If the police have got one...
...it has already fallen into the wrong hands.
A secretive unlocking tool offered to cops and government agents has some computer security bods worried over its privacy implications. Known as GrayKey, the box is reportedly being marketed as a way to unlock iPhones without needing the key code. The hardware is reportedly offered in two forms: an internet-connected model …
The system works PROBABLY by overwriting one of the Apple CPU's (which is mostly ARM-based) instruction caches at the point where the Password entry counter is kept which indicates when to lock the phone. The on-chip operation is similar to the following:
Enter_Password;
If Password IS_INCORRECT then
Increment( Password_Entry_Count );
if Password_Entry_Count IS_GREATER_THAN FOUR then
Lock_Phone_Permanently
else
Allow_Entry_Into_Phone;
---
You just have to keep setting the hard-coded password-enrty count BACK to ZERO so that
ALL combinations of the entry code (9999 combination for many Android and older Apple phones)
can be tried until the phone opens.
Enter_Password;
JUMP_TO BYPASS_MEMORY_LOCATION <<< Insert jump code here
If Password IS_INCORRECT then
Increment( Password_Entry_Count );
if Password_Entry_Count IS_GREATER_THAN FOUR then <<< or reset hard-coded password count
Lock_Phone_Permanently
else
BYPASS_MEMORY_LOCATION: Allow_Entry_Into_Phone;
For FINGERPRINT and FACE-RECOGNITION-based phones, you just have to find the memory location where the HASH-CODE value for the Fingerprint and/or Faceprint digital signature is kept and copy that hash-code and present it to the phone at the memory location where it is kept in cache.
The phone interprets the copied data as the real code and unlocks the code even IF the hash code is encrypted. Just make sure you send back your own or a specially re-encrypted hash code value BACK to the faceprint or fingerprint decrypt and recognition algorithm.
You can also electrically SHORT the YES/NO circuit pathway to the phones bootstrap operation where the phone thinks the face recognition, faceprint or unlock code has ALREADY been entered and validated simply by overwriting the memory location WHERE the accept/reject security credentials branch occurs with an appropriate JUMP CODE that simply BYPASSES the entire verification process.
The microcode where this occurs, is loaded from the encrypted BIOS portion of Apple phones and put into a secured cache area which can be OVERWRITTEN with the appropriate JUMP instructions If the phone tries to verify the loaded instructions via a hash code comparison with a hard-coded digital signature or other credential, just overwrite the comparison process with a bypass JUMP code and continue onto the rest of the bootstrap process.
NOT THAT HARD TO DO !!! Even with the rather secure bootstrap process of Apple Phones which use MULTIPLE verifications during boot-up.
if you have physical access to the phone then you can short specific pins on the PIC and get it to release your asymmetric key under various scenarios to figure out HOW the key is created so you can recreate your own new key for presentation to the CPU.
I highly doubt that Apple or Google would keep a full key on a PIC but rather create a NEW key based upon parts of the obtained biometric signature AND from internal hardware serial numbers/signatures on an as-needed basis. You just want the ALGORITHM and THEN you can recreate your own keys for ANY type of phone you are trying to dissect or decrypt.
"Like people ever get their stuff back after it's stolen, er seized, by the police..."
I'm sure your high priced lawyer will be able to get it returned.
Wait, you are rich enough to afford a high priced lawyer aren't you? Because otherwise you're poor and there's probably a law against that.
That hasn't changed.
If someone you don't trust has unrestricted access to your phone, for two hours continuously...
... it's over. Forget it.
Historically this has always been true. It seems there was a brief period when we were all anxious to pretend it no longer applied, but that was only ever an illusion.
"Historically this has always been true. It seems there was a brief period when we were all anxious to pretend it no longer applied, but that was only ever an illusion."
I'll say! Back in my day we had to tattoo our secret stuff inside our butt cracks. Then the bulls got wise, and it was "Spread 'em!" every time!
The company has already taken the money from buyers, who will have a useless device when the exploit is patched in a new version of iOS.
If they can get hold of a new 0 day they can sell law enforcement an update (or whole new device) to work with that new version of iOS and get paid again. Lather, rinse, repeat.
Seems like they have their business plan pretty well figured out...at least until Apple fixes whatever underlying problem is allowing them to apparently guess passwords at wire rate!
Chief of Police replies, "No, it cannot be stolen. We keep it locked up in our secure vault, right beside the illegal drugs and illicit cash that we have seized. Here, let me show you. It's right in here beside... HEY! Who stole all the drugs and cash, again? And where's that $30,000 gadget?"
People that sell stolen used iPhones would pay $100,000 for the gadget. But those people that make and sell brand new iPhones might pay a million.
Gone In 60 femtoseconds. There will be a loud clap sound as the air rushes in to refill the 4x4x2-inch box shaped hard vacuum where the gadget used to be.
It's almost a game it seems but it's not. It's real and it can have real bad implications. I can understand that the cops would want one. But should they actually be allowed to have one? Seems that the IT industry just keeps chasing it's tail here with exploits, patches, etc. And then with this, due process falls by the wayside.
The old saying "nothing to hide, nothing to fear" is not (maybe it never was) true. In this case, there's a lot to fear even if you haven't done anything wrong. Once the phone has been broken, anything can be planted on it.
If you don't want mandated backdoors, I think this is the lesser evil.
Of course, there are risks - it's inevitable. But it's still better than allowing someone to claim the need of unrestricted surveillance.
Anyway, I would ditch any electronic device (and any related account) after it has been seized for any reason.
Face it: police has a mandate to stop crime, and it needs to find evidences. With a valid warrant, they can open doors, safes, etc. etc. They can tap phones, install cams and microphones. It's a matter of fact - even democratic constitutions have provisions to allow for evidence gatherings as long as they abide to the law. Even privacy is not an unlimited right - or say bye bye to any kind of justice.
Smartphones are no different. If there is a technical way to "open" something legally in search of evidences, they will do - and yes, someone will do a business of it - they always did. This business could be less or more ethical - and may need to be regulated, and yes, there's a risk they could end in the wrong hands.
It's like weapon, it can be a gun in the hands of a police officer saving you, or an AR-15 in the hands of a murderer shooting at you, if there is no sensible regulations and controls.
Still it's better that there are expensive, difficult and limited ways to achieve it - because otherwise there will be a mounting pressure for backdoors, and it could be successful.
It's not hard to understand, but of course the anarchist conspirationists that permeates the Internet see any kind of law enforcement as some kind of evil - until their are the victims.
Dear Sir,
The problem in not so much that there is such a device. The problem is that the police has access to it.
Now, I agree, that they need to be able to do their job, but even with the limited information they have today, they fail to do most of their job. Increasing the amount of information isn't going to make that better.
Also, if the police really thinks that this person is the perpertrator, it is indeed quite handy for them to be able to plant evidence on a device once they have unlocked it.
I do not know what the best solution for society is, however I do feel that unfeathered access to people's belongings is not something that the police or indeed the government should have.
Best regards,
Guus
So, you don't trust police. Buy an AR-15 and hide in the woods. then.
I understand there are a lot of morons in the police too. There are also good people who pursue true criminals respecting the law.
Would you like a world without law enforcement? Where only the powerful ones can enforce their own rules? And do you believe they will respect your rights to privacy, property, and life?
It's this anarchism that is destroying the foundation of democracy, and sends people like Trump to the top spots - and eventually you'll get exactly what you feared.
"unfeathered access to people's belonging" is against the law. "Planting evidences" too. And if they don't abide to the law, they can plant evidences outside your devices as well.
It can happen? Sure. Wearing a tinfoil hat won't save you - act to ensure democracy stands and it's not turned into a parody of it.
@LDS "Would you like a world without law enforcement? "
Another false dichotomy - most aren't arguing for that, what they want is a world where the police, all of them, are held to account for their abuse of power, not just let off the hook due to the colour of the victim's skin or the power of the police union, or which state official the Chief of ̶S̶t̶a̶s̶i̶ Police is dining with tonight.
Currently, there are only two kinds of cops - bad cops and those who cover for bad cops.
̶
So, you don't trust police. Buy an AR-15 and hide in the woods. then. *
Well, if that's not a sure-fire way of getting their attention, I don't know what is.
* Might work in the US as long as the authorities think you are just a lone nut hermit and not some Cult, but try it in one the tame forest parks in the UK. You'd end up 'Brazilianed' even if it were a plastic AR-15.
"Would you like a world without law enforcement? Where only the powerful ones can enforce their own rules? And do you believe they will respect your rights to privacy, property, and life?"
Professional policing was invented by Sir Robert Peel in the 1820s. Civilization existed before then. Police forces are an optional extra, not something essential for the existence of civilization.
https://www.thebalance.com/the-history-of-modern-policing-974587
Sir ! In support of /your/ post, I cite Stoke Newington Police Station ...
https://socialistworker.co.uk/art/4885/Metropolitan+Police%3A+a+long+history+of+corruption%2C+racism+and+criminality
https://en.wikipedia.org/wiki/Death_of_Colin_Roach
not enough to convince you ?
https://duckduckgo.com/?q=corruption+and+criminality+at+stoke+newington+police+station+london&t=ffab&atb=v98-1_b&ia=web
Smartphones are no different. If there is a technical way to "open" something legally in search of evidences, they will do - and yes, someone will do a business of it - they always did. This business could be less or more ethical - and may need to be regulated, and yes, there's a risk they could end in the wrong hands.
Still it's better that there are expensive, difficult and limited ways to achieve it - because otherwise there will be a mounting pressure for backdoors, and it could be successful.
====================================================================
The compromise of personal devices
1. provides a level of ubiquitous surveillance of both the owner and all interactions with other people or information unmatched, or even unapproximated, at any previous time
2. can often be automated at low cost as the technology matures, allowing use without economic or practical limits, and thus permitting the targeting of entire groups or populations.
3. produces information that cannot be secured. If rich governments of technically advanced nations cannot protect the information needed for top secret vetting, the design of their nuclear weapons, and the technologies of their not yet in service 5th generation jet fighters, (and those are only the failures we know about) why would anyone think they will successfully protect databases containing every useful piece of personal information about everything and everyone
4. these techniques will be redeveloped, copied, stolen, rented, and otherwise compromised by anyone with an ever decreasing amount of skills, cash, ruthlessness, or other forms of leverage or technical competence.
The only hope for individual freedoms and personal rights is a determined and continuing effort to completely prevent certain types of surveillance and monitoring, without any designed or tolerated exploits or 'doors' of any type.
The key phrase in your contribution is:
"It's like weapon, it can be a gun in the hands of a police officer saving you, or an AR-15 in the hands of a murderer shooting at you, if there is no sensible regulations and controls."
What you seem to be unaware of is that there ARE no SENSIBLE regulations and controls on the police (or any other agents of the state who might use technology like this on your phone/laptop/desktop etc)
We'd all be a lot more comfortable with State Surveillance if we knew (and could prove) that those doing the surveillance were themselves under the strictest form of surveillance. That's why I keep rabbiting on about Accountability Theatre.
"of course the anarchist conspirationists that permeates the Internet see any kind of law enforcement as some kind of evil - until their are the victims."
I was with you until this sentence -- this completely misrepresents the resistance to police surveillance.
"If you don't want mandated backdoors, I think this is the lesser evil."
Genuinely puzzled by that remark. The possibility of products like this (inevitably falling into the wrong hands) is one of the main reasons *why* people don't want mandated 0-days backdoors.
"I would ditch any electronic device (and any related account) after it has been seized for any reason."
This. Once you've lost control of the device to that extent, it is completely untrustworthy. Also, for those who are truly concerned, don't rely solely on the built-in security measures for your security.