Free Republic
Browse · Search		 News/Activism
Topics · Post Article

Skip to comments.

Cellebrite Claims Its New Software Can Crack iPhones and iPads Running up to iOS 12.3
MacTrast ^ | Monday, June 17, 2019 11:25 am | By Chris Hauk

Posted on 06/19/2019 7:36:21 PM PDT by Swordmaker

click here to read article

Navigation: use the links below to view more comments.
first previous 1-2021-27 last
To: TheBattman
I’m curious how their brute force attack can even run - since iOS flips its lid after only a few incorrect attempts...

That’s what GreyKey’s and Cellebrite’s hacks do: they get rid of the flipping lid. It allows a unlimited number brute attempts at guessing the passcode within the interior limited speeds allowed by the Secure Enclave Encryption processor. The delays between attempts are also bypassed. I believe the internal delay is a little over one second between attempts.

Both use a list of most common passcodes to begin with, such as 1234, 4321, the corner numbers, the cross pattern, diagonals plus zero, etc., then move on to known information about the suspect such as birthdays, anniversaries, etc, input by the authorities, then move on to other known patterns people like to use. They then go to brute force.

21 posted on 06/20/2019 10:09:36 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 18 | View Replies]
To: Natty Bumppo@frontier.net
The Find iPhone app allows for the user to remotely erase the phone, providing the phone is on and still connected to a network.

Both GreyKey and Cellebrite recommend using their products in a Faraday cage or shielded room where no signals from outside are present, thus blocking any attempt from owners, agents, henchmen, or family to erase the device by FindMyiPhone.

Both bypass the countdown attempt erasure built-in by Apple and allow unlimited brute force attempts at guessing the passcode. The only method of preventing that break-in is to use a complex passcode that requires an amount of time that causes them to give up. A seven character alphanumeric plus symbol passcode is such a complex passcode that will take thousands, if not millions of years to try all the possible passcodes.

22 posted on 06/20/2019 10:14:56 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 19 | View Replies]
To: Natty Bumppo@frontier.net
There is nothing Apple, or any other cell phone vendor can do to close those vulnerabilities. They are the responsibility of the cellular providers, who have no real incentive to fix them.

Actually, there is, at least for messaging. iMessage has bi-directional 256bit AES encryption which is uncrackable. The encrypted data can be intercepted, but for the interceptor, all they get is incomprehensible gobbledegook. It doesn’t help with email or voice communications.

23 posted on 06/20/2019 10:23:23 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 19 | View Replies]
To: Swordmaker

For email, you can PGP encryption. . .


24 posted on 06/20/2019 10:26:08 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 21 | View Replies]
To: zeugma

“One thing I’d like to see as an option is the ability to change how often you do need to enter it. “

Remember that up up to date iOS phones have the emergency feature;

press the power button quickly five times and it will lock the phone and require manual entry of the password to open, (and will also call 911 or other preset emergency contacts).

Check Settings for details.

I do it whenever i leave the house (I try not to use the phone on the street).


25 posted on 06/21/2019 3:46:39 PM PDT by BTerclinger (MAGA)
[ Post Reply | Private Reply | To 20 | View Replies]
To: BTerclinger
press the power button quickly five times and it will lock the phone and require manual entry of the password to open, (and will also call 911 or other preset emergency contacts).

Yeah, I'm familiar with that. Still would like to have 2 passwords. One to open, and one to wipe.

26 posted on 06/22/2019 6:20:47 PM PDT by zeugma (Power without accountability is fertilizer for tyranny.)
[ Post Reply | Private Reply | To 25 | View Replies]
To: zeugma

its a good idea.


27 posted on 06/23/2019 1:59:49 PM PDT by BTerclinger (MAGA)
[ Post Reply | Private Reply | To 26 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-2021-27 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 News/Activism
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson