Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DOJ Says iPhone Is So Secure They Can't Crack It

samzenpus posted about 2 years ago | from the too-hard dept.

Cellphones 454

zacharye writes "In the five years since Apple launched the iPhone, the popular device has gone from a malicious hacker's dream to law enforcement's worst nightmare. As recounted by the Massachusetts Institute of Technology's Technology Review blog, a Justice Department official recently took the stage at the DFRWS computer forensics conference in Washington, D.C. and told attendees that the beefed up security in iOS is now so good that it has become a nightmare for law enforcement."

cancel ×

454 comments

Sorry! There are no comments related to the filter you selected.

Government Computer Skillz (5, Funny)

ryanov (193048) | about 2 years ago | (#40974953)

I've never been too impressed with government agencies and their knowledge of computing.

TWO WORDS (5, Insightful)

Jeremiah Cornelius (137) | about 2 years ago | (#40975089)

iCloud Supoena.

So, the "remote control" is uncrackable? iCloud and Siri and "location awareness" with GSM, WiFi and GPS make the security of the actual device nearly an orthoganal proposition to any enforceable protection for the user or data.

When this is so clearly a form of misdirection, I can't help but wonder the purpose of a DOJ statement like his being made public. Which perception and behaviour are they trying to influence, and by whom?

Re:TWO WORDS (0)

medcalf (68293) | about 2 years ago | (#40975263)

Isn't the iCloud stuff (specifically, the device backups) also AES encrypted with a key Apple doesn't have? I will have to dig up the article, but I'm pretty sure I saw that.

Re:TWO WORDS (5, Informative)

Baloroth (2370816) | about 2 years ago | (#40975545)

Isn't the iCloud stuff (specifically, the device backups) also AES encrypted with a key Apple doesn't have? I will have to dig up the article, but I'm pretty sure I saw that.

No. [arstechnica.com]

mod TFS (5, Insightful)

AliasMarlowe (1042386) | about 2 years ago | (#40975241)

TFA and TFS should be modded +5 Funny.
One suspects that there are back doors all over the iPhone, in addition to the various apps that have access to remarkable amounts of stored material and regularly send it home (or elsewhere). Otherwise its alleged impenetrability would hardly be promoted by law enforcement. It's like Brer Rabbit pleading "please don't throw me in the briar patch".

Re:mod TFS (0, Offtopic)

TheGratefulNet (143330) | about 2 years ago | (#40975393)

OT, but since song of the south was *banned* by disney, you could only get a copy if you went to where pirates hang out.

it was a great classic movie but disney capitulated to pressure (their own, in fact!) and banned the film.

uncle remus is not fit for modern audiences. it 'offends their sensibilities'. or something like that.

oh, btw, FUCK DISNEY.

Sounds fishy (0)

Anonymous Coward | about 2 years ago | (#40975269)

I think it's a honeypot statement meant to draw perps to iOS, LOL.

Re:Government Computer Skillz (5, Insightful)

Sparticus789 (2625955) | about 2 years ago | (#40975371)

I was at this conference, the running joke was "If it's encrypted, forget about it!" Everyone knows this. FDE and utilities like TrueCrypt will always prevent data recovery, save for the human factor of giving up the password.

Also at the conference was the strong difference between American and British/Australian law. In the U.S., the 5th Amendment prevents someone from being required to turn over their password. The Brits and Aussies do not have this problem, as the 5th amendment doesn't exist for them.

Re:Government Computer Skillz (3, Interesting)

spire3661 (1038968) | about 2 years ago | (#40975445)

Its a problem, they just choose to ignore the human side of the law. The position the British have taken on this is untenable.

I don't believe it (1, Interesting)

1s44c (552956) | about 2 years ago | (#40974959)

As far as I know the iphone doesn't use full disk encryption. It's not that difficult to get all the data off it.

What 'law enforcement' means is that it's not convenient to steal people's data.

Re:I don't believe it (5, Informative)

TheLandyman (1130027) | about 2 years ago | (#40974979)

I believe, as of iPhone 3GS, it does.. but I'm too lazy to google and confirm.

Re:I don't believe it (2)

1s44c (552956) | about 2 years ago | (#40975053)

It seems you are right. I'm impressed.

Re:I don't believe it (1)

TheLandyman (1130027) | about 2 years ago | (#40975125)

Why thank you sir. or maddam.

Re:I don't believe it (-1, Offtopic)

Anonymous Coward | about 2 years ago | (#40975357)

Or Vagina

Re:I don't believe it (2)

jittles (1613415) | about 2 years ago | (#40975353)

This is only if you have a passcode on the device. Not to mention that you need to encrypt your backups, or they can just pull your iPhone's data right off your iTunes backup.

Re:I don't believe it (4, Interesting)

mshenrick (1874438) | about 2 years ago | (#40975435)

Unlike Android (when enabled), it doesn't prompt for the key before booting the OS, so it's only partly encrypted. Yes the OS is mounted read only on iOS (as on Android by default) jailbreaking changes this, as does rooting, but you can't if it's fully encrypted

Re:I don't believe it (1)

BlueRaja (1397333) | about 2 years ago | (#40975001)

I believe iOS has had forced full-disk encryption since iOS4

Re:I don't believe it (2)

jittles (1613415) | about 2 years ago | (#40975369)

As I have commented above, this is only the case when you have a passcode enabled. And your files are not encrypted in backups, either. Plus when your phone is unlocked, any exploit that allows you to leave the sandbox would let you access any encrypted files. This means that if that one company still has the software that breaks the iPhone's passcode by using a USB bruteforce (bypassing the lock screen's security), you're out of luck!

Re:I don't believe it (1)

spire3661 (1038968) | about 2 years ago | (#40975471)

You can choose to encrypt the iphone backups, at least on a mac you can.

Re:I don't believe it (-1, Troll)

Anonymous Coward | about 2 years ago | (#40975009)

Hah, now that's funny - iPhone users are among the most willingly penetrated through their own back doors, but the same can't be said about the iPhones themselves.

-- Ethanol-fueled

Re:I don't believe it (5, Funny)

TheLandyman (1130027) | about 2 years ago | (#40975067)

As an iPhone user since the first model, I've never been penetrated through my back door... willingly or otherwise.

Re:I don't believe it (-1)

Anonymous Coward | about 2 years ago | (#40975165)

So then how do you explain the incontinence and rampant hemorrhoids?

Re:I don't believe it (0)

Anonymous Coward | about 2 years ago | (#40975337)

From the time before when he was an Android user.

Re:I don't believe it (1)

CheshireDragon (1183095) | about 2 years ago | (#40975481)

Old age...

Re:I don't believe it (-1)

Anonymous Coward | about 2 years ago | (#40975199)

As an iPhone user since the first model, I've never been penetrated through my back door... willingly or otherwise that I am aware of.

FTFY

Re:I don't believe it (1)

Anonymous Coward | about 2 years ago | (#40975443)

As an iPhone user since the first model, I've never been penetrated through my back door... willingly or otherwise that I am aware of.

FTFY

I can't believe you just did that! What kind of monster are you? End a sentence with a preposition? You should be summarily executed!

Re:I don't believe it (0)

andy16666 (1592393) | about 2 years ago | (#40975111)

You sign your anonymous comments? Hmmm...

Re:I don't believe it (0)

Anonymous Coward | about 2 years ago | (#40975281)

his account is no longer....

pay attention.

Re:I don't believe it (-1)

Anonymous Coward | about 2 years ago | (#40975011)

I stuck my dick in your mom's cooch and blew my sloppy load in there. Then your faggot ass was born 9 months later. I knew I shoulda made that bitch abort!

Re:I don't believe it (1, Insightful)

icebike (68054) | about 2 years ago | (#40975037)

There are companies selling suites of forensics tools that blow thur any iphone security in a heart beat.
Not to mention that every hacker can get into a stolen phone with any number of widely published tricks.

Re:I don't believe it (1)

lister king of smeg (2481612) | about 2 years ago | (#40975535)

If I remember correctly there was a hacker that wrote some javascript into his webpage that would jailbreak your phone when you visited his page. Apple as I recall ended up hiring him.

Re:I don't believe it (1)

Alarash (746254) | about 2 years ago | (#40975101)

I'm pretty sure what they mean is "Oh my, this is very hard to crack, if you have something to hide by all means get an iPhone!"

Re:I don't believe it (5, Informative)

Anonymous Coward | about 2 years ago | (#40975109)

Wrong.
It uses full disk encryption. However, that can be circumvented quite easily with a jailbreak (if one exists).

However, there is a second encryption system. This system derives the keys from your passcode and a key that is stored within a secure element on the iPhone. Thus, you need to know the Passcode of the iPhone in order to decrypt those files. Since, the key derivation function is tied to the passcode and the key within the secure element you cannot offload the brute-force attack to external machines, you need to do it on the iPhone. This means that a brute-force attack on a 4-digit PIN takes about 20 minutes (ok, that's not much), but when you consider complex PINs with 5 or more characters you are soon at 50 days (don't have the exact numbers in my mind right now, but there is a good presentation on that).

Downturn: You must rely on the app developer to chose the right protection class for the files. If he doesn't then you are down to the rather insecure full-disk-encryption, and you need to chose a longer Passcode...

Re:I don't believe it (4, Informative)

Anonymous Coward | about 2 years ago | (#40975131)

> "As far as I know the iphone doesn't use full disk encryption."

And because you don't know if it does that means it doesn't, right?

http://support.apple.com/kb/HT4175 [apple.com]

Full device encryption has been available since the 3GS, when they added in hardware encryption support to their iOS products.

Before speaking on a subject you know absolutely nothing about you should do a little research on it first.

Re:I don't believe it (1)

mshenrick (1874438) | about 2 years ago | (#40975461)

But, Unlike Android (when enabled), it doesn't prompt for the key before booting the OS, so it's only partly encrypted. Yes the OS is mounted read only on iOS (as on Android by default) jailbreaking changes this, as does rooting, but you can't if it's fully encrypted

Re:I don't believe it (0)

Anonymous Coward | about 2 years ago | (#40975475)

But this is slashdot!

Re:I don't believe it (-1, Troll)

Karganeth (1017580) | about 2 years ago | (#40975507)

What the fuck is your problem? He stated "as far as I know..." which is the GOOD thing to do instead of saying "It is true that...". Nowhere did he claim that because he believe something it makes it true. It makes perfect sense to act in accordance with your beliefs (rather than what is true) because you can never know the truth with certainty.

You, sir, are a fucking idiot.

Re:I don't believe it (4, Informative)

wvmarle (1070040) | about 2 years ago | (#40975335)

According to TFA, encryption and decryption is now available and built in in the hardware even. So it's become computationally cheap. The AES key is also burned in silicon, making it impossible to get to.

But as usual the weakest link is the user's password, in this case a PIN. A typical 4-digit PIN can be cracked (using special software to prevent phone from wiping itself after ten failed attempts) in a matter of minutes; one needs an 8-digit PIN to be reasonably secure (average 15 years for a brute-force attack).

Full disk encryption, but... (1)

DragonWriter (970822) | about 2 years ago | (#40975417)

As far as I know the iphone doesn't use full disk encryption. It's not that difficult to get all the data off it.

Since the 3GS, the iPhone uses full disk encryption -- but instead of requiring an externally provided key (provided, e.g., by hashing a password), the key is stored on the device and automatically used to decrype data whenever data is requested from the device. The encryption system exists to enable the instant "remote wipe" feature (which is accomplished by simply deleting the key stored on the device), but does nothing to prevent anyone from accessing data on the phone if it is not connected to the network once they acquire physical control of it (or if the user is prevented from issuing a remote-wipe command, as might well be the case if the seizure of the device is concurrent with the user's arrest.)

Welcome to my Nightmare (5, Funny)

carrier lost (222597) | about 2 years ago | (#40974969)

Gee. The government can't spy on you using your own hardware?

This is truly frightening.

Re:Welcome to my Nightmare (1)

Severus Snape (2376318) | about 2 years ago | (#40975025)

Would you rather see big corporations doing it for them? That's the only way things will go if there ever is a change.

Re:Welcome to my Nightmare (1)

carrier lost (222597) | about 2 years ago | (#40975243)

Would you rather see big corporations doing it for them?

I don't understand this. My understanding of the article is that if the police apprehend you and take your phone, if it's an iPhone, they won't be able to crack the encryption.

Is this a bad thing? Are you a criminal? If you're not a criminal, you have nothing to hide [falkvinge.net] , citizen.

Re:Welcome to my Nightmare (1)

saider (177166) | about 2 years ago | (#40975345)

I don't understand this. My understanding of the article is that if the police apprehend you and take your phone, if it's an iPhone, they won't be able to crack the encryption.

Is this a bad thing? Are you a criminal?

Yes. That is why the police apprehended you.

Obligatory tinfoil-hat quote (5, Funny)

RabidReindeer (2625839) | about 2 years ago | (#40975043)

Well, yes, that's what they'd like you to believe, isn't it?

Re:Obligatory tinfoil-hat quote (1)

mapsjanhere (1130359) | about 2 years ago | (#40975421)

Yes, it forces them to stand next to you with a hidden camera until you punch in your pin...

Completely false (1)

Anonymous Coward | about 2 years ago | (#40974981)

Re:Completely false (4, Insightful)

hawks5999 (588198) | about 2 years ago | (#40975051)

That video is over 2 years old. Re-read TFS.

Re:Completely false (0)

Anonymous Coward | about 2 years ago | (#40975121)

Article is at least 2 years old looking at the comments.

Nice try anyhow.

sounds like a challenge (5, Insightful)

circletimessquare (444983) | about 2 years ago | (#40974991)

(also article is a little too breathlessly enamored of apple: PR astroturf?)

Re:sounds like a challenge (1)

Anonymous Coward | about 2 years ago | (#40975157)

Oh, come now, sir, don't be absurd! After all, the author is the highly-regarded Cim Took, who, as he keeps specifically reminding everyone any time they bring it up, is NOT an unimaginative pseudonym for Apple's current CEO! In fact, he's so sure of that, he'll remind everyone about it even if they DON'T bring it up! So stop fretting, ya silly worrywart!

Re:sounds like a challenge (0)

Anonymous Coward | about 2 years ago | (#40975247)

Apple does not astrosmurf. They only offer white, black and silver crap...

Re:sounds like a challenge (4, Funny)

wonkey_monkey (2592601) | about 2 years ago | (#40975411)

Any sufficiently rabid fanboy is indistinguishable from a shill.

Good. (2)

Jeremy Erwin (2054) | about 2 years ago | (#40974999)

It's a start.

Re:Good. (2)

DJ Jones (997846) | about 2 years ago | (#40975139)

In unrelated news: Apple sued by DOJ for breaking anti-trust laws. Suit settled out of court for unknown damages.

....Soon thereafter, US Homeland Security Agency states "we have no more concerns regarding apple's encryption systems".

And if you believe that... (5, Insightful)

Anonymous Coward | about 2 years ago | (#40975003)

...I've got some "moon" rocks I'd like to sell you.

Honestly, this seems like a way to trick dumb criminals into thinking their information is secure just because they use an iPhone. If this were truly the case, and the DOJ does really have problems in dealing with iOS devices, I'd expect them to remain tight lipped about it.

Re:And if you believe that... (2)

Dins (2538550) | about 2 years ago | (#40975317)

If this were truly the case, and the DOJ does really have problems in dealing with iOS devices, I'd expect them to remain tight lipped about it.

No, they'd strong arm Apple into providing them with back doors and then remain tight lipped about it...

Oblig xkcd (2)

ginoledesma (161722) | about 2 years ago | (#40975023)

How long until they just resort to this [xkcd.com] ?

Re:Oblig xkcd (4, Informative)

cpu6502 (1960974) | about 2 years ago | (#40975309)

Hitting people with wrenches is forbidden by the Bill of Rights.

Re:Oblig xkcd (0)

Anonymous Coward | about 2 years ago | (#40975383)

Hitting people with wrenches is forbidden by the Bill of Rights.

Indeed. They only hold you in contempt perpetually, not hit you.

Re:Oblig xkcd (2)

plover (150551) | about 2 years ago | (#40975469)

Using evidence in court that was obtained by hitting you with wrenches is forbidden, nor can they use information derived from that information. (Fruit of the poisoned tree.)

Depending on the data, though, they may not be nearly as interested in prosecuting you.

Re:Oblig xkcd (0)

Anonymous Coward | about 2 years ago | (#40975491)

That's the same Bill of Rights that prohibits arbitrary detention in absence of due process, right?

Re:Oblig xkcd (3, Insightful)

KhabaLox (1906148) | about 2 years ago | (#40975501)

Hitting people with wrenches is forbidden by the Bill of Rights.

Your point being....?

Didn't stop them from hitting Padilla or Manning with metaphorical wrenches. A couple more direct examples: reporters [wikipedia.org] jailed (or threatened [nytimes.com] with jail) for not revealing their sources.

Re:Oblig xkcd (1)

jbeaupre (752124) | about 2 years ago | (#40975539)

Since it is not expressly forbidden, they may be tempted to test if it is.

Whack!
      "Is that cruel?"
Whack!
      "How about now?"
Whack!
      "How about now?"
Whack!
.
.
.

Re:Oblig xkcd (0)

Anonymous Coward | about 2 years ago | (#40975555)

So are a lot of things, and we see how well that's tended to stop those in power...

Serious suck? (0)

Anonymous Coward | about 2 years ago | (#40975029)

Unless Apple started using full encryption ten minutes ago getting the data is very easy. With the help of Apple its a piece of cake and much simpler than to get data from a foreign hosted server. Hyperbole much?

Re:Serious suck? (1)

Desler (1608317) | about 2 years ago | (#40975187)

It's been there since the 3GS. Which is definitely more than 10 minutes old.

That's Odd (1)

drpimp (900837) | about 2 years ago | (#40975047)

I thought all you had to do was use a little social engineering and you can do what you want with the data. /ducks

Re:That's Odd (1)

gnasher719 (869701) | about 2 years ago | (#40975169)

I thought all you had to do was use a little social engineering and you can do what you want with the data. /ducks

That's not understanding the difference between DoS and security breach. It was possible (probably harder now) to convince Apple to let you remotely wipe an iPhone. That's bloody inconvenient for the rightful owner, but not a security breach.

"Nightmare for law enforcement" (0)

Anonymous Coward | about 2 years ago | (#40975055)

I think that's my new favorite phrase for the 21st century.

Oh, No, Don't Throw Me In That There Briar Patch (1)

Fned (43219) | about 2 years ago | (#40975065)

Why, if all them criminals and terrorists were to get iPhones, they'd just be able to blab anything they wanted all day long and there ain't a durn thing we could do to crack 'em, nope. Why, I don't know what we'd do then, no sirree. I sure hope them criminals don't all go out and buy iPhones to openly talk about crime to each other on or nothin'...

It's BS. I can tell you how to crack iphone. (1)

Anonymous Coward | about 2 years ago | (#40975091)

It's BS. I can tell you how to crack iphone.
Iphone is vulnerable to side channel "emissions" based attacks. It can easily be cracked with the right equipment even if not be brute force. To say it's encryption cannot be cracked by bruteforce is true but most encryption cannot be cracked by bruteforce.

Anyone care to dispute that Iphone is vulnerable to side channel attacks?

Re:It's BS. I can tell you how to crack iphone. (3, Funny)

Mike Buddha (10734) | about 2 years ago | (#40975175)

Yeah, totally. I hacked a Gibson with side channel "emmisions" once. I used a Pac-man virus.

Now you know for certain (5, Interesting)

turbidostato (878842) | about 2 years ago | (#40975099)

The iPhone sports a master encryption key and DOJ has access to it.

There's a app for that I'm sure (0)

Anonymous Coward | about 2 years ago | (#40975105)

Does Apple not have a back door in the phone? What about the carrier? Some Iphone apps have access to much of the phone's information. All in all, the article sounds like a ridiculous claim.

nice reverse psychology (0)

Anonymous Coward | about 2 years ago | (#40975135)

They will monitor the sudden increase in Iphone users..ofcourse they must be criminal.

Translation... (1)

ark1 (873448) | about 2 years ago | (#40975137)

iPhone is the most vulnerable phone out there. We hope all criminals will now use it.

Just ask Apple (2, Informative)

Anonymous Coward | about 2 years ago | (#40975141)

Just ask Apple the password they'll give it to you : http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

Apple Slogan: Insert here. (0)

Anonymous Coward | about 2 years ago | (#40975143)

Apple: Our phone might be secure, but our website sure isn't!

Just ask Apple to help (0)

Anonymous Coward | about 2 years ago | (#40975163)

I would be very surprised if Apple could not extract any information from any iDevice through some backdoor and/or physical access to the device itself. Therefore, the DOJ only has to ask Apple to "help", and when the government asks, big companies are likely to listen. This is just another case of security through obscurity; you should not trust anything you don't fully control.

Umm.. what? (5, Informative)

Vellmont (569020) | about 2 years ago | (#40975179)

5 minutes ago I knew nothing of Apples full disk encryption. Now I find an article that states:

The release of the iPhone 3GS (and later iPod Touch 3rd Generation) brought hardware-based full disk encryption (FDE) to the iPhone. This was designed to accomplish one thing: instantaneous remote wipe. While the iPhone 3G had to overwrite every bit in flash memory (sometimes taking several hours), disk wiping on the 3GS worked by simply erasing the 256-bit AES key used to encrypt the data.

Unfortunately, disk encryption on the iPhone did little beyond enabling remote wipe. Mobile forensicator Jonathan Zdziarski found that the iPhone OS automatically decrypts data when a request for data is made, effectively making the encryption worthless for protecting data.

http://anthonyvance.com/blog/forensics/ios4_data_protection/ [anthonyvance.com]

So I'd say I'm just VERY skeptical that the DOJ can't crack something that wasn't really designed with any security in mind in the first place. Either that, or the DOJ has nobody with any skills whatsoever.

Re:Umm.. what? (1)

bill_mcgonigle (4333) | about 2 years ago | (#40975253)

Either that, or the DOJ has nobody with any skills whatsoever.

Or they'd like criminals to believethat they can't pull data from an iPhone.

Re:Umm.. what? (0)

Anonymous Coward | about 2 years ago | (#40975433)

Last time I checked, the government can't lie. It can only deny.

Re:Umm.. what? (2)

jamstar7 (694492) | about 2 years ago | (#40975533)

Either that, or the DOJ has nobody with any skills whatsoever.

Or they'd like criminals to believethat they can't pull data from an iPhone.

Or, they're cops and they don't want to have to go through the bother of getting a warrant when the phone is 'obviously in plain sight and thus immune to the regular rules of search and siezure'.

Re:Umm.. what? (0)

medcalf (68293) | about 2 years ago | (#40975385)

So TFA says "iPhone security used to be terrible, but is now much better," and your response is basically, "No it's not: here's a 2 year old article that says that iPhone security is terrible." You haven't exactly disputed the article.

Re:Umm.. what? (0)

Anonymous Coward | about 2 years ago | (#40975431)

So I'd say I'm just VERY skeptical that the DOJ can't crack something that wasn't really designed with any security in mind in the first place.

That was an iOS 4 bug/misfeature, not a weakness in the hardware encryption.

Lawl Enforcement (0)

Anonymous Coward | about 2 years ago | (#40975185)

I find this story incredibly unlikely for some reason...

Translated: We have all the keys (0)

Anonymous Coward | about 2 years ago | (#40975225)

They are appealing to the crooks to use the platform since Apple gave them all the keys...

Nicely done, but lacking in subtlety. (4, Funny)

Minwee (522556) | about 2 years ago | (#40975261)

I look forward to Ovie Carroll's next few breathless announcements:

"Hooh, boy, that YouTube is soooo secure, a person could sign up for an account using their real name and home address, then post videos of them committing crimes online and law enforcement would never ever be able to track them! Honest!"

"You know where the safest place to hide stuff is? Underneath the welcome mat at 950 Pennsylvania Avenue, NW in Washington, DC. Really! We did a study and figured out that once that mat is pushed down on top of something, whether it's drugs, cash or big file folders full of industrial secrets, there's NO way that any one can get into it."

"My biggest nightmare is someone committing a crime, then emailing a detailed confession to ovie.carroll@usdoj.gov. Once something gets into those email tubes it's IMPOSSIBLE to get it back out and figure out what happened. Really. You can trust me. I'm with the government."

FIPS / Common Criteria (0)

Anonymous Coward | about 2 years ago | (#40975299)

I'll start really trusting iOS once Apple receives some Common Criteria certification. For the issues Blackberrys may have, RIM does at least take (data) security seriously:

http://us.blackberry.com/business/topics/security/certifications.html

Maybe iPhones are 'secure', and maybe they're not, but at the very least I'd like some third party checking. Considering that in March we had a story that said just the opposite, colour me skeptical:

http://apple.slashdot.org/story/12/03/27/212254/

A couple of points (1)

cynop (2023642) | about 2 years ago | (#40975303)

First of all TFA is about how difficult it is to grab plaintext from a whole-disk encrypted drive. From what i know, the iphone is NOT whole-disk encrypted.

Secondly, the same could be said about any android phone which employs whole-disk encryption.

Thirdly, this talk from BlackHat2012 seems like an interesting reading to acompany TFA https://viaforensics.com/mobile-security-category/blackhat2012-zdziarski-ios-application-hacking.html [viaforensics.com]

But more importantly than all of the above, i think it's naive to assume Apple doesn't have the master key for every iDevice. When the govermernt comes knocking, if you base your security to just the basics apple gives you, you're pretty much screwed.

Android is still more secure (1)

mshenrick (1874438) | about 2 years ago | (#40975367)

I hate to be that Android fanboy, but Android has full OS encryption, which is much harder to crack

its not clear to me that AES is the hard part... (1)

bloosqr (33593) | about 2 years ago | (#40975407)

I didn't draw this conclusion at all. From the actual article it states initially the drives weren't encrypted at all so the flash dump lead to completely accessible contents. Now the flash dump is encrypted but the key is in flash memory which is simply locked by a pin. Even with a fully AES encrypted drive, you can brute force that with the standard 4 digit pin in 15 minutes. The hard part is not working out the AES key the hard part is brute forcing the pin sitting in the front which leads to the AES key sitting in standard flash memory. Yes a longer pin takes longer (55 days for the 8 digit pin) but one can imagine emulating the entire flash dumped iphone in software and parallelizing that just to pull out the key from bruteforcing the pin..

-avi

a few things... (1)

CheshireDragon (1183095) | about 2 years ago | (#40975419)

I have a hard time believing that the DOJ can not crack the iPhone. They are either full of shit or actually telling the truth. I can only assume it is a little bit of both.
Have they not spoken with the hackers that discovered Jailbreaking? They are well known and can be reached rather easily.

Even though I own a few MacBook Pros, I have never wanted to own an 'i' product. However, if the DOJ is this fucking stupid then maybe an iPhone is in my future.

Easy (5, Funny)

Dcnjoe60 (682885) | about 2 years ago | (#40975423)

DOJ Says iPhone Is So Secure They Can't Crack It

I dropped mine off the balcony to the pavement below. It seems that it is very easy to crack an iPhone.

Re:Easy (1)

CheshireDragon (1183095) | about 2 years ago | (#40975541)

no need for a balcony. A loose hand holding and 3ft will suffice just fine.

Can't crack an iPhone... (2, Funny)

fustakrakich (1673220) | about 2 years ago | (#40975451)

Now that's funny. I can shatter mine.

Its a trap! (1)

flyingfsck (986395) | about 2 years ago | (#40975463)

The DOJ wants crooks to rush out and buy iPhones instead of Android phones, so that they can track and eavesdrop on them.

Translation (1)

JDG1980 (2438906) | about 2 years ago | (#40975499)

In other words, AES-256 encryption is still secure. This shouldn't really come as a surprise to anyone.

They're taking the wrong approach. (1)

kelemvor4 (1980226) | about 2 years ago | (#40975565)

No need to hack an iphone in order to get a users data if you are law enforcement. A subpoena (or perhaps even less than that) would get you all the information you need from apple's iCloud. I said "perhaps even less than that" because there's been numerous articles over the last few years highlighting the fact that your data stored in a third parties' datacenter is not protected by your civil rights.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>