
NYC law enforcement has been able to crack iPhones in-house since Jan 2018 - traderjane
https://9to5mac.com/2019/10/08/crack-iphones-in-house/
======
altmind
My inner skeptic says if you have enough money and demand for phone decryption
that is using a low-entropy key; your best bet is to take a dump of the phone
NVRAM and feed it to inhouse iphone emulator, brute-forcing the key in
parallel, without any lockouts. Their product may be an ios emulator.

~~~
jrpt
The Secure Enclave should protect against that type of attack. And why would
you assume it is a low entropy key? Also, my iPhone is autocorrecting Secure
Enclave to capitalize it for some reason.

You should probably read this before believing your “inner skeptic”
[https://www.apple.com/business/docs/site/iOS_Security_Guide....](https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf)

------
jMyles
A quick web search yields no information about _how_ Cellebrite might be able
to achieve this. Does anybody have any inside knowledge? Has anybody played
with one of these devices?

~~~
comex
Keep in mind that any inside knowledge leaked to the public is also knowledge
available to Apple, which can use it to either find and patch the bugs
Cellebrite is exploiting, or at least build defense mechanisms that mitigate
the effect of exploits. Even short of detailed technical information, simple
things like “how long does it take?” or “how many times does the device
reboot?” or “what does the USB cable look like?” can still help narrow down
which software components (or even hardware components) to look at. So
Cellebrite is well-motivated to avoid any leaks.

That said, it is most likely “just” a computer that talks to the phone over
USB and uses a chain of software exploits. It has to take over first the
application processor, then the Secure Enclave, in order to bypass the
passcode entry rate limit. The rate limit is key. iOS encrypts user data based
on the passcode, so without guessing the passcode there’s no way to get at the
data short of breaking AES. But you _can_ guess. Passcodes default to 6
digits, creating only 1 million possibilities, low enough to bruteforce. Even
if the bruteforcing has to be done on-device (because the passcode is tangled
with device-specific keys managed in hardware), and even if repetitive crypto
operations are added to make the key derivation take longer (not sure), key
derivation can’t take too long or it would negatively impact the user
experience, and 1 million is just really low. The only way to make a 6-digit
passcode secure is to make the nth access attempt take (exponentially) longer
than the first, a restriction that can’t be done with pure crypto but requires
some trusted software to enforce. Which can be hacked.

That said, if you’re planning to do something sketchy, you can set a long non-
numeric passcode and you’ll probably be immune to whatever Cellebrite is
doing. (Unless they’re recovering the passcode itself from… somewhere. It’s
not supposed to be stored, but bugs are possible.)

Source: iOS Security Guide

------
kimjongtrill
if you are ridin' dirty just stay off the phones.

------
Andrew_nenakhov
A $5 wrench? [https://www.xkcd.com/538/](https://www.xkcd.com/538/)

~~~
comex
US police are not going to use a literal wrench. They _have_ tried to jail
people until they reveal the passcode, but even that has been subject to
constitutional challenges. Much simpler to be able to get access without
permission. Also, in some cases the owner of the device has not been
apprehended; perhaps they don’t even know the police have their phone, and the
police would like to keep it that way. Or the owner could be dead, as in the
San Bernardino case.

~~~
traderjane
The Chicago police have been known to have black sites, so I wouldn't put a
metaphorical wrench past the realm of possibility.

