×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DOJ Says iPhone Is So Secure They Can't Crack It

samzenpus posted about a year and a half ago | from the too-hard dept.

Cellphones 454

zacharye writes "In the five years since Apple launched the iPhone, the popular device has gone from a malicious hacker's dream to law enforcement's worst nightmare. As recounted by the Massachusetts Institute of Technology's Technology Review blog, a Justice Department official recently took the stage at the DFRWS computer forensics conference in Washington, D.C. and told attendees that the beefed up security in iOS is now so good that it has become a nightmare for law enforcement."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

454 comments

Government Computer Skillz (5, Funny)

ryanov (193048) | about a year and a half ago | (#40974953)

I've never been too impressed with government agencies and their knowledge of computing.

TWO WORDS (5, Insightful)

Jeremiah Cornelius (137) | about a year and a half ago | (#40975089)

iCloud Supoena.

So, the "remote control" is uncrackable? iCloud and Siri and "location awareness" with GSM, WiFi and GPS make the security of the actual device nearly an orthoganal proposition to any enforceable protection for the user or data.

When this is so clearly a form of misdirection, I can't help but wonder the purpose of a DOJ statement like his being made public. Which perception and behaviour are they trying to influence, and by whom?

Re:TWO WORDS (0)

medcalf (68293) | about a year and a half ago | (#40975263)

Isn't the iCloud stuff (specifically, the device backups) also AES encrypted with a key Apple doesn't have? I will have to dig up the article, but I'm pretty sure I saw that.

Re:TWO WORDS (5, Informative)

Baloroth (2370816) | about a year and a half ago | (#40975545)

Isn't the iCloud stuff (specifically, the device backups) also AES encrypted with a key Apple doesn't have? I will have to dig up the article, but I'm pretty sure I saw that.

No. [arstechnica.com]

mod TFS (5, Insightful)

AliasMarlowe (1042386) | about a year and a half ago | (#40975241)

TFA and TFS should be modded +5 Funny.
One suspects that there are back doors all over the iPhone, in addition to the various apps that have access to remarkable amounts of stored material and regularly send it home (or elsewhere). Otherwise its alleged impenetrability would hardly be promoted by law enforcement. It's like Brer Rabbit pleading "please don't throw me in the briar patch".

Re:mod TFS (0, Offtopic)

TheGratefulNet (143330) | about a year and a half ago | (#40975393)

OT, but since song of the south was *banned* by disney, you could only get a copy if you went to where pirates hang out.

it was a great classic movie but disney capitulated to pressure (their own, in fact!) and banned the film.

uncle remus is not fit for modern audiences. it 'offends their sensibilities'. or something like that.

oh, btw, FUCK DISNEY.

Sounds fishy (0)

Anonymous Coward | about a year and a half ago | (#40975269)

I think it's a honeypot statement meant to draw perps to iOS, LOL.

Re:Government Computer Skillz (5, Insightful)

Sparticus789 (2625955) | about a year and a half ago | (#40975371)

I was at this conference, the running joke was "If it's encrypted, forget about it!" Everyone knows this. FDE and utilities like TrueCrypt will always prevent data recovery, save for the human factor of giving up the password.

Also at the conference was the strong difference between American and British/Australian law. In the U.S., the 5th Amendment prevents someone from being required to turn over their password. The Brits and Aussies do not have this problem, as the 5th amendment doesn't exist for them.

Re:Government Computer Skillz (3, Interesting)

spire3661 (1038968) | about a year and a half ago | (#40975445)

Its a problem, they just choose to ignore the human side of the law. The position the British have taken on this is untenable.

I don't believe it (1, Interesting)

1s44c (552956) | about a year and a half ago | (#40974959)

As far as I know the iphone doesn't use full disk encryption. It's not that difficult to get all the data off it.

What 'law enforcement' means is that it's not convenient to steal people's data.

Re:I don't believe it (5, Informative)

TheLandyman (1130027) | about a year and a half ago | (#40974979)

I believe, as of iPhone 3GS, it does.. but I'm too lazy to google and confirm.

Re:I don't believe it (2)

jittles (1613415) | about a year and a half ago | (#40975353)

This is only if you have a passcode on the device. Not to mention that you need to encrypt your backups, or they can just pull your iPhone's data right off your iTunes backup.

Re:I don't believe it (4, Interesting)

mshenrick (1874438) | about a year and a half ago | (#40975435)

Unlike Android (when enabled), it doesn't prompt for the key before booting the OS, so it's only partly encrypted. Yes the OS is mounted read only on iOS (as on Android by default) jailbreaking changes this, as does rooting, but you can't if it's fully encrypted

Re:I don't believe it (1)

BlueRaja (1397333) | about a year and a half ago | (#40975001)

I believe iOS has had forced full-disk encryption since iOS4

Re:I don't believe it (2)

jittles (1613415) | about a year and a half ago | (#40975369)

As I have commented above, this is only the case when you have a passcode enabled. And your files are not encrypted in backups, either. Plus when your phone is unlocked, any exploit that allows you to leave the sandbox would let you access any encrypted files. This means that if that one company still has the software that breaks the iPhone's passcode by using a USB bruteforce (bypassing the lock screen's security), you're out of luck!

Re:I don't believe it (-1, Troll)

Anonymous Coward | about a year and a half ago | (#40975009)

Hah, now that's funny - iPhone users are among the most willingly penetrated through their own back doors, but the same can't be said about the iPhones themselves.

-- Ethanol-fueled

Re:I don't believe it (5, Funny)

TheLandyman (1130027) | about a year and a half ago | (#40975067)

As an iPhone user since the first model, I've never been penetrated through my back door... willingly or otherwise.

Re:I don't believe it (-1)

Anonymous Coward | about a year and a half ago | (#40975165)

So then how do you explain the incontinence and rampant hemorrhoids?

Re:I don't believe it (0)

Anonymous Coward | about a year and a half ago | (#40975337)

From the time before when he was an Android user.

Re:I don't believe it (-1)

Anonymous Coward | about a year and a half ago | (#40975199)

As an iPhone user since the first model, I've never been penetrated through my back door... willingly or otherwise that I am aware of.

FTFY

Re:I don't believe it (1)

Anonymous Coward | about a year and a half ago | (#40975443)

As an iPhone user since the first model, I've never been penetrated through my back door... willingly or otherwise that I am aware of.

FTFY

I can't believe you just did that! What kind of monster are you? End a sentence with a preposition? You should be summarily executed!

Re:I don't believe it (0)

andy16666 (1592393) | about a year and a half ago | (#40975111)

You sign your anonymous comments? Hmmm...

Re:I don't believe it (0)

Anonymous Coward | about a year and a half ago | (#40975281)

his account is no longer....

pay attention.

Re:I don't believe it (-1)

Anonymous Coward | about a year and a half ago | (#40975011)

I stuck my dick in your mom's cooch and blew my sloppy load in there. Then your faggot ass was born 9 months later. I knew I shoulda made that bitch abort!

Re:I don't believe it (1, Insightful)

icebike (68054) | about a year and a half ago | (#40975037)

There are companies selling suites of forensics tools that blow thur any iphone security in a heart beat.
Not to mention that every hacker can get into a stolen phone with any number of widely published tricks.

Re:I don't believe it (1)

lister king of smeg (2481612) | about a year and a half ago | (#40975535)

If I remember correctly there was a hacker that wrote some javascript into his webpage that would jailbreak your phone when you visited his page. Apple as I recall ended up hiring him.

Re:I don't believe it (1)

Alarash (746254) | about a year and a half ago | (#40975101)

I'm pretty sure what they mean is "Oh my, this is very hard to crack, if you have something to hide by all means get an iPhone!"

Re:I don't believe it (5, Informative)

Anonymous Coward | about a year and a half ago | (#40975109)

Wrong.
It uses full disk encryption. However, that can be circumvented quite easily with a jailbreak (if one exists).

However, there is a second encryption system. This system derives the keys from your passcode and a key that is stored within a secure element on the iPhone. Thus, you need to know the Passcode of the iPhone in order to decrypt those files. Since, the key derivation function is tied to the passcode and the key within the secure element you cannot offload the brute-force attack to external machines, you need to do it on the iPhone. This means that a brute-force attack on a 4-digit PIN takes about 20 minutes (ok, that's not much), but when you consider complex PINs with 5 or more characters you are soon at 50 days (don't have the exact numbers in my mind right now, but there is a good presentation on that).

Downturn: You must rely on the app developer to chose the right protection class for the files. If he doesn't then you are down to the rather insecure full-disk-encryption, and you need to chose a longer Passcode...

Re:I don't believe it (4, Informative)

Anonymous Coward | about a year and a half ago | (#40975131)

> "As far as I know the iphone doesn't use full disk encryption."

And because you don't know if it does that means it doesn't, right?

http://support.apple.com/kb/HT4175 [apple.com]

Full device encryption has been available since the 3GS, when they added in hardware encryption support to their iOS products.

Before speaking on a subject you know absolutely nothing about you should do a little research on it first.

Re:I don't believe it (1)

mshenrick (1874438) | about a year and a half ago | (#40975461)

But, Unlike Android (when enabled), it doesn't prompt for the key before booting the OS, so it's only partly encrypted. Yes the OS is mounted read only on iOS (as on Android by default) jailbreaking changes this, as does rooting, but you can't if it's fully encrypted

Re:I don't believe it (0)

Anonymous Coward | about a year and a half ago | (#40975475)

But this is slashdot!

Re:I don't believe it (-1, Troll)

Karganeth (1017580) | about a year and a half ago | (#40975507)

What the fuck is your problem? He stated "as far as I know..." which is the GOOD thing to do instead of saying "It is true that...". Nowhere did he claim that because he believe something it makes it true. It makes perfect sense to act in accordance with your beliefs (rather than what is true) because you can never know the truth with certainty.

You, sir, are a fucking idiot.

Re:I don't believe it (4, Informative)

wvmarle (1070040) | about a year and a half ago | (#40975335)

According to TFA, encryption and decryption is now available and built in in the hardware even. So it's become computationally cheap. The AES key is also burned in silicon, making it impossible to get to.

But as usual the weakest link is the user's password, in this case a PIN. A typical 4-digit PIN can be cracked (using special software to prevent phone from wiping itself after ten failed attempts) in a matter of minutes; one needs an 8-digit PIN to be reasonably secure (average 15 years for a brute-force attack).

Full disk encryption, but... (1)

DragonWriter (970822) | about a year and a half ago | (#40975417)

As far as I know the iphone doesn't use full disk encryption. It's not that difficult to get all the data off it.

Since the 3GS, the iPhone uses full disk encryption -- but instead of requiring an externally provided key (provided, e.g., by hashing a password), the key is stored on the device and automatically used to decrype data whenever data is requested from the device. The encryption system exists to enable the instant "remote wipe" feature (which is accomplished by simply deleting the key stored on the device), but does nothing to prevent anyone from accessing data on the phone if it is not connected to the network once they acquire physical control of it (or if the user is prevented from issuing a remote-wipe command, as might well be the case if the seizure of the device is concurrent with the user's arrest.)

Welcome to my Nightmare (5, Funny)

carrier lost (222597) | about a year and a half ago | (#40974969)

Gee. The government can't spy on you using your own hardware?

This is truly frightening.

Re:Welcome to my Nightmare (1)

Severus Snape (2376318) | about a year and a half ago | (#40975025)

Would you rather see big corporations doing it for them? That's the only way things will go if there ever is a change.

Re:Welcome to my Nightmare (1)

carrier lost (222597) | about a year and a half ago | (#40975243)

Would you rather see big corporations doing it for them?

I don't understand this. My understanding of the article is that if the police apprehend you and take your phone, if it's an iPhone, they won't be able to crack the encryption.

Is this a bad thing? Are you a criminal? If you're not a criminal, you have nothing to hide [falkvinge.net], citizen.

Re:Welcome to my Nightmare (1)

saider (177166) | about a year and a half ago | (#40975345)

I don't understand this. My understanding of the article is that if the police apprehend you and take your phone, if it's an iPhone, they won't be able to crack the encryption.

Is this a bad thing? Are you a criminal?

Yes. That is why the police apprehended you.

Completely false (1)

Anonymous Coward | about a year and a half ago | (#40974981)

Re:Completely false (0)

Anonymous Coward | about a year and a half ago | (#40975121)

Article is at least 2 years old looking at the comments.

Nice try anyhow.

sounds like a challenge (5, Insightful)

circletimessquare (444983) | about a year and a half ago | (#40974991)

(also article is a little too breathlessly enamored of apple: PR astroturf?)

Re:sounds like a challenge (1)

Anonymous Coward | about a year and a half ago | (#40975157)

Oh, come now, sir, don't be absurd! After all, the author is the highly-regarded Cim Took, who, as he keeps specifically reminding everyone any time they bring it up, is NOT an unimaginative pseudonym for Apple's current CEO! In fact, he's so sure of that, he'll remind everyone about it even if they DON'T bring it up! So stop fretting, ya silly worrywart!

Re:sounds like a challenge (0)

Anonymous Coward | about a year and a half ago | (#40975247)

Apple does not astrosmurf. They only offer white, black and silver crap...

Good. (2)

Jeremy Erwin (2054) | about a year and a half ago | (#40974999)

It's a start.

Re:Good. (2)

DJ Jones (997846) | about a year and a half ago | (#40975139)

In unrelated news: Apple sued by DOJ for breaking anti-trust laws. Suit settled out of court for unknown damages.

....Soon thereafter, US Homeland Security Agency states "we have no more concerns regarding apple's encryption systems".

And if you believe that... (5, Insightful)

Anonymous Coward | about a year and a half ago | (#40975003)

...I've got some "moon" rocks I'd like to sell you.

Honestly, this seems like a way to trick dumb criminals into thinking their information is secure just because they use an iPhone. If this were truly the case, and the DOJ does really have problems in dealing with iOS devices, I'd expect them to remain tight lipped about it.

Re:And if you believe that... (2)

Dins (2538550) | about a year and a half ago | (#40975317)

If this were truly the case, and the DOJ does really have problems in dealing with iOS devices, I'd expect them to remain tight lipped about it.

No, they'd strong arm Apple into providing them with back doors and then remain tight lipped about it...

Oblig xkcd (2)

ginoledesma (161722) | about a year and a half ago | (#40975023)

How long until they just resort to this [xkcd.com]?

Re:Oblig xkcd (4, Informative)

cpu6502 (1960974) | about a year and a half ago | (#40975309)

Hitting people with wrenches is forbidden by the Bill of Rights.

Re:Oblig xkcd (0)

Anonymous Coward | about a year and a half ago | (#40975383)

Hitting people with wrenches is forbidden by the Bill of Rights.

Indeed. They only hold you in contempt perpetually, not hit you.

Re:Oblig xkcd (2)

plover (150551) | about a year and a half ago | (#40975469)

Using evidence in court that was obtained by hitting you with wrenches is forbidden, nor can they use information derived from that information. (Fruit of the poisoned tree.)

Depending on the data, though, they may not be nearly as interested in prosecuting you.

Re:Oblig xkcd (0)

Anonymous Coward | about a year and a half ago | (#40975491)

That's the same Bill of Rights that prohibits arbitrary detention in absence of due process, right?

Re:Oblig xkcd (3, Insightful)

KhabaLox (1906148) | about a year and a half ago | (#40975501)

Hitting people with wrenches is forbidden by the Bill of Rights.

Your point being....?

Didn't stop them from hitting Padilla or Manning with metaphorical wrenches. A couple more direct examples: reporters [wikipedia.org] jailed (or threatened [nytimes.com] with jail) for not revealing their sources.

Re:Oblig xkcd (1)

jbeaupre (752124) | about a year and a half ago | (#40975539)

Since it is not expressly forbidden, they may be tempted to test if it is.

Whack!
      "Is that cruel?"
Whack!
      "How about now?"
Whack!
      "How about now?"
Whack!
.
.
.

Re:Oblig xkcd (0)

Anonymous Coward | about a year and a half ago | (#40975555)

So are a lot of things, and we see how well that's tended to stop those in power...

Serious suck? (0)

Anonymous Coward | about a year and a half ago | (#40975029)

Unless Apple started using full encryption ten minutes ago getting the data is very easy. With the help of Apple its a piece of cake and much simpler than to get data from a foreign hosted server. Hyperbole much?

That's Odd (1)

drpimp (900837) | about a year and a half ago | (#40975047)

I thought all you had to do was use a little social engineering and you can do what you want with the data. /ducks

Re:That's Odd (1)

gnasher719 (869701) | about a year and a half ago | (#40975169)

I thought all you had to do was use a little social engineering and you can do what you want with the data. /ducks

That's not understanding the difference between DoS and security breach. It was possible (probably harder now) to convince Apple to let you remotely wipe an iPhone. That's bloody inconvenient for the rightful owner, but not a security breach.

"Nightmare for law enforcement" (0)

Anonymous Coward | about a year and a half ago | (#40975055)

I think that's my new favorite phrase for the 21st century.

Oh, No, Don't Throw Me In That There Briar Patch (1)

Fned (43219) | about a year and a half ago | (#40975065)

Why, if all them criminals and terrorists were to get iPhones, they'd just be able to blab anything they wanted all day long and there ain't a durn thing we could do to crack 'em, nope. Why, I don't know what we'd do then, no sirree. I sure hope them criminals don't all go out and buy iPhones to openly talk about crime to each other on or nothin'...

It's BS. I can tell you how to crack iphone. (1)

Anonymous Coward | about a year and a half ago | (#40975091)

It's BS. I can tell you how to crack iphone.
Iphone is vulnerable to side channel "emissions" based attacks. It can easily be cracked with the right equipment even if not be brute force. To say it's encryption cannot be cracked by bruteforce is true but most encryption cannot be cracked by bruteforce.

Anyone care to dispute that Iphone is vulnerable to side channel attacks?

Re:It's BS. I can tell you how to crack iphone. (3, Funny)

Mike Buddha (10734) | about a year and a half ago | (#40975175)

Yeah, totally. I hacked a Gibson with side channel "emmisions" once. I used a Pac-man virus.

There's a app for that I'm sure (0)

Anonymous Coward | about a year and a half ago | (#40975105)

Does Apple not have a back door in the phone? What about the carrier? Some Iphone apps have access to much of the phone's information. All in all, the article sounds like a ridiculous claim.

nice reverse psychology (0)

Anonymous Coward | about a year and a half ago | (#40975135)

They will monitor the sudden increase in Iphone users..ofcourse they must be criminal.

Translation... (1)

ark1 (873448) | about a year and a half ago | (#40975137)

iPhone is the most vulnerable phone out there. We hope all criminals will now use it.

Just ask Apple (2, Informative)

Anonymous Coward | about a year and a half ago | (#40975141)

Just ask Apple the password they'll give it to you : http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

Apple Slogan: Insert here. (0)

Anonymous Coward | about a year and a half ago | (#40975143)

Apple: Our phone might be secure, but our website sure isn't!

Just ask Apple to help (0)

Anonymous Coward | about a year and a half ago | (#40975163)

I would be very surprised if Apple could not extract any information from any iDevice through some backdoor and/or physical access to the device itself. Therefore, the DOJ only has to ask Apple to "help", and when the government asks, big companies are likely to listen. This is just another case of security through obscurity; you should not trust anything you don't fully control.

Umm.. what? (5, Informative)

Vellmont (569020) | about a year and a half ago | (#40975179)

5 minutes ago I knew nothing of Apples full disk encryption. Now I find an article that states:

The release of the iPhone 3GS (and later iPod Touch 3rd Generation) brought hardware-based full disk encryption (FDE) to the iPhone. This was designed to accomplish one thing: instantaneous remote wipe. While the iPhone 3G had to overwrite every bit in flash memory (sometimes taking several hours), disk wiping on the 3GS worked by simply erasing the 256-bit AES key used to encrypt the data.

Unfortunately, disk encryption on the iPhone did little beyond enabling remote wipe. Mobile forensicator Jonathan Zdziarski found that the iPhone OS automatically decrypts data when a request for data is made, effectively making the encryption worthless for protecting data.

http://anthonyvance.com/blog/forensics/ios4_data_protection/ [anthonyvance.com]

So I'd say I'm just VERY skeptical that the DOJ can't crack something that wasn't really designed with any security in mind in the first place. Either that, or the DOJ has nobody with any skills whatsoever.

Re:Umm.. what? (1)

bill_mcgonigle (4333) | about a year and a half ago | (#40975253)

Either that, or the DOJ has nobody with any skills whatsoever.

Or they'd like criminals to believethat they can't pull data from an iPhone.

Re:Umm.. what? (0)

Anonymous Coward | about a year and a half ago | (#40975433)

Last time I checked, the government can't lie. It can only deny.

Re:Umm.. what? (2)

jamstar7 (694492) | about a year and a half ago | (#40975533)

Either that, or the DOJ has nobody with any skills whatsoever.

Or they'd like criminals to believethat they can't pull data from an iPhone.

Or, they're cops and they don't want to have to go through the bother of getting a warrant when the phone is 'obviously in plain sight and thus immune to the regular rules of search and siezure'.

Re:Umm.. what? (0)

medcalf (68293) | about a year and a half ago | (#40975385)

So TFA says "iPhone security used to be terrible, but is now much better," and your response is basically, "No it's not: here's a 2 year old article that says that iPhone security is terrible." You haven't exactly disputed the article.

Re:Umm.. what? (0)

Anonymous Coward | about a year and a half ago | (#40975431)

So I'd say I'm just VERY skeptical that the DOJ can't crack something that wasn't really designed with any security in mind in the first place.

That was an iOS 4 bug/misfeature, not a weakness in the hardware encryption.

Lawl Enforcement (0)

Anonymous Coward | about a year and a half ago | (#40975185)

I find this story incredibly unlikely for some reason...

Translated: We have all the keys (0)

Anonymous Coward | about a year and a half ago | (#40975225)

They are appealing to the crooks to use the platform since Apple gave them all the keys...

Nicely done, but lacking in subtlety. (4, Funny)

Minwee (522556) | about a year and a half ago | (#40975261)

I look forward to Ovie Carroll's next few breathless announcements:

"Hooh, boy, that YouTube is soooo secure, a person could sign up for an account using their real name and home address, then post videos of them committing crimes online and law enforcement would never ever be able to track them! Honest!"

"You know where the safest place to hide stuff is? Underneath the welcome mat at 950 Pennsylvania Avenue, NW in Washington, DC. Really! We did a study and figured out that once that mat is pushed down on top of something, whether it's drugs, cash or big file folders full of industrial secrets, there's NO way that any one can get into it."

"My biggest nightmare is someone committing a crime, then emailing a detailed confession to ovie.carroll@usdoj.gov. Once something gets into those email tubes it's IMPOSSIBLE to get it back out and figure out what happened. Really. You can trust me. I'm with the government."

FIPS / Common Criteria (0)

Anonymous Coward | about a year and a half ago | (#40975299)

I'll start really trusting iOS once Apple receives some Common Criteria certification. For the issues Blackberrys may have, RIM does at least take (data) security seriously:

http://us.blackberry.com/business/topics/security/certifications.html

Maybe iPhones are 'secure', and maybe they're not, but at the very least I'd like some third party checking. Considering that in March we had a story that said just the opposite, colour me skeptical:

http://apple.slashdot.org/story/12/03/27/212254/

A couple of points (1)

cynop (2023642) | about a year and a half ago | (#40975303)

First of all TFA is about how difficult it is to grab plaintext from a whole-disk encrypted drive. From what i know, the iphone is NOT whole-disk encrypted.

Secondly, the same could be said about any android phone which employs whole-disk encryption.

Thirdly, this talk from BlackHat2012 seems like an interesting reading to acompany TFA https://viaforensics.com/mobile-security-category/blackhat2012-zdziarski-ios-application-hacking.html [viaforensics.com]

But more importantly than all of the above, i think it's naive to assume Apple doesn't have the master key for every iDevice. When the govermernt comes knocking, if you base your security to just the basics apple gives you, you're pretty much screwed.

Android is still more secure (1)

mshenrick (1874438) | about a year and a half ago | (#40975367)

I hate to be that Android fanboy, but Android has full OS encryption, which is much harder to crack

its not clear to me that AES is the hard part... (1)

bloosqr (33593) | about a year and a half ago | (#40975407)

I didn't draw this conclusion at all. From the actual article it states initially the drives weren't encrypted at all so the flash dump lead to completely accessible contents. Now the flash dump is encrypted but the key is in flash memory which is simply locked by a pin. Even with a fully AES encrypted drive, you can brute force that with the standard 4 digit pin in 15 minutes. The hard part is not working out the AES key the hard part is brute forcing the pin sitting in the front which leads to the AES key sitting in standard flash memory. Yes a longer pin takes longer (55 days for the 8 digit pin) but one can imagine emulating the entire flash dumped iphone in software and parallelizing that just to pull out the key from bruteforcing the pin..

-avi

a few things... (1)

CheshireDragon (1183095) | about a year and a half ago | (#40975419)

I have a hard time believing that the DOJ can not crack the iPhone. They are either full of shit or actually telling the truth. I can only assume it is a little bit of both.
Have they not spoken with the hackers that discovered Jailbreaking? They are well known and can be reached rather easily.

Even though I own a few MacBook Pros, I have never wanted to own an 'i' product. However, if the DOJ is this fucking stupid then maybe an iPhone is in my future.

Easy (5, Funny)

Dcnjoe60 (682885) | about a year and a half ago | (#40975423)

DOJ Says iPhone Is So Secure They Can't Crack It

I dropped mine off the balcony to the pavement below. It seems that it is very easy to crack an iPhone.

Its a trap! (1)

flyingfsck (986395) | about a year and a half ago | (#40975463)

The DOJ wants crooks to rush out and buy iPhones instead of Android phones, so that they can track and eavesdrop on them.

Translation (1)

JDG1980 (2438906) | about a year and a half ago | (#40975499)

In other words, AES-256 encryption is still secure. This shouldn't really come as a surprise to anyone.

They're taking the wrong approach. (1)

kelemvor4 (1980226) | about a year and a half ago | (#40975565)

No need to hack an iphone in order to get a users data if you are law enforcement. A subpoena (or perhaps even less than that) would get you all the information you need from apple's iCloud. I said "perhaps even less than that" because there's been numerous articles over the last few years highlighting the fact that your data stored in a third parties' datacenter is not protected by your civil rights.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...