
Apple to Close iPhone Security Hole That Police Use to Crack Devices - aaronbrethorst
https://www.nytimes.com/2018/06/13/technology/apple-iphone-police.html
======
zelon88
It's frustrating that you never hear the pro-unlocking scene actually looking
past their own noses. Like back when you could bypass a linux login screen by
pressing backspace 28 times. Obviously that's a problem, but could you imagine
if police departments all over the country got pissed when that bug was fixed
and started complaining that they couldn't use the exploit themselves? Like
they're the only ones smart enough to use the exploit and nobody else would
ever do such a thing for malicious reasons. It's so short sighted.

~~~
Veedrac
An issue which wouldn't exist if Apple provided access for people with
warrants.

~~~
jmull
The problem is, how do you build a back door that can only be used by people
with valid (and just) warrants?

You really can’t go down your line of argument without answering thar

~~~
Veedrac
You centralize ownership, the same way it has been done since the dawn of the
internet. Even Intel can securely update your microcode.

~~~
bunderbunder
Yep, and private keys are never compromised.

Aside from the many, many known cases where they are:
[http://legacydirs.umiacs.umd.edu/~tdumitra/papers/CCS-2017.p...](http://legacydirs.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf)

~~~
Veedrac
As best as I can tell, if you don't trust OS or microcode updates, you can't
trust your phone _at all_ unless you airgap it or somesuch.

~~~
wholinator2
Very true. Everyone should know their TNO, Trust No One. As far as I can see
it's the only way to really operate in the world of computer security that we
live in.

------
thermodynthrway
> and all the kids we can’t put into a position of safety

"For the children!" They can't think of a good reason to have access to all
these phones so they blantantly use an idiom so tired that it's practically a
joke.

~~~
ppeetteerr
I read that too, but it's quoted from a guy whose job is to protect children.
The full quote:

> “If we go back to the situation where we again don’t have access, now we
> know directly all the evidence we’ve lost and all the kids we can’t put into
> a position of safety,” said Chuck Cohen, who leads an Indiana State Police
> task force on internet crimes against children.

~~~
sandworm101
>> all the evidence we’ve lost and all the kids we can’t put into a position
of safety,

There are two type of child abuse imagery: the new and original stuff that
points to a kid currently being abused, the one can can be rescued, and the
enormous mass of old material that forensic investigators have seen literally
thousands of time before. Actual new abuse material that could lead to the
rescue of a child is thankfully very rare. While these phones could lead to
arrests, the likelihood of them leading to the rescue of a child is
negligible.

Once upon a time the bulk of images on phones were originals taken by the
phone. Now "phones" are really just internet machines and the images they are
looking for are essentially browsing history and stuff saved from online
sources.

~~~
pm90
> While these phones could lead to arrests, the likelihood of them leading to
> the rescue of a child is negligible

I think you're ignoring some aspects of how the US criminal justice system
works. Arresting a child abuser is one thing; they have to be tried in court
and found guilty by a jury/judge. Criminal cases especially have a high
requirements to prove guilt since they are very serious charges. So even if
unlocking the phones may not help save actual children from abuse, I _think_
what the guy means is that you can get more convictions for these child
abusers who have been arrested and prevent future children from being abused.

Note that I'm not stating an opinion about the ethics of reducing security of
phones, only pointing out what the person meant when he said that doing so
prevents child abuse.

~~~
sandworm101
Then he would not have described moving children to places of safety. He would
have said something more like preventing future abuse. Talk about physically
moving children is rather dramatic and specific.

------
mirimir
I highly recommend this 2016 paper by Stephanie K. Pell: "You Can’t Always Get
What You Want: How Will Law Enforcement Get What it Needs in a Post-CALEA,
Cybersecurity-Centric Encryption Era?".[0] She’s a former prosecutor from
Florida, who now teaches at West Point.

She agrees with security experts that maintaining such lawful access, against
pervasive "strong" encryption, would require the introduction of
vulnerabilities, such as backdoors or key escrow. Which would expose users to
malicious adversaries. She argues, basically, that law enforcement has become
lazy.

She also raises the possibility of lawful hacking for smartphones, "infecting
them with malware capable of capturing voice communications and keystrokes
before they are encrypted." That brings to mind the FBI’s use of network
investigative techniques. And of course, all those NSA tools.

0)
[https://scholarship.law.unc.edu/cgi/viewcontent.cgi?article=...](https://scholarship.law.unc.edu/cgi/viewcontent.cgi?article=1306&context=ncjolt)

------
gruez
Doesn’t it seem strange that they’re not patching the actual exploit, only
mitigating it? Do they have no idea what the actual bug is? Is the usb
interface fundamentally insecure?

~~~
willstrafach
This approach mitigates the class of vulnerability, neutering the effect of
this one and any similar future vulnerabilities.

This approach makes sense, since they do not know what this specific
vulnerability is.

~~~
jonknee
> since they do not know what this specific vulnerability is

How do you know this? I'd be shocked if they don't have one or more of these
devices themselves and have it completely figured out.

~~~
Torn
No way would the makers of the device sell one to Apple - they probably have
strict measures in place to only sell to police departments, with contracts in
place to prevent re-selling.

Apple would have to buy one on the grey market, which they may be unprepared
to do

~~~
jedberg
> Apple would have to buy one on the grey market

No, they would have to pay someone to do "research" for them and figure out
the vulnerability. They would pay that person enough to buy one on the grey
market and figure out how it works, keeping their hands clean.

------
lev99
> “They are blatantly protecting criminal activity, and only under the guise
> of privacy for their clients,”[Hillar Moore, Baton Rouge District Attorney]
> said.

I understand a Law Enforcement point of view of having access to private data
in order to prosecute criminals. I disagree with that point of view, but I
would never say that point of view is a guise to implement a surveillance
state.

~~~
favorited
That quote jumped out at me too.

Like, does he actually believe Apple is using "privacy for their clients" as
an excuse to accomplish their true goal of protecting criminal activity?

~~~
sundvor
It sure looks that way. 'If you've got nothing to hide you've got nothing to
fear' must be gospel for these people.

------
munk-a
This article is written in a terribly slanted style bringing up constant
adversarial comparisons involving apple and law enforcement. There is an
objective point of view to the article but it bundles in a lot of quotes and
references that are highly slanted.

I am not someone who assumes all NYT articles are slanted, but this one is
bad.

------
kingnothing
Why do we only hear stories like this about Apple and the iPhone? How secure
is Android? Is Google taking the same approach to protecting their users?

~~~
pxeboot
Google is definitely starting to take security more seriously with the Pixel:
[https://www.blog.google/products/android-enterprise/how-
pixe...](https://www.blog.google/products/android-enterprise/how-
pixel-2s-security-module-delivers-enterprise-grade-security/)

~~~
alphabettsy
I’d argue they, as a company, always took security pretty seriously, but never
privacy.

FDE was pretty late and performed slow on early Android, among other issues.

------
JumpCrisscross
> _The Indiana State Police said it unlocked 96 iPhones for various cases this
> year, each time with a warrant, using a $15,000 device it bought in March
> from a company called Grayshift_

And what were the results? How many people did those 96 iPhones allow Indiana
to bring charges against? In how many of those cases did Indiana prevail? And
in how many of those was the evidence on the phone necessary?

~~~
zaroth
These are the wrong questions to ask. There's no doubt that total surveillance
would result in more crimes being solved, and more criminals being
successfully prosecuted. It's not a question of whether the technique is
effective enough that it should be allowed.

The question is can the government be trusted with a backdoor into our
personal devices that "only they" can use? Should the people trust their
government to only use that access lawfully, and can the people trust their
government to protect that access from unlawful outsider access?

Since we've seen nothing but incontrovertible evidence, throughout history and
to this day, that government cannot be trusted with this level of access to
our personal devices (lives), then I can only hope that Apple and companies
like it will fight to provide us with secure devices, and that our courts will
protect our right to strong encryption to protect our personal data.

~~~
slg
I see this line of thinking a lot in tech circles, but you really have to
divorce this issue from the digital world. Imagine the exact same argument is
about a safe instead of a phone. The government would simply request a warrant
and then work on brute forcing their way into the safe.

If you have the same objections when using a safe, the answer to the problem
has nothing to do with technology because you believer there is a fundamental
flaw in the US criminal justice system. You aren't going to be able to
consistently defeat the government by repeatedly trying to outpace them
technologically. You have to instead change the laws that govern their
actions.

If you think the rules should be different for a safe and a phone, you need to
be able to explain why digital evidence should be treated differently than
physical evidence?

~~~
Borealid
The government is allowed to crack open a safe with a warrant. The government
is allowed to crack open an iPhone with a warrant.

What does either of those things have to do with decrypting things found
inside either the safe or the iPhone?

If the FBI found coded papers inside a safe, they could try to decrypt those
papers, but couldn't compel the owner to assist them.

Security flaws are fair game for law enforcement. Secure encryption without
exploitable weaknesses will probably defeat them even in the presence of a
court order.

------
S_A_P
I have nothing to hide. I don't intend to do illegal activity with my phone. I
also do not want a government entity to be able to access my phone or device
simply because they can. I am also _very_ skeptical of any government entity
that uses "because child molesters" as valid reason to shame a company for
respecting privacy.

------
thinkloop
The most surprising part for me is that iPhones have been relatively easily
hackable by having access to the data port. That doesn't seem in-line with the
high security advertised. What about the inaccessible hsm and all that other
jazz?

~~~
alphabettsy
The company didn’t release the details of how their exploit works, but it is
believed it is an automated brute force mechanism so it’s actually attempting
to bypass security by trying passcodes over and over, not breaking encryption.
This is another method to slow down brute force attempts.

------
trumped
It took a while... I wonder if Grayshift have their next hole already lined up
so that business can continue as usual...

~~~
21
If this fix disables the data port when the phone is locked, presumably all
future zero-days will be blocked.

~~~
CGamesPlay
Naw, the next 0day might rely on Bluetooth being enabled even while the phone
is locked, for example. Or even the cell radio being enabled. There's always
some vector for attack.

(Even if it's none of these, the next exploit might be "we can decap the
secure enclave and read/manipulate data on it with an electron beam")

------
codezero
Isn't one of the main sources of data the iCloud backups?

~~~
mayniac
When I was doing forensics for the police, 9/10 times if we had an iPhone we
couldn't get into there'd be an unencrypted iTunes backup. Didn't even need to
go to Apple for it, it's all local.

Wouldn't get everything from it, iirc it's photos, bookmarks, contacts and
documents as well as some app storage (WhatsApp, notably).

~~~
scarface74
Seeing that the last time that the only way you could back up your phone was
via iTunes was before the introduction of iOS 5 in 2011, the chance of finding
someone with an iTunes backup is slim.

~~~
jonknee
Plenty of people are cheap and don't pay for iCloud storage which means if you
want any backup at all it's local.

~~~
scarface74
I have four devices on my account and I can back them all up with the 5GB free
account. It doesn’t back up your apps - just your data

~~~
jonknee
That's great for you, but most people have enough photos and videos that 5GB
isn't enough for a single device, let alone four. For a similar reason this is
why many people complained that Apple continued to ship 32GB phones for so
long, it's just too small for most people.

~~~
scarface74
I use Google Photos and iCloud photo syncing. Pictures and Videos are
automatically downloaded to my Windows computer.

[https://support.apple.com/en-us/ht205323](https://support.apple.com/en-
us/ht205323)

------
hacknat
The more I think about this issue the less interested I am in the extreme of
either side. The government shouldn’t have unfettered access to our devices,
but I can’t think of any other product in the history of the planet that gave
people the ability to hide information so completely that the government could
never look at it. To those that argue that our phones are an extension of our
minds, that is both a bad thing and fetishizing our phones. Finally, couldn’t
I argue that my diary or journal is an extension of my mind (certainly more so
than a phone)? Yet diaries and journals can and have been subpoenaed.

~~~
uniformlyrandom
> any other product in the history of the planet that gave people the ability
> to hide information so completely that the government could never look at
> it.

Any volume-level encryption?

~~~
TillE
Or anyone's who come up with a half-decent code that's stored only in one or
two brains. There are various medieval alchemical manuscripts which have never
been fully deciphered.

------
mappu
_> an hour after the phone is locked [...] In order to transfer data to or
from the iPhone using the port, a person would first need to enter the phone’s
password. _

An hour seems like a long time?

On Android (at least, on my device) the USB port is always charging-only. For
data transfer you must always unlock the phone and accept a notification for
MTP/PTP mode.

~~~
bilbo0s
You don't have to hack into an Android phone if you are the police. The data
is available to you in multiple places. (Including the phone.)

That's why this semi-adversarial relationship exists principally between Apple
and Law Enforcement. Not necessarily Google or Samsung and Law Enforcement.

------
paulpauper
for enough money, pretty much anything can be backdoor-ed if it hasn't
already. The FBI, CIA NSA,. etc have a huge trove of 0-days for this purpose.
It's like "I thought TOR made me anonymous" ha you thought wrong.

------
aphextron
>In order to transfer data to or from the iPhone using the port, a person
would first need to enter the phone’s password. (Phones could still be charged
without a password.)

So how long before the NSA has it cracked with power signal analysis?

~~~
briandear
If we could ban parallel construction than any NSA exploit would be rendered
worthless for domestic criminal prosecutions.

~~~
bilbo0s
There's a ban against law enforcement planting evidence on innocent detainees.
That ban hasn't really stopped police departments across the nation from doing
that very thing.

[https://www.nola.com/news/index.ssf/2008/09/city_settles_law...](https://www.nola.com/news/index.ssf/2008/09/city_settles_lawsuit_against_n.html)

[https://www.nytimes.com/2018/02/06/us/baltimore-police-
corru...](https://www.nytimes.com/2018/02/06/us/baltimore-police-
corruption.html)

Etc etc etc

I'm fairly certain a ban on parallel construction would not do you much good.

------
Shivetya
Perhaps then its high time we encrypt all personal computers as well by
default.

~~~
workaccount34
Ah yes. Windows 10 has a built in drive encryption. It should be enabled by
default.

(little do they know, it sends the encryption key to microsoft)

------
ppeetteerr
If guns had the same safety mechanisms as the iPhone, maybe we'd see fewer
shootings. You know, register a gun to an owner, not allow anyone but the
owner to fire the gun, etc. (yes, I realize ownership is already registered,
but you can circumvent registration through various means)

~~~
lostapathy
It's also simply not practical to apply these mechanisms to guns without
making them less safe or reliable.

A gun must always work when needed for protection - it's not like software
where it's ok to be "down", rebooting, or having battery troubles some of the
time.

~~~
ajross
> making them less safe

That's a very spun definition for "safe". Any individual gun is _far, far,
FAR_ more likely to be used to commit a crime than deter one.

~~~
JackCh
That depends on how you define "used". And furthermore, while it _may_ be true
for guns on average, it's not true for _any individual_ gun. You are confusing
individuals for averages.

------
randyrand
I always see headlines about this for iOS. What about android? Is it
crackable?

~~~
nicky0
Yes, easily.

------
wpdev_63
Is that the one they use to remote exploit iphones? Or is that a backdoor?

