.
The security software provider Elcomsoft has for the first time discovered this new feature, deeply rooted in the documentation of the beta. The feature was apparently removed from iOS 11.3 before it was released publicly.
The documentation describes the new feature as a way to "improve security".
"For a locked iOS device to communicate with USB accessories, you must connect an accessory via the Lightning Connector to the device when it is unlocked (or enter your device's code when it is unlocked). he is connected) at least once a week. "
If an iOS device is not unlocked after seven days, the lightning port of an iPhone or iPad becomes a simple charging port, locking any data connection at the same time. USB interface, according to the description of Elcomsoft.
"Its effect on password unlocking techniques developed by Cellerbrite and GrayShift has not been seen yet," Elcomsoft explained in his blog post.
Just this week, Apple CEO Tim Cook reiterated the company's efforts to protect user privacy at a conference of European privacy commissioners in Brussels.
Source link
