In case anyone shares my confusion: they aren't talking about unlocking in the sense of removing carrier restrictions, but rather in the sense of disabling the security features of the device to access the data stored on it.
That's what I got from the article, the key was wiped because of X many tries so Apple can't "unlock" the data on the device (excluding everything backed up to apple cloud).
In the future they will use shady FinFisher iTunes and other exploits to grab the data then seize the phone.
I was similarly confused. While the HN title accurately reflects the Reuters title, I think it'd be reasonable to retitle the submission to something along the lines of "Apple: breaking encryption on devices running iOS 8 and newer 'would be impossible'", or something (point being to highlight that we're talking about the encryption issue, not carrier).
iOS devices have a "lock screen" where to use the device you have to enter a passcode or password or fingerprint to gain access to the device. Usually if you pick up someone's phone this is the screen that you see.
Note the "slide to unlock" message at the bottom. If you asked most users what it means to unlock a phone, this is what they would think of, as they see it every day.
What possible citation could be better than the one provided? Apple has sold over 1 billion of these devices and they all share the same lock screen UI; 500,000 search results on Google pales in comparison as a citation.
Edit: I understand your point and agree that unlocking a device would not mean exactly the same thing to all people. I just don't agree that the parent needed an additional citation.
iPhone user here, and my first thought upon reading the headline was "unlocking" in the sense of carrier locks. Given that Apple sells unlocked phones in the first place, my mind immediately switched to the actual meaning of the headline. But still, there was a moment of confusion.
I'm not too familiar with how iPhone hardware is put together, but is there a possibility of performing a forensic extraction of the flash memory and performing a brute-force attack offline? Or does the conversion of PIN to the storage encryption key happen in the secure enclave, which may resist such forensic meddling?
You probably can, but this isn't to access the phone of some international criminal mastermind but of some guy that was picked up on the corner for peddling drugs. Its not like the NYPD can dump 500,000 or more for every phone they need to access.
What worries me is that this will lead to laws being passed that will criminalize refusal to hand over passwords and encryption keys.
Each iPhone comes with a unique key burned into the processor. I believe the PIN is cryptographically combined with the unique key to derive the encryption key on device. That makes offline brute-force intractable without knowing the unique key (or somehow getting it out of the chip by looking at it or something, but it won't be easy).
Ah yes, the infallible password that's really small and hard to see. I'm sure the guys at the NSA were all "man we'd need, like, a microscope or some shit to read that!" and just went to lunch and called it a day. There is literally nothing Apple could do to have a key of some sort on their processor that wouldn't be laughably easy for a well funded organization to get access to.
I am no expert in that sort of stuff, so I have no estimate of the difficulty of it. I'd imagine it's too costly to be worth doing on every random iPhone in every random investigation, but if someone really really wants it, then yes. The weakest link most of the time remains the stupid unencrypted iCloud backup.
If you actually care about security, use a long alphanumeric password. It's not a big hassle when you have Touch ID. If you are ever in trouble, try turning the iPhone off immediately or quickly touch your fingerprint reader a few times with a wrong finger or enter the passcode wrong five times (so that Secure Enclave discards the cached decryption key and no longer accepts fingerprints). Also, use Apple Configurator tool to make your iPhone "Supervised" and don't let it pair with any new computer. And disable iCloud backup entirely.
If you really care about security from an organization like the NSA, the only option is either to have it be entirely air gapped or to be entirely open source, including BIOS and UEFI firmware and anything else that might run on the hardware. There are really no feasible options, and especially so in phones.
Not being able to read the key material with a microscope (optical or electron) is a specific design goal for these things. This takes me back more than 30 years to my very first job, the summer between high school and college. I had to disassemble and modify a number of crypto units used in the banking industry. These things had all sorts of mechanisms to make it hard to access the key, including zapping the EPROM containing the key with very high voltage if any of the case intrusion switches were tripped. My boss cheerfully informed me that the previous model had used a small explosive charge, and this new one was a safer alternative!
the secure enclave stores the actual encryption key. I'm not sure if it's just unlocked or generated from the PIN, but in either case they can only brute force the actual encryption on the flash and not the pin offline.
Hardware. There is a chip (or a SoC component) called Secure Enclave that holds the real encryption key and accepts PINs or fingerprint data and releases the key.
Of course, there is the potential that Secure Enclave could be updated with new microcode (I have no idea if that is actually possible).
After a few invalid attempts, it forces you to wait a while before trying again, increasing the wait time each time. One can also set the phone to wipe itself after 10 failed attempts.
* Wipe after 10 unsuccesful PIN attempts
* Be configured with a 6 digit numeric PIN code
* Be configured with an unlimited alphanumeric password
* Exponentially increase delay between PIN attempts after
unsuccessful entry - for example 3 attempts in 3 seconds,
next attempt after 10 seconds, next attempt after 60
seconds, next attempt after 4 hours, next attempt after
24 hours, next attempt after a week, next attempt in a
year (making up numbers to prove a point)
These are mostly moot points. They don't have robots trying millions of passwords on phones. They make an image of the phone's memory and brute force it elsewhere. Even a 6 digit code would be cracked in seconds, at most.
False. The PIN is an input to the onboard HSM, which holds the actual key. The HSM itself enforces rate limiting and, if you have the right setting enabled, wipes its contents after N bad PINs.
Physically interfering with the delay/wipe mechanism should be possible. You only have to build the solution once. I can see that this makes it much harder up front, but eventually this too will get cracked.
Since each HSM has a unique key, wouldn't you have to decap one chip for each phone to recover the keys? I think that is sufficient protection to make decrypting phones unfeasibly expensive for most cases.
Indeed this has been done: someone programmed an RPi/Arduino to cut power to the phone after PIN verification and before the PIN attempt was persisted. This effectively defeated rate limiting and the 10 attempt limit. However I believe that was the 5S, and that seems like a fixable bug (record the PIN attempt before verifying the PIN).
Why is it unlikely? It's perfectly plausible to emulate any sort of hardware. What sort of magic sauce does Apple have to make a piece of hardware that can't be replicated and modified?
A replicated HSM doesn't contain the key that the data is encrypted with. You'd need to modify the HSM that has the right key in it. The point of an HSM is to fight you very, very hard on that front by dumping the key if it detects anything shady.
And due to their black-box nature, they are very likely invisibly compromised by the five eyes. Every CEO of a major technology company, including those that manufacture HSMs, is well aware of the lessons taught by Joe Nacchio.
"Disassemble phone, desolder security module, dissolve the outer layers in hydrochloric acid, cut the silicon into 16nm slices, scan each layer with an electron microscope" impractical.
You're missing the point. They don't need to input a pin. There's no phone involved in the process at all. They image the memory and put it on some server for processing. If there's an intermediary step, like an HSM, it is not difficult for something like the NSA to emulate.
You give the HSM the pin, it returns the key used to encrypt the data, applying the rules to that interaction with you. Emulating the HSM doesn't help since it is that phone's specific HSM with the key it knows that you need to access.
You can't. Crypto is done on a separate piece of silicon and dumping memory or NAND will get you nothing but scrambled bits.
From a cold boot user data is not loaded into memory until a correct pin has been entered once, and since A5 nobody has managed to compromise their bootchain it is not really viable to exploit either.
To break such a system is not impossible, but would require some heroic effort, even nation states would probably resort to some side channel or the proverbial five dollar wrench.
You claim the contents of memory are encrypted with a 4-digit PIN; I'm telling you this is false, they're encrypted with a 256-bit key held inside the HSM [0]. It matters because a 4-digit AES key is indeed trivial to crack but a 256-bit key is not.
I'm not sure you understand what an HSM is. It doesn't help to "emulate" one. An HSM performs cryptographic operations under certain conditions (such as correct PIN entry) using internally stored keys. The whole point is that you can't get the keys out, only use them. If you had another HSM, or a logical model of one, it wouldn't contain the right keys.
Certainly as engineered systems, it's possible for HSMs to contain vulnerabilities, but getting the key out of an HSM is a much more sophisticated task than cracking a keyspace of just 10,000 possibilities. Possible, maybe.
Well, given that the Secure Enclave is a processor, I suspect the relevant statement in the whitepaper just means that it's done by software on the SEP rather than the main processor, not that it's done purely by hardware. I could be wrong. But if I'm right, note that the SEP will take firmware upgrades signed with Apple's key, same as the main processor.
Maybe fixed now, but there was someone who got around the 10 unsuccessful (an perhaps the last one as well) by shutting the device off after an attempt was failed (like 0.001ms, not manually)
By "shutting it off" you mean they inserted themselves in between the battery and device and instantly cut power at the right time. Not something that you can easily do to an arbitrary device (especially if you have to give the device back).
And I don't know for sure, but I feel like that one was fixed at some point.
To everyone replying to this comment saying that you can set a limit and then the phone will wipe itself after the limit has been reached - that point is moot. Although I wish it wasn't so, there are a couple people who were able to setup a mechanism to brute force an iPhone pin by shutting off the device before it registered an unsuccessful attempt therefore ... giving you limitless potential.
Seems more of a mechanical setup, rather than this guy's video. Like put a kill switch ON THE PATH (i.e. before signals reach) the "Okay iPhone, register this failed attempt" destination.
The automatic thing is just an automatic exploit of the same issue[0] (forcefully cutting power rather than powering off with the buttons might make it more reliable.) It's called an iPBOX and AFAICT it doesn't support iOS 8.1.1[1], when the issue was fixed.
Other commentors have pointed out that the PIN/crypto stuff is handled by dedicated hardware designed to resist tampering, probably pretty much state-of-the-art. The issue before was a software issue. Now that it's fixed it's very hard to completely hack the hardware and would have to be done to each phone individually: https://news.ycombinator.com/item?id=10424439 I'm not an expert, but I imagine intercepting the signal would be just as hard, as the signal is contained within one tiny chip and it might not even be possible to reliably modify a circuit on that scale. You can't just replace the chip with a no-PIN version either, because it contains a unique crypto key to the data you presumably want from the phone. This also makes modifying the chip difficult, because if you screw up you could lose the key.
I'm not quite sure why I was getting down-voted. This is what I (admittedly should have included earlier) was referring to: https://youtu.be/meEyYFlSahk. Try the password and before the system can register the password attempt, cut the power. I'm actually curious if this is something impossible to fix, almost in a mathematically provable way.
My 6 year old was very excited to find the passcode feature on his iPad and disregarded Daddy's direct warnings that if he kept changing the passcode ("soccer", "baseball", etc.) he wouldn't be able to remember the result and would get locked out. This, of course happened, and after some tears, the solution was for me to remote wipe the iPad and then restore from iCloud backup. The whole process was an extremely impressive mix of security and usability.
Where would that software auto-update get the decryption key from? If the user has enabled a passcode, then their passcode is used in generation of the key used to protect the disk encryption key.
Even if apple did push an update, the user would still have to unlock their device post-update.
The update could wait for the next time the user types in that password. If you own the phone (which you do if you can push OS updates), you can own the data on it. There's no way around that, unless the phone is already confiscated or the user knows to not type in their password.
Unless Apple already inserted a secret backdoor that allows for forced updates, you don't have to update the phone when it prompts you. The closest I've seen it get is a reminder that asks you if you'd like to schedule an update for 2:00 AM or some such time, and then asks for your passcode to do so. You still need to type it for the explicit purpose of updating for it to go through.
I don't remember that happening to my phone, but it's possible. Prior to iOS 8 Apple says (in these court documents) it is technically feasible to break into your phone anyway.
I know that recent updates download automatically on Wi-Fi, perhaps that was what you're thinking of?
That was about iOS automatically downloading the update file in the background (and at the time lacking an option to delete it), not automatically installing anything.
Stuff like carrier settings get updated behind the scenes, I wouldn't be surprised at all if Apple can force an OTA update. That's even a feature for enterprise customers.
There are other ways to interpret it, which might soon be attempted.
The 5th protects you from being compelled to be a witness at your own trial, it does not however protects from destroying evidence, interfering with a police investigation or hindering justice.
If you intentionally destroy incriminating evidence that's a crime, if you prevent the police from executing a search warrant that's a crime too, a court can order you to present existing physical evidence including private diaries, recordings, or anything else and refusal to do so is a crime.
Now while you can say that a code is "speech" it's wouldn't be that hard to claim that it isn't, handing out a code isn't baring witness, this isn't speech in any sense, you can already be compelled to give DNA and fingerprints.
That code essentially is a device that serves only 1 purpose and it is to unlock your phone, if you build your house in a nuclear silo and refuse to give the police the keys when presented with a search warrant they'll lock you up, quite a few constitutional lawyers can argue that this example can also be applied to passwords, encryption keys, and other similar devices.
Yeah, but it hasn't been tested in court ("Are there any cases upholding warrant canaries? Not yet. EFF believes that warrant canaries are legal, and the government should not be able to compel a lie."), and EFF almost has an interest to give not-your-lawyer advice persuading people to use canaries so that they can fight it in court. Moxie Marlinspike reports that lawyers have advised him it's not legal: https://github.com/WhisperSystems/whispersystems.org/issues/...
Well, I will say that Moxie's needs and risk profile is very different than (presumably yours) or mine; he will be coming at most imaginable court proceedings accused of helping terrorists or at least money-launderers. A warrant canary in that case looks bad; why would any lawyer tell him to do such a thing? It just increases their own risk if they say "that's fine", and then it turns out to hurt.
This isn't the same situation that Apple has; while I bet the motions would be filed under seal, I don't believe it would create significant liability for Apple to have a warrant canary, and then remove it after the canary 'dies'.
In fact, in 2014, Apple's canary did 'die', with no further comment, and no public disclosure that their were material difficulties with the canary. Apple seems to have been working to enhance security on their devices since then. I would take from this that they didn't receive giant, secret penalties from their canary.
Apple has pretty much already been accused of helping pedophiles and drug dealers by FBI & Friends' public whinings about encryption over the past year or so, such as[0].
I thought you were saying EFF's assumption that a court cannot compel a canary to be maintained, would also prevent a court from compelling a software update targeting a certain user. Anyway, I believe we can't trust either a canary or software, because either can probably be compelled.
> if you prevent the police from executing a search warrant that's a crime too, a court can order you to present existing physical evidence including private diaries, recordings, or anything else and refusal to do so is a crime.
Whether it's a crime for the device owner is an entirely separate question; there's case law in both directions about whether you can be compelled to supply the passphrase or unlock the device. (That case law also varies by jurisdiction.)
There's an entirely separate question about whether the device vendor can be compelled to introduce a backdoor where none previously existed. And you could quite reasonably argue that even if the device owner could be compelled to unlock the device, the device vendor should not be compelled to produce a less secure device, any more than a safe manufacturer should be compelled to produce a backdoor combination that unlocks one of their safes.
I understand, the problem is that i fear that this is what will be implemented soon and become and common thing, and things can get only worse from there.
Most of your examples involve affirmative acts that interfere with the police, not merely refusals to help them.
And if you have the key to your nuclear silo in your hand but refuse to unlock the door, the police don't have to lock you up because they can take the key from you instead. But if the lock is a keypad then the scenario is identical to the iPhone and you're just assuming the conclusion. Your argument seems to distill into the idea that if the police can't read your iPhone without violating your constitutional rights then your constitutional rights have to give way.
The update couldn't be installed without someone unlocking the phone first... Not to mention the legal side of that would be very murky, I doubt any judge/court in the US could compel that action.
So on one hand we're carrying around little location-aware sensors that upload all kinds of tracking data to who-knows-where, enabling unprecedented tracking of human beings and their movements at incredibly high resolution. We also voluntarily post so much data online any number of social media sites, financial institutions, etc. can see almost everything we do.
BUT on the other hand with proper use of crypto it is now possible to engage in secure communication at a distance that can never be decrypted without our consent and (if certain protocols and method are used) allow anonymity at both ends of the link (e.g. Tor hidden services). It is also possible to securely send money to others using Bitcoin without knowing their identity... ever.
Very interesting times... it's both a panopticon and an unprecedented age for anonymity and privacy.
Well no, you have already detailed the crucial vulnerability in this panopticon: the devices can not be trusted. Trying to do encryption and secure communication with untrusted devices then is utter folly.
I'm just astonished by the breadth of vulnerability in modern smartphones, particularly with Googles handling of Android security. We haven't even gotten into baseband vulnerabilities yet because the whole applications processor security thing is just an entirely crumbling piece of cardboard.
For users with Touch ID enabled, would it be legal for law enforcement to use your fingerprint on file to access the phone that way?
I'm not sure how easy it would be to fool the touch ID sensor on the phone. I think I remember a MythBusters episode where they made a silicone mould of a fingerprint to bypass a security system.
Too many failed attempts (three, I think) and the phone reverts to requiring a password. So unless they can get it right on the first try it would still be a bit of a risk — because even using your actual finger can miss at times.
Yes, and there is case law that fingerprints are not testimony (since you leave them everywhere you go). However, as others stated below, it won't work because the PIN is still required after a timeout. Really, they thought this through.
Or you can quickly disable TouchID by giving it an invalid fingerprint too many times or simply shutting off the phone. Then you'll need a password and I don't believe they can compel that.
The only direct quote in the article that offers any real context:
"Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand"
This quote, granted taken without full context, seems to indicate a pretty clear stipulation of "clear legal authority". Not sure what to make of that, but I do think that in matters of privacy and surveillance the words are always chosen very carefully indeed.
For those who have questions about "Couldn't Apple just do X or Y?", Apple has published an eminently readable whitepaper on the software and hardware components of their security: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Of course, Apple could be implementing things differently from as described but the whitepaper lays out what is and is not possible in the described system.
If they are doing things substantially differently than outlined in that whitepaper, and so actually do have access to locked devices, then they would have just perjured themselves and exposed themselves to extraordinary liability. Which makes me think they are probably telling the truth - short of 0-days, no one has access to locked iOS devices.
The iOS Security Guide is 60 pages of technical goodness, but when dealing with encryption, it's really not enough to fully understand the system, even putting aside concerns about it being closed-source. There is such an incredible level of detail in the document, it would take a really long time to peel that onion back to be able to claim to really understand the trust model. It's some of the best technical documentation on encryption methods I've read, but even still there is plenty of room for ambiguity.
The key section I think most people really should take a look at is "iCloud Backup" starting on page 42. Almost everything you do with your device will end up in an iCloud Backup if you have enabled that, and while the data is encrypted for transport, note well the following;
The backup set is stored in the user’s iCloud account and consists of a copy of the
user’s files, and the iCloud Backup keybag. The iCloud Backup keybag is protected by
a random key, which is also stored with the backup set. (The user’s iCloud password
is not utilized for encryption so that changing the iCloud password won’t invalidate
existing backups.)
In plain English, if you have enabled iCloud Backup, everything but your keychain itself is accessible in plaintext to Apple, and can be restored, without your password, to any new device that [you / the Feds] may provide.
I would very much love for Apple to provide an opt-in where the iCloud backup key is tied to the account password with extremely aggressive key-stretching. I would take the risk of losing my iCloud Backup over the trade-off of having my backups accessible to Apple and anyone they can be compelled to share them with. But I do appreciate for the average user, it's not uncommon for iCloud Backup to be immediately preceded by a password reset (just look down-thread for an example).
Note, Apple says that they use a combination of S3 and Azure to actually store the iCloud data, but that they have an additional layer of encryption over the data before sending it out. So while backups technically reside on Amazon/Microsoft servers, it's a black box to them.
Yup. As the celebrity photo hacking should have made clear, Apple can only offer far weaker security guarantees on the web because they control less of the ecosystem.
At a minimum, if the police get access to your email account, they can force a Apple ID password reset and then restore your data onto a new device without needing permission from you or Apple.
Note however it is still possible to backup your iphone locally using iTunes and Apple now supports encrypted local backups. If you are worried about this threat vector, encrypted local backups provides a large degree of the same usability with significantly stronger security guarantees.
"if the police get access to your email account, they can force a Apple ID password reset"
That's an interesting assertion. I mean, yes, sure, they could do that, but it's an interesting question of whether they are legally allowed to do that. Effectively they'd be misrepresenting themselves to your email provider and to Apple as if they were you. Is that acceptable 'undercover policing'? Can they reset your banking password too? Can they do this only while they have you under arrest?
If they have information that was only present on your device or your iCloud backup, and they already can't get at your device, how exactly does parallel construction help them explain the fact that their evidence includes information that could have only been obtained one way?
Because that's not the evidence they present, they use that to figure out where else to look for evidence, pretending they found that randomly or by guesswork or suspicion or following an anonymous call.
Right. "By virtue of my training and experience, I had reason to believe" is a stock statement re anything, in trying to establish probable cause for searches, stops and the like.
It's a broad, overarching, and highly vague statement that amounts to, in many cases, "I decided you do, so therefore I have the right to act as if you do".
Apple has supported encrypted iTunes backups for years. I remember having it enabled when I upgraded to the iPhone 4. A quick Google search finds articles talking about it from 2011.
iTunes has supported encrypted local backups since the beginning of iOS.
restore your data onto a new device without needing permission from you or Apple.
and that's a great reason to verify your iCloud backup is always disabled on all devices (if you care about privacy). You just have to be vigilant about not accidentally enabling it during any setup process since iOS wants you to enable the feature, but it's easy to disable everywhere.
You make it sound like Apple is trying to trick you into enabling it, like they have default-on checkboxes everywhere to turn it on. IIRC they only ask once, during the setup wizard, and you're forced to make a choice (no default behavior). So just don't turn it on and you're good.
I applaud Apple for having made it technically impossible for them to betray their customers' trust, but I was just wondering about third party applications which have been granted access to various data on the phone. If the prosecution is looking for evidence in photos, and the suspect has granted Facebook access to their photos, could a judge compel Facebook to use their access to the phone in question to retrieve photos that were never on Facebook? I ask this in both a legal sense as well as a technical sense as I am not familiar enough with iOS permissions/API.
From my understanding - important files are encrypted, and the ability to decrypt is lost when the user sleeps their phone. So iOS needs the user to enter a passcode before the data can be read again.
Have there been any cases of police illegally forcing fingerprint unlock against a person's express consent?
Finger unlock is nice when you're in a non-hostile environment, but now with a 100ms finger brush, the entire phone opens up wide and says "take all my data!"
I wish iPhones had a feature like "if dropped on the floor (or after any 'significant' impact), remove session key to disable finger print auth and require password again." Then when you gotta cheese it, you just throw and go.
If they do stuff like that, they will probably deny that they did it. Having had access to your phone, they can look for information that can be used to find other leads, that will be strong enough for a court order.
Or someone you sleep with wants to read your texts and all it takes is a light tap of a finger while you're unconscious to open your phone completely.
as far as "international spy," we have national level security directors storing secrets in AOL accounts. We can't protect people from themselves, so we have to make systems better for everybody.
Why would they have to force that? It's not too hard to manufacture something that will bypass the fingerprint unlock using rubber cement or silicon gel, especially for an organization that is one of the few expected to have your fingerprints on file (at least in the scenario we are describing, where you're already in custody).
Also: finger unlock only works after a password has been entered once (to generate the "finger unlock" key). Copying fingerprints or compelling finger access is moot if the device dumps the finger unlock key (as is done after 48 hours of no finger auth or after 5 (?) failed finger auth attempts).
But, trying to revoke the finger auth key in an emergency (less than 5 seconds) is difficult. Your only option is to try and quickly power off the device, but you're at the mercy of the "press and hold sleep/wake button for 5 seconds, then slide to turn off" delay timer.
Android dumps all "smart unlock" options when you press and hold (1 second) on the 'slide to unlock' on screen button and forces passcode/password/pin from that point on. I practice doing this so it's not foreign to me if I ever find myself in a dodgy scenario.
Really? How exactly do you do that? I've got the Xperia Z5, where the wake/sleep button is also a fingerprint scanner, so I can't exactly hold that without unlocking the phone, and holding the little padlock icon on the screen doesn't do anything.
The on screen slide to unlock button. Works perfectly on my Z3c and I'm hoping to not lose such a nice feature if I upgrade to a Z5c but it sounds like I might :(
Alright, I just tried that, and I do get the "Device will remain locked until you manually unlock it" but the fingerprint scanner still works fine. The only time I've seen it forcing me to use the pin was when it couldn't scan my finger 3 times in the row(which doesn't really happen, the sensor in that thing is really accurate(or really forgiving)).
That's a shame :( It'll be interesting to see if Marshmallow with its official fingerprint API changes the behaviour as handset manufacturers are implementing fingerprint support themselves in Lollipop (and so its going to be a bit all over the place).
They digitally scanned my finger print for my EU passport. I wouldn't doubt they could print it and use it to unlock a device. At the speed and multitude of angles fingerprint sensors seem to work, I'm sure it forgives a lot of error/blurriness for the sake of user friendliness.
I've seen videos where somebody tested a gun safe with a similar locking device and it proved to be pretty resilient to that type of attack. I think they finally got it open using a cast mould of his print but it required having physical access to the finger in question.
How often does that happen outside of TV? In most cases where you have legal protection which actually works, you would also be able to power down the phone. In most of the other scenarios, most people are going to unlock it anyway under the threat of a beating or threats that non-cooperation will result in heavy/fabricated charges.
I think they can legally fingerprint you and use that to unlock the phone but they cannot force you to reveal your password because you would be forced to incriminate yourself. (If you did in fact commit a crime)
This is just more evidence supporting the claim, which has already been persuasively argued elsewhere, [0] that fingerprints are usernames, not passwords.
It's way more nuanced than that. Fingerprints are certainly way more like a password versus an adversary like a crazy girlfriend who gets your phone, but closer to a username against a very formidable adversary. Certainly not equal though.
Fingerprint unlock allows 5 fingers on file. Maybe if you attempted an unlock with a different finger (pinky, say), it locked out that method until you'd used your passcode instead?
Similar to the idea of having a second PIN on your credit card that allows access but indicates acting-under-duress to the bank.
Yeah, there are a lot of clever ways it could be done, but with completely closed platforms we are just at the mercy of our proprietarily coded overlords.
When police departments seize electronics, like phones or computers, I thought it was standard for them to clone any hard drives so that they don't lose any data to similar techniques.
Is there a reason that they couldn't employ this countermeasure for your suggested security?
It is possible to secure devices in ways that even the correct passcode or fingerprint will only work with a specific chipset/decryption module. Some flash storage is also only readable after an unlock code has been transmitted.
Someone demo'd it on a couple new iphones at the hackerspace yesterday. They got to the homescreen with all the app buttons through the clock exploit. It wasn't just access to the dialer. Once you get through to the clock, you can hit the home button and it just hops to the home screen.
I have no idea how this works in regard to the encryption. It isn't likely anyone else here does either. They are just speculating.
I hope that it is good, but I don't trust it. No one should trust it.
I've spent a fair amount of time now trying to reproduce this on iOS 9.02 on a 5s, and I can't make it work. I can easily get to the clock by asking Siri and then tapping the clock in her results, or by swiping up from the bottom of the screen, but either way when I press the home button it dumps me back to the "Enter Your Passcode" screen.
I don't mean this as a claim that the iPhone is a secure device, since it obviously isn't in several different ways, but rather just that I can't reproduce this specific behavior.
How can you do that? Are you sure your not just engaging touch id? I tried it with my thumb, which 'unlocked'. Then I tried again with my fingernail, which didn't unlock it.
If the phone is locked, the decryption keys aren't in memory and your finger or password are required to access them, and no amount of bugs in Siri can get around that.
What's more is the app update mechanism. From a technical standpoint, Apple just has to deliver an app update via auto-update to a version of an app that has the necessary access
but whenever you are using your phone, it is unlocked and not encrypted and all data could be transfered at that time (or any update could be installed)... 4G is pretty fast and it would not take very long and could be hard to notice.
>> "...technically impossible for them to betray their customers' trust..."
Impossible is a very strong word in this context. Let me take the opportunity to remind everyone that an iPhone is a very complicated device running nearly 100% closed source hardware and software, include all sorts of opaque cryptographic hardware and a known-to-be-compromised secondary baseband computer, such that the security of the device's entire stack, top-to-bottom, could not possibly be verified by a third party in principle, let alone in practice.
In light of that fact, security claims by Apple could be regarded as changing (reducing?) the probability of the law getting your data by technical means or collusion with Cupertino, but certainly not as insuring that the probability = 0.
Edit: This is not an indictment of Apple per se, since the same is true of literally every smartphone ever constructed, but at least e.g. Blackberry isn't out there claiming that they're unable to compromise your data, full stop.
I wasn't trying to imply that Apple has forged a perfectly secure complex system, but rather that they have (likely) legally and practically prevented themselves from being compelled to betray their users. While forcing Apple to hand over a password they have stored in plaintext is quite definitely in the legal realm of accepted behavior, I don't think a judge could reasonably order Apple to devote engineering time towards defeating their own security system in order to make the prosecution's job easier, especially when it is not actually assured that the effort would be a success and any success would preclude the same work from being used in subsequent prosecutions.
I was merely skipping the caveats (back doors, implementation error, leaky behavior, etc) and giving benefit of the doubt with regards to honesty of intentions.
I think "legally and practically prevented" is key here.
Not sure if anyone noticed but this article is like a continuation of the story from days ago [1] when the judge in the case "questioned the government’s authority to compel Apple to unlock a seized mobile device using the All Writs Act" [2] and "called on Apple to weigh in about whether it is even capable of bypassing the lock screen in this case" [2].
Guess Apple has weighed in now as to its technical feasibility. Now it's up to the judge to decide whether it is an unreasonable burden on Apple, and whether it violates the Constitution, as to whether to compel Apple to help in the Justice Department's investigation.
In this one single case, the iPhone has an older iOS, so maybe it's not an "unreasonable burden".
But if it was iOS 8 or later, it might be deemed an unreasonable burden to compel Apple to brute force or otherwise crack the password, even if it was somehow technically possible. And "forcing Apple to push backdoored updates would constitute 'compelled speech' in violation of the First Amendment" [2].
So it does look as if Apple thought it through, and made iOS 8 so that they legally and practically cannot "betray their customers' trust" as you say.
Apple says "we have no ability to" etc, not "noone has and we never will have" etc.
An Apple officer making a sworn statement that Apple has no technical ability to extract data from an uncooperative customer's phone is significant, even if it applies only to the present, not to the past or future.
This sounds really similar to when the Snowden docs were first leaked. You have to listen very carefully to exactly what is said and read between the lines.
"the United States is not monitoring and will not monitor the communications" means, "Was monitoring up until just now."
Here Apple says "We can't unlock new iPhones." Apple says nothing about their ability to restore iCloud backups or load software to capture evidence from a locked phone.
Agree, but often impossibility claims have an expiration date. They also said it would be impossible to jailbreak iOS 9 with the new rootless security... It took few months for a Chinese team to completely by-pass Apple's new design.
iPhone pincodes by default are very short. iPhone protects them from bruteforce with delays after unsuccessful tries. But does the hardware, where pincode's hash is stored, protects it with delays and protects it from labaratory attack? I mean, government could just open iPhone, extract that chip, extract pincode's hash and crack it. You would need quite long password to withstand such an attack.
Another vector of attack is fingerprint scanner. After iPhone turned on, by default you can unlock it with fingerprint scanner. And turning iPhone off is not very quick, you need to push power button for a few seconds and then slide over screen. If police arresting you, then will get your phone from your hands and just force your finger to open it, no pincode needed.
So yes, while iPhone is probably safe when properly configured (ruling out possible vulnerabilities), the proper configuration is hard to use and is not default.
That's from the point of goverment attacker. If attacker is just some thieve or commercial espionage, probably iPhone is a good device even with default settings.
Comments above suggest that the pincode information is managed within a HSM-esque onboard hardware device. As such, extracting that chip and retrieving the pincode hash is likely to be entirely infeasible, even for very capable orgs like the NSA.
So the US wants it to be impossible for the average person to unlock a phone (via law) but Apple make it technically impossible and the US justice system cries foul. Swings and roundabouts.
But what if some diabolical fiend attaches an encrypted iPhone to a nuclear bomb, and the only way to diffuse the timer is by asking Apple to unlock the encryption to stop the timer???
Also, "child pornography" ...what if "child pornography" is involved? You wouldn't want THAT, right?
201 comments
[ 3.8 ms ] story [ 189 ms ] threadIn the future they will use shady FinFisher iTunes and other exploits to grab the data then seize the phone.
https://9to5mac.files.wordpress.com/2013/07/screen-shot-2013...
Note the "slide to unlock" message at the bottom. If you asked most users what it means to unlock a phone, this is what they would think of, as they see it every day.
[citation needed]
"Unlocked phone" is not limited to experts. More than half a million hits on google: https://www.google.com/search?q=%22unlocked+phone%22&oq=%22u...
I really don't know what "most users" would think of.
Edit: I understand your point and agree that unlocking a device would not mean exactly the same thing to all people. I just don't agree that the parent needed an additional citation.
What worries me is that this will lead to laws being passed that will criminalize refusal to hand over passwords and encryption keys.
If you actually care about security, use a long alphanumeric password. It's not a big hassle when you have Touch ID. If you are ever in trouble, try turning the iPhone off immediately or quickly touch your fingerprint reader a few times with a wrong finger or enter the passcode wrong five times (so that Secure Enclave discards the cached decryption key and no longer accepts fingerprints). Also, use Apple Configurator tool to make your iPhone "Supervised" and don't let it pair with any new computer. And disable iCloud backup entirely.
Of course, there is the potential that Secure Enclave could be updated with new microcode (I have no idea if that is actually possible).
Yep, it was patched: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4451
That HSM is still just a physical machine, and it can be, with difficulty, modified or copied.
To be impossible it would have to be mathematically impossible (or at least not within human time scales).
"Disassemble phone, desolder security module, dissolve the outer layers in hydrochloric acid, cut the silicon into 16nm slices, scan each layer with an electron microscope" impractical.
From a cold boot user data is not loaded into memory until a correct pin has been entered once, and since A5 nobody has managed to compromise their bootchain it is not really viable to exploit either.
http://blog.cryptographyengineering.com/2014/10/why-cant-app...
To break such a system is not impossible, but would require some heroic effort, even nation states would probably resort to some side channel or the proverbial five dollar wrench.
I'm not sure you understand what an HSM is. It doesn't help to "emulate" one. An HSM performs cryptographic operations under certain conditions (such as correct PIN entry) using internally stored keys. The whole point is that you can't get the keys out, only use them. If you had another HSM, or a logical model of one, it wouldn't contain the right keys.
Certainly as engineered systems, it's possible for HSMs to contain vulnerabilities, but getting the key out of an HSM is a much more sophisticated task than cracking a keyspace of just 10,000 possibilities. Possible, maybe.
[0]http://www.apple.com/business/docs/iOS_Security_Guide.pdf
It's actually really impressive.
And I don't know for sure, but I feel like that one was fixed at some point.
Edit: Yep, superuser2 links to the CVE: https://news.ycombinator.com/item?id=10423257, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4451
Seems more of a mechanical setup, rather than this guy's video. Like put a kill switch ON THE PATH (i.e. before signals reach) the "Okay iPhone, register this failed attempt" destination.
Other commentors have pointed out that the PIN/crypto stuff is handled by dedicated hardware designed to resist tampering, probably pretty much state-of-the-art. The issue before was a software issue. Now that it's fixed it's very hard to completely hack the hardware and would have to be done to each phone individually: https://news.ycombinator.com/item?id=10424439 I'm not an expert, but I imagine intercepting the signal would be just as hard, as the signal is contained within one tiny chip and it might not even be possible to reliably modify a circuit on that scale. You can't just replace the chip with a no-PIN version either, because it contains a unique crypto key to the data you presumably want from the phone. This also makes modifying the chip difficult, because if you screw up you could lose the key.
[0] https://www.mdsec.co.uk/2015/03/apple-ios-hardware-assisted-... [1] http://forum.gsmhosting.com/vbb/10720367-post1.html
Unless Apple already inserted a secret backdoor that allows for forced updates, you don't have to update the phone when it prompts you. The closest I've seen it get is a reminder that asks you if you'd like to schedule an update for 2:00 AM or some such time, and then asks for your passcode to do so. You still need to type it for the explicit purpose of updating for it to go through.
I know that recent updates download automatically on Wi-Fi, perhaps that was what you're thinking of?
The 5th protects you from being compelled to be a witness at your own trial, it does not however protects from destroying evidence, interfering with a police investigation or hindering justice.
If you intentionally destroy incriminating evidence that's a crime, if you prevent the police from executing a search warrant that's a crime too, a court can order you to present existing physical evidence including private diaries, recordings, or anything else and refusal to do so is a crime.
Now while you can say that a code is "speech" it's wouldn't be that hard to claim that it isn't, handing out a code isn't baring witness, this isn't speech in any sense, you can already be compelled to give DNA and fingerprints.
That code essentially is a device that serves only 1 purpose and it is to unlock your phone, if you build your house in a nuclear silo and refuse to give the police the keys when presented with a search warrant they'll lock you up, quite a few constitutional lawyers can argue that this example can also be applied to passwords, encryption keys, and other similar devices.
This isn't the same situation that Apple has; while I bet the motions would be filed under seal, I don't believe it would create significant liability for Apple to have a warrant canary, and then remove it after the canary 'dies'.
In fact, in 2014, Apple's canary did 'die', with no further comment, and no public disclosure that their were material difficulties with the canary. Apple seems to have been working to enhance security on their devices since then. I would take from this that they didn't receive giant, secret penalties from their canary.
I thought you were saying EFF's assumption that a court cannot compel a canary to be maintained, would also prevent a court from compelling a software update targeting a certain user. Anyway, I believe we can't trust either a canary or software, because either can probably be compelled.
[0] https://www.washingtonpost.com/posteverything/wp/2014/09/23/...
Whether it's a crime for the device owner is an entirely separate question; there's case law in both directions about whether you can be compelled to supply the passphrase or unlock the device. (That case law also varies by jurisdiction.)
There's an entirely separate question about whether the device vendor can be compelled to introduce a backdoor where none previously existed. And you could quite reasonably argue that even if the device owner could be compelled to unlock the device, the device vendor should not be compelled to produce a less secure device, any more than a safe manufacturer should be compelled to produce a backdoor combination that unlocks one of their safes.
And if you have the key to your nuclear silo in your hand but refuse to unlock the door, the police don't have to lock you up because they can take the key from you instead. But if the lock is a keypad then the scenario is identical to the iPhone and you're just assuming the conclusion. Your argument seems to distill into the idea that if the police can't read your iPhone without violating your constitutional rights then your constitutional rights have to give way.
BUT on the other hand with proper use of crypto it is now possible to engage in secure communication at a distance that can never be decrypted without our consent and (if certain protocols and method are used) allow anonymity at both ends of the link (e.g. Tor hidden services). It is also possible to securely send money to others using Bitcoin without knowing their identity... ever.
Very interesting times... it's both a panopticon and an unprecedented age for anonymity and privacy.
I'm just astonished by the breadth of vulnerability in modern smartphones, particularly with Googles handling of Android security. We haven't even gotten into baseband vulnerabilities yet because the whole applications processor security thing is just an entirely crumbling piece of cardboard.
I'm not sure how easy it would be to fool the touch ID sensor on the phone. I think I remember a MythBusters episode where they made a silicone mould of a fingerprint to bypass a security system.
"Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand"
This quote, granted taken without full context, seems to indicate a pretty clear stipulation of "clear legal authority". Not sure what to make of that, but I do think that in matters of privacy and surveillance the words are always chosen very carefully indeed.
Of course, Apple could be implementing things differently from as described but the whitepaper lays out what is and is not possible in the described system.
The key section I think most people really should take a look at is "iCloud Backup" starting on page 42. Almost everything you do with your device will end up in an iCloud Backup if you have enabled that, and while the data is encrypted for transport, note well the following;
In plain English, if you have enabled iCloud Backup, everything but your keychain itself is accessible in plaintext to Apple, and can be restored, without your password, to any new device that [you / the Feds] may provide.I would very much love for Apple to provide an opt-in where the iCloud backup key is tied to the account password with extremely aggressive key-stretching. I would take the risk of losing my iCloud Backup over the trade-off of having my backups accessible to Apple and anyone they can be compelled to share them with. But I do appreciate for the average user, it's not uncommon for iCloud Backup to be immediately preceded by a password reset (just look down-thread for an example).
Note, Apple says that they use a combination of S3 and Azure to actually store the iCloud data, but that they have an additional layer of encryption over the data before sending it out. So while backups technically reside on Amazon/Microsoft servers, it's a black box to them.
At a minimum, if the police get access to your email account, they can force a Apple ID password reset and then restore your data onto a new device without needing permission from you or Apple.
Note however it is still possible to backup your iphone locally using iTunes and Apple now supports encrypted local backups. If you are worried about this threat vector, encrypted local backups provides a large degree of the same usability with significantly stronger security guarantees.
That's an interesting assertion. I mean, yes, sure, they could do that, but it's an interesting question of whether they are legally allowed to do that. Effectively they'd be misrepresenting themselves to your email provider and to Apple as if they were you. Is that acceptable 'undercover policing'? Can they reset your banking password too? Can they do this only while they have you under arrest?
It's a broad, overarching, and highly vague statement that amounts to, in many cases, "I decided you do, so therefore I have the right to act as if you do".
iTunes has supported encrypted local backups since the beginning of iOS.
restore your data onto a new device without needing permission from you or Apple.
and that's a great reason to verify your iCloud backup is always disabled on all devices (if you care about privacy). You just have to be vigilant about not accidentally enabling it during any setup process since iOS wants you to enable the feature, but it's easy to disable everywhere.
I do not think this is an attempt to sell newer iPhones to the small fraction of users they have running iPhones too old for iOS8.
Finger unlock is nice when you're in a non-hostile environment, but now with a 100ms finger brush, the entire phone opens up wide and says "take all my data!"
I wish iPhones had a feature like "if dropped on the floor (or after any 'significant' impact), remove session key to disable finger print auth and require password again." Then when you gotta cheese it, you just throw and go.
There's no emergency evac situation. You either have basically no protection from hostile action or you avoid finger auth.
as far as "international spy," we have national level security directors storing secrets in AOL accounts. We can't protect people from themselves, so we have to make systems better for everybody.
But, trying to revoke the finger auth key in an emergency (less than 5 seconds) is difficult. Your only option is to try and quickly power off the device, but you're at the mercy of the "press and hold sleep/wake button for 5 seconds, then slide to turn off" delay timer.
https://vid.me/Ns12
Of course if ever you have an opportunity in an arrest you should shut down the iPhone... Unlock would require passcode.
1: https://securityledger.com/2013/09/iphone-touchid-falls-to-w...
Being DA 101
[0] http://blog.dustinkirkland.com/2013/10/fingerprints-are-user...
Similar to the idea of having a second PIN on your credit card that allows access but indicates acting-under-duress to the bank.
Is there a reason that they couldn't employ this countermeasure for your suggested security?
Sounds like you are alluding to being able to use a reverse version of your PIN on an ATM when in duress?
It's a trope [0].
[0] http://www.snopes.com/business/bank/pinalert.asp
just like it needs passcodes that do that same, if not more. a passcode to let you in, one to CALL the cops, and another to thwart them
I have no idea how this works in regard to the encryption. It isn't likely anyone else here does either. They are just speculating.
I hope that it is good, but I don't trust it. No one should trust it.
I would look, but I don't own an iPhone.
I don't mean this as a claim that the iPhone is a secure device, since it obviously isn't in several different ways, but rather just that I can't reproduce this specific behavior.
Not sure if it's been fixed yet or not, but you can just turn off Siri from the lock screen.
1: http://lifehacker.com/ios-9-lock-screen-exploit-gives-evildo...
https://support.apple.com/en-us/HT205284
Impossible is a very strong word in this context. Let me take the opportunity to remind everyone that an iPhone is a very complicated device running nearly 100% closed source hardware and software, include all sorts of opaque cryptographic hardware and a known-to-be-compromised secondary baseband computer, such that the security of the device's entire stack, top-to-bottom, could not possibly be verified by a third party in principle, let alone in practice.
In light of that fact, security claims by Apple could be regarded as changing (reducing?) the probability of the law getting your data by technical means or collusion with Cupertino, but certainly not as insuring that the probability = 0.
Edit: This is not an indictment of Apple per se, since the same is true of literally every smartphone ever constructed, but at least e.g. Blackberry isn't out there claiming that they're unable to compromise your data, full stop.
I was merely skipping the caveats (back doors, implementation error, leaky behavior, etc) and giving benefit of the doubt with regards to honesty of intentions.
Not sure if anyone noticed but this article is like a continuation of the story from days ago [1] when the judge in the case "questioned the government’s authority to compel Apple to unlock a seized mobile device using the All Writs Act" [2] and "called on Apple to weigh in about whether it is even capable of bypassing the lock screen in this case" [2].
Guess Apple has weighed in now as to its technical feasibility. Now it's up to the judge to decide whether it is an unreasonable burden on Apple, and whether it violates the Constitution, as to whether to compel Apple to help in the Justice Department's investigation.
In this one single case, the iPhone has an older iOS, so maybe it's not an "unreasonable burden".
But if it was iOS 8 or later, it might be deemed an unreasonable burden to compel Apple to brute force or otherwise crack the password, even if it was somehow technically possible. And "forcing Apple to push backdoored updates would constitute 'compelled speech' in violation of the First Amendment" [2].
So it does look as if Apple thought it through, and made iOS 8 so that they legally and practically cannot "betray their customers' trust" as you say.
[1] https://news.ycombinator.com/item?id=10383253
[2] https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writ...
An Apple officer making a sworn statement that Apple has no technical ability to extract data from an uncooperative customer's phone is significant, even if it applies only to the present, not to the past or future.
http://www.cnet.com/news/obama-denies-that-us-spied-on-germa...!
"the United States is not monitoring and will not monitor the communications" means, "Was monitoring up until just now."
Here Apple says "We can't unlock new iPhones." Apple says nothing about their ability to restore iCloud backups or load software to capture evidence from a locked phone.
Agree, but often impossibility claims have an expiration date. They also said it would be impossible to jailbreak iOS 9 with the new rootless security... It took few months for a Chinese team to completely by-pass Apple's new design.
http://www.forbes.com/sites/antonyleather/2015/10/18/how-to-...
Another vector of attack is fingerprint scanner. After iPhone turned on, by default you can unlock it with fingerprint scanner. And turning iPhone off is not very quick, you need to push power button for a few seconds and then slide over screen. If police arresting you, then will get your phone from your hands and just force your finger to open it, no pincode needed.
So yes, while iPhone is probably safe when properly configured (ruling out possible vulnerabilities), the proper configuration is hard to use and is not default.
That's from the point of goverment attacker. If attacker is just some thieve or commercial espionage, probably iPhone is a good device even with default settings.
Also, "child pornography" ...what if "child pornography" is involved? You wouldn't want THAT, right?