Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Apple Can Extract Texts, Photos, Contacts From Locked iPhones

timothy posted about 6 months ago | from the as-a-public-service dept.

Iphone 202

Trailrunner7 (1100399) writes "If law enforcement gets hold of your locked iPhone and has some interest in its contents, Apple can pull all kinds of content from the device, including texts, contacts, photos and videos, call history and audio recordings. The company said in a new document that provides guidance for law enforcement agencies on the kinds of information Apple can provide and what methods can be used to obtain it that if served with a search warrant, officials will help law enforcement agents extract specific application-specific data from a locked iOS device. However, that data appears to be limited to information related to Apple apps, such as iMessage, the contacts and the camera. Email contents and calendar data can't be extracted, the company said in the guidelines."

Sorry! There are no comments related to the filter you selected.

alt: guys who built iphone know how it works. (0, Flamebait)

NemoinSpace (1118137) | about 6 months ago | (#46950195)

MS on the other hand, really don't know how to build a filemanager for their phone, so they gave up.

Re:alt: guys who built iphone know how it works. (2)

killfixx (148785) | about 6 months ago | (#46950259)

There's a built in file manager for the iphone?

Weird... Had no idea...

Re:alt: guys who built iphone know how it works. (3, Interesting)

NemoinSpace (1118137) | about 6 months ago | (#46950599)

Sorry, I was too brief. Apple doesn't include a file manager because thy want to try to control the experience. (Bad enough). MS doesn't include a file manager because they can't do it without totally destroying security on the device. At least that is their official story. I think the real answer is much worse.

Re:alt: guys who built iphone know how it works. (1)

Anonymous Coward | about 6 months ago | (#46950833)

http://www.reddit.com/r/windowsphone/comments/24jtcy/hi_im_joe_belfiore_from_the_windows_phone_team_ama/ch7vbb4 [reddit.com]

"We are doing a File Manager for WP8.1! I know a LOT of you are looking for this (thanks for the tweets, I've read them all). In fact, I've been running a build of it on two of my phones for the last week or so and it's getting to pretty good shape.

Here's what it looks like: http://imgur.com/a/hvqGD#nRuOFXp [imgur.com]

We are expecting to get it into the store HOPEFULLY by the end of May."

Re:alt: guys who built iphone know how it works. (-1)

Anonymous Coward | about 6 months ago | (#46951189)

Shhhh....if you don't worship Apple and hate MS you're an idiot remember? Remember???

Re:alt: guys who built iphone know how it works. (2)

tapspace (2368622) | about 6 months ago | (#46950385)

https://support.apple.com/kb/h... [apple.com]

If passcode-protected whole phone encryption is enabled, no one should be able to access that without the key. I guess they know how it works more than I do. They've even redefined encryption. It's "encrypted" just like everything else these days. I guess it's still technically encrypted even if everyone has a key.

Re:alt: guys who built iphone know how it works. (1)

Lumpy (12016) | about 6 months ago | (#46950569)

All phones probably use the same salt so it's a backdoor it also means that someone out there will find that backdoor.

Re:alt: guys who built iphone know how it works. (1)

alvinrod (889928) | about 6 months ago | (#46950727)

My understanding has been that they are capable of bypassing the OS restriction on unsuccessful login attempts before the phone's data is wiped. Since most people just use a 4-digit pin, it wouldn't take very long to brute force even if they don't know what the salt is.

Re:alt: guys who built iphone know how it works. (2)

Noah Haders (3621429) | about 6 months ago | (#46950795)

there's no back door. Apple's iCloud syncs some information across all devices. For ex if I take a photo with my iphone it automatically syncs with my ipad and my macbook. obv the photo must be uploaded from the phone and live on an apple server somewhere, so it's vulnerable to supoena.

in other news, apple will begin notifying users of supoena requests LINK [macrumors.com]

Re:alt: guys who built iphone know how it works. (4, Informative)

kthreadd (1558445) | about 6 months ago | (#46950979)

https://support.apple.com/kb/h... [apple.com]

If passcode-protected whole phone encryption is enabled, no one should be able to access that without the key. I guess they know how it works more than I do. They've even redefined encryption. It's "encrypted" just like everything else these days. I guess it's still technically encrypted even if everyone has a key.

Not everything is encrypted. According to the guidelines:

Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media.

So, data can only be extracted if it is not encrypted. Sounds reasonable. Of course it would be better if everything was encrypted.

Re:alt: guys who built iphone know how it works. (1)

tapspace (2368622) | about 6 months ago | (#46951377)

Every iOS device has a dedicated AES 256-bit crypto engine built in that is used to encrypt all data on the device at all times. In addition, the iOS Cryptographic Modules have been granted FIPS 140-2 compliance by the U.S. federal government on devices running iOS 6.

Emphasis mine. Sounds like doublespeak to me.

Re:alt: guys who built iphone know how it works. (1, Flamebait)

ackthpt (218170) | about 6 months ago | (#46950555)

MS on the other hand, really don't know how to build a filemanager for their phone, so they gave up.

I'm honestly surprised when someone on MSDN knows the precise reason something works or does not, their own code probably looks like muck to them, too. Keep going through these exercises of "try this..."

OT - I'm not surprised. Is anyone surprise? Apple is the private sector equivalent to the NSA.

Re:alt: guys who built iphone know how it works. (1, Troll)

Noah Haders (3621429) | about 6 months ago | (#46950821)

Apple is the private sector equivalent to the NSA.

any support for this argument? goog and fb are the ones sucking up and sorting through everybody's info. how is apple the bad guy here? they've gone to great lengths to limit govt intrusion and even notify people when the govt serves a warrant on their accounts [macrumors.com] .

Re:alt: guys who built iphone know how it works. (0)

Anonymous Coward | about 6 months ago | (#46951005)

We don't have the source code to the iOS so we can't know, and thus have to assume the worse.

Google and Facebook are also evil.

Re:alt: guys who built iphone know how it works. (0)

Anonymous Coward | about 6 months ago | (#46951599)

You don't have the source code to Facebook, or google search either. So it seems a lot like all three are equally bad in that regard. Meanwhile Google and Facebook say outright that they are collecting your data and sharing it with as many people as they can get to pay for it. Apple on the other hand is sharing it only with law enforcement, and only when a court tells them to do so, and only once they've notified you that they've been ordered to by a court. Sorry, but I don't see how this makes Apple the bad guy here.

So... cloud access? (5, Insightful)

Kenja (541830) | about 6 months ago | (#46950215)

All the things listed, are synced to the iCloud. Sounds to me like they are not accessing the phone, but the contents of the cloud server, which have push/pull access to selected apps. Wonder if this is true if you disable cloud access or simply don't sign into it.

Re:So... cloud access? (4, Informative)

Number42 (3443229) | about 6 months ago | (#46950261)

TFA says that the data can only be accessed at the company HQ, so no, it seems that they are referring to local data that is unencrypted. It also states that they can access some data in the iCloud, too.

Re:So... cloud access? (0)

Anonymous Coward | about 6 months ago | (#46950355)

"the contacts and the camera. Email contents and calendar data can't be extracted, the company said in the guidelines."

They are saving those features for a future release

Re:So... cloud access? (4, Informative)

Sockatume (732728) | about 6 months ago | (#46950299)

Apparently not. It sounds like they're limited to whatever applications are currently running though:

Upon receipt of a valid search warrant, Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.

Re:So... cloud access? (2)

swb (14022) | about 6 months ago | (#46950537)

So what exactly constitutes a "user generated active file"? Some kind of temp file kept open as long as an app is "open"? And what does "open" mean, really? Shows up when you double-click the home button? Many of those apps aren't really running, if you switch to them most seem to revert to cold-start behavior.

It makes me wonder if there's a paranoia step a person could take before entering a known security zone, like force-quitting the native apps in question, or whether powering the device off does this (which I always do anyway when dealing with a security checkpoint).

Re:So... cloud access? (4, Insightful)

VortexCortex (1117377) | about 6 months ago | (#46950731)

So what exactly constitutes a "user generated active file"? Some kind of temp file kept open as long as an app is "open"? And what does "open" mean, really?

Look at the source code and see. Oh, right. Never mind, it's proprietary and thus 4200% fucked.

Add this question to your list: How do you even trust them to be telling the truth with national security gag letters now standard?

Re:So... cloud access? (4, Informative)

swb (14022) | about 6 months ago | (#46950861)

Look at the source code and see.

Even if I had the source code, it wouldn't do me personally any good as I couldn't grok what it did just from reading it. It would do me as much good as it did 99.99% of OpenSSL users.

Gag letters prohibit what they can say, they don't require them to make false statements of fact. You might make the argument that they could in fact be strong-armed through some extralegal method of making false statements of fact to engender false confidence in potential targets of spying, but that's getting a little into tinfoil hat territory.

In fact, I think an Apple statement of what little they can extract is pretty good and serves as a kind of interesting statement on what they believe is recoverable. It doesn't include third-party techniques or equipment that you might find in an NSA laboratory, but I don't know that Apple makes that kind of penetration test of their own devices.

Re:So... cloud access? (3, Insightful)

BasilBrush (643681) | about 6 months ago | (#46951283)

It would do me as much good as it did 99.99% of OpenSSL users.

Actually 100% of OpenSSL users, for several years.

Re:So... cloud access? (1)

blueg3 (192743) | about 6 months ago | (#46950753)

The appropriate paranoid step is enabling encryption. Then, turn off your phone if you suspect it may be taken from you.

Re:So... cloud access? (1)

swb (14022) | about 6 months ago | (#46951013)

I've had encryption enabled since it became available.

Re:So... cloud access? (1)

BasilBrush (643681) | about 6 months ago | (#46951343)

So what exactly constitutes a "user generated active file"?

From the document: "Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data."

It's things that no phone tends to encrypt.

Re:So... cloud access? (4, Interesting)

Anubis IV (1279820) | about 6 months ago | (#46950407)

If you read Apple's document [apple.com] , they make it pretty clear in Section I that they're talking about extracting data from an iOS 4 or later iOS device that is passcode locked and in good working order. Besides which, not all of that data goes through iCloud (e.g. call history, audio recordings (unless you're backing them up), etc.).

Moreover, they've detailed the security of their iCloud offerings before, and what I noticed immediately is that while SMS texts can be extracted according to this document, iMessages are not listed, suggesting this isn't just an iCloud backdoor. Likewise, if they were able to access your iCloud stuff, they'd have access to a whole lot more, such as calendar events, e-mails, and any third-party data you had backed up using iCloud Backup.

Hey! (0)

Anonymous Coward | about 6 months ago | (#46950217)

Those are my freedoms you're browsing through!

Re:Hey! (1)

Anonymous Coward | about 6 months ago | (#46950381)

if served with a search warrant

Nothing to see here.

News? (0)

Anonymous Coward | about 6 months ago | (#46950219)

Is anyone surprised?

It's not a bricked phone we're talking about, it's just locked. It can be unlocked, where is the news in this?

Re:News? (2)

LaughingVulcan (3511853) | about 6 months ago | (#46950287)

The news is the Apple has received enough LEA requests for information that they've put together guidelines as a pre-emptive against being bothered about things they can't do.

I suppose we could be heartened that it specifically states upon receiving a warrant thus-and-such are available? Until a three-letter agency gives them a Sekrit Not-A-Warrant Order requiring the information. And that, Government, is the whirlwind you reap when you play fast and loose with the Constitution - there should be no trust of you, ever.

Re:News? (0)

Anonymous Coward | about 6 months ago | (#46950309)

Because the contents are supposed to be encrypted. This means that a 3rd party should not be able to read data of the flash chip.

Re:News? (3, Insightful)

Sockatume (732728) | about 6 months ago | (#46950379)

The page states that they can only access information which is not encrypted, and is "active", whatever that means. Reading between the lines, it seems they can get at information that's currently in RAM.

Re:News? (2)

blueg3 (192743) | about 6 months ago | (#46950743)

To my knowledge, Apple doesn't do RAM access. Some law-enforcement forensic analysts might, but I don't know of iOS RAM-capture tools that actually work. The whole field is poorly-understood.

"Active" here almost certainly means "not deleted". LE analysts usually ask if you can access deleted data.

The story here is that Apple can unlock and access the files on an unencrypted iPhone. That shouldn't come as a surprise to anyone. You can do that without Apple's help, and you can do it to unencrypted Android phones, unencrypted hard drives, and pretty much any unencrypted data-storing device you have physical access to.

Re: News? (0)

Anonymous Coward | about 6 months ago | (#46950409)

It is encrypted, and this is not a third party.

Their methods for unlocking the phone are not detailed. You are assuming they are decrypting with some master key as opposed to a more brute force method, which they might only be able to achieve.

Hmmm some artful Apple misdirection (2)

bazmail (764941) | about 6 months ago | (#46950243)

How about google, hotmail, facebook etc passwords from Safari's settings? Thats what law enforcement always look for. That is cop gold right there. Who gives a crap about the data in the calendar app, thats all hosted on apples cloud anyway.

Re:Hmmm some artful Apple misdirection (1)

RyuuzakiTetsuya (195424) | about 6 months ago | (#46950331)

Keychain's encrypted. So I'm guessing no, but it could be back doored.

Re:Hmmm some artful Apple misdirection (1)

Number42 (3443229) | about 6 months ago | (#46950333)

Those passwords are encrypted using the phone's UID (which can't be accessed directly), and their backups in the iCloud are presumably highly encrypted too. According to TFA, however, the types of data law enforcement would be able to access in the iCloud don't seem to cover the iCloud Keychain, so those would be safe. Plus, the Calendar app also interfaces with Google Calendar, etc. depending on the account.

Re:Hmmm some artful Apple misdirection (1)

jones_supa (887896) | about 6 months ago | (#46950363)

Wouldn't law enforcement just require the account usernames and then get the data from the respective service providers with a warrant? Sounds a bit unprofessional that they would go logging in to the accounts by themselves.

Re:Hmmm some artful Apple misdirection (4, Interesting)

Charliemopps (1157495) | about 6 months ago | (#46950887)

Wouldn't law enforcement just require the account usernames and then get the data from the respective service providers with a warrant? Sounds a bit unprofessional that they would go logging in to the accounts by themselves.

You've never been in court have you?

The primary legal argument in most cases in this country are: "Well we're the police we can do that. Constitution? Sure you could appeal this but the fines $500, you're legal fees on appeal would be at least $5000... tell you what, pay the fine and we expunge the charges in 6 months!"

Yes, this has happened to me. I even got a ticket once for "unlawful use of horn" when I honked at a guy that almost hit me. But he was the cops uncle (cop told me this) he then proceeded to tell me "Sure this would get thrown out of court, but I get paid to go to court. You don't. I can give you a ticket every day you drive through here. How long would you keep your job? Now how about you stop being a jerk and honking at old people?" I called the police station later and spoke with the guys boss who laughed at me and said his officer told him "Some jerk will be calling you..."

The police only follow proper procedure and what-not when they think the case is big enough that it'll mater... i.e. you're going to jail and they know you'll fight tooth and nail. Otherwise they just search illegally, bully and batter people, contaminate evidence (if they even bother to collect any) and then slap a fine on you. If the fines aren't over a couple of thousand and there's no jail involved, its almost always in your financial best interest to just roll over and take it. In the few cases where the person doesn't? They don't care, 100 other people got arrested on the same day.

Re:Hmmm some artful Apple misdirection (0)

Anonymous Coward | about 6 months ago | (#46951631)

This guy thinks his story makes the cops look bad.

Because it does. (0)

Anonymous Coward | about 6 months ago | (#46952001)

Because it does.

Re:Hmmm some artful Apple misdirection (1)

fermion (181285) | about 6 months ago | (#46950657)

And here is the question. Is it accessing the phone, in which case a remote wipe can protect the citizen from a warrent, or is it accessing the 'cloud' in which case the courts have ruled that because you have shared the information with a third party, i.e. your service provider, the privacy of the data is much more limited.

I don't have as much issue with this kind of police state antics as some other things because these kind of communications just don't seem to have as much expatiation of privacy. Like when people take naked picutres of themselves or of them having sex, and then being shocked when the ex-lover posts them or they get leaked, like WTF. Yes, it is a violation of trust, but that is why we used to take our nakes using Polaroid and not film. There used to be some common sense. It is why we bitch over the phone or in anonymous postcards, not writing letters detailing our crimes and misdemeanors.

The lesson here is don't put your hitman in your contact list, don't film yourself committing a burglary, and don't keep a burner for each of the jealous lovers.

Re:Hmmm some artful Apple misdirection (4, Interesting)

Penguinisto (415985) | about 6 months ago | (#46950715)

How about google, hotmail, facebook etc passwords from Safari's settings? Thats what law enforcement always look for. That is cop gold right there.

No, that is prosecutor cyanide. Cops do not generally log in with the user's credentials, because it poisons the evidence gained from that site. Any competent defense attorney could get the subsequent evidence found that way thrown out almost immediately ("So, officer, you logged in as the user and acted on his behalf in the website? How do we know that you and your cohorts didn't plant the evidence yourself? Tainted evidence, yerhonor!")

Easier to get a warrant, have the provider give you the data. That way you can have a valid chain of custody, proof that there was no impersonation by cops or prosecutor, and absolutely no chance of any claims being valid that questions the veracity and integrity of the evidence found. Hell, even in those few cases where a user/pass is used, both prosecution and defense attorneys are present during its use (and depending on locate, a clerk of the court) - the defense (and clerk) are there to keep 'em honest.

Re:Hmmm some artful Apple misdirection (1)

BasilBrush (643681) | about 6 months ago | (#46951403)

How about google, hotmail, facebook etc passwords from Safari's settings?

No, they can't extract those.

Who gives a crap about the data in the calendar app, thats all hosted on apples cloud anyway.

Well it might be. If the user chose to set up an iCloud account, and hasn't deleted the data since. In every other case it's unavailable. It can't be extracted from the phone.

Once again, Apple iOS security is a sham (1, Insightful)

Anonymous Coward | about 6 months ago | (#46950253)

If you want real, audited & certified security, get a blackberry.

Based on sales for the last few years, it looks like the market just doesn't care about security. As people put more & more of their life on their phone, you might think people would care.

Sad.

Re:Once again, Apple iOS security is a sham (-1)

Opportunist (166417) | about 6 months ago | (#46950433)

Blackberry... wasn't that the company that sends all your mail and everything you ever communicate through their servers?

Yeah, that sounds like nothing that could possibly be abused.

Re:Once again, Apple iOS security is a sham (2, Informative)

Anonymous Coward | about 6 months ago | (#46951039)

Blackberry... wasn't that the company that sends all your mail and everything you ever communicate through their servers?

You don't understand how blackberries work.

Yes, they send your data though their servers, in the same way that your data goes through your cell phone company.

BUT, with a blackberry enterprise server, Blackberry does NOT have the decryption keys. That is the relevant point - even if Blackberry wants to hand over information to law enforcement, Blackberry isn't able to decrypt the data.

Blackberries were designed by intelligent people who understand security.

Re: Once again, Apple iOS security is a sham (0)

Anonymous Coward | about 6 months ago | (#46951323)

Yes but how effective or feasible for it for someone to have a home bes server?

Re:Once again, Apple iOS security is a sham (1)

BasilBrush (643681) | about 6 months ago | (#46951507)

Blackberry's BBM message facility is the most secure in the business. Which is why Blackberry's are the criminal's first choice of phone. I'm not just saying that, the London looting "riots" of a few years ago were organised by criminal gangs and they used BBM to do it.

Apple's pretty secure though. If you want to see a real sham, look to Android - remove the SSD from most Androids, and you have all the user data right there, unencrypted. Users have to take active steps to encrypt stuff. And how many do that?

Duh (1)

Anonymous Coward | about 6 months ago | (#46950303)

Ah, I can do this also. It was helpful during my divorce. If the device is locked the encrypted data is unreadable without a recovery key. The encrypted is still accessible if you can get to it. (through jailbreaks, exploitable boot-loader, or physically reading the ram chips.)

Mod parent up (3, Informative)

OneAhead (1495535) | about 6 months ago | (#46950609)

The AC nailed it; this is an utter non-story. Last time I checked, locking an iPhone does not enable full -disk encryption. Raise your hand if you thought the iPhone contains some magical Steve Jobs fart that would prevent someone with hardware access (leave alone Apple with hardware access!) from ripping the unencryped data (which, in a default setup, is essentially everything except [luxsci.com] your e-mail [zdziarski.com] ) from the flash chips. And yes, hardware access is necessary even if it isn't explicilty stated in the summary. Anyhow, those that did raise their hands earlier, please hand in your geek card and don't let the door hit you in the ass on the way out.

Seconded. Mod non-A/C parent up. (1)

mmell (832646) | about 6 months ago | (#46951351)

I was thinking about the FROST attack against Android devices. Sounds like something similar here - lower the temperature enough to get the phone to reveal its encryption key in RAM, then just read the key off the RAM chips. Now you have the key to decrypt all of that lovely cloud data yon LEO has been after.

Re:Mod parent up (1)

crdotson (224356) | about 6 months ago | (#46951867)

Here is the fart you requested.

http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf

Re:Mod parent up (1)

BasilBrush (643681) | about 6 months ago | (#46951903)

Raise your hand if you thought the iPhone contains some magical Steve Jobs fart that would prevent someone with hardware access (leave alone Apple with hardware access!) from ripping the unencryped data (which, in a default setup, is essentially everything except your e-mail) from the flash chips.

*RAISES HAND*

From iOS 4 onwards, all disk data is encrypted if you have set a passcode. Hardware access to the flash chips won't help you.

And the only people that don't set a passcode are people that don't care about security. Without a passcode Law enforcement don't need Apple's help. They just open the app and read the data.

And yes, hardware access is necessary even if it isn't explicilty stated in the summary. Anyhow, those that did raise their hands earlier, please hand in your geek card and don't let the door hit you in the ass on the way out.

Either you are badly misstating what you believe, or you already lost your geek card.

This isn't surprizing (0)

Anonymous Coward | about 6 months ago | (#46950341)

It's their phone after all.

Another "threat post" blog entry. (5, Insightful)

Bill_the_Engineer (772575) | about 6 months ago | (#46950347)

How much is threat post paying timothy to drive up their traffic with these half ass stories?

The summary fails to mention that the phone must be in their possession and the both the phone and the search warrant must be delivered to Apple's headquarters which is the only place Apple will perform the extraction.

If anything I applaud Apple for both publicly disclosing their policy for dealing with law enforcement and requiring a search warrant with more detail than "suspect's phone". They require the model number, phone number, serial of IEMI number and FCC ID number.

Well... (0)

Anonymous Coward | about 6 months ago | (#46950635)

If Apple can get at it, that means anyone can get at it.

Maybe not anyone (3, Informative)

Anonymous Coward | about 6 months ago | (#46950837)

At least not trivial task. Per the iOS Security white paper:

"The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption opera- tions performed using them. The UID is unique to each device and is not recorded by Apple or any of its suppliers. The GID is common to all processors in a class of devices (for example, all devices using the Apple A5 chip), and is used as an additional level of protection when delivering system software during installation and restore. Burning these keys into the silicon prevents them from being tampered with or bypassed, and guarantees that they can be accessed only by the AES engine."

Hence, needing some specialized equipment, ergo, ship to 1 Infinite Loop to get the data.

I concur (1)

Zeorge (1954266) | about 6 months ago | (#46950659)

If all companies would detail how they deal with LEA's then everyone would be the wiser. And, if it's as simple and direct as this, even better. This is about the same as a search warrant for a private container (which might be how a phone is seen in court). I really like this approach via Apple, they'll have LEA but only if there is a valid and legal reason. Not just witch hunting or easter egging.

Pro Tip: (1)

Zanadou (1043400) | about 6 months ago | (#46950353)

Whoever owns the system, owns the system.

Re:Pro Tip: (3, Insightful)

VortexCortex (1117377) | about 6 months ago | (#46950763)

Got Root?

If the answer was ever anything other than "Yes" then you don't own shit.

Re:Pro Tip: (2)

BasilBrush (643681) | about 6 months ago | (#46951585)

Are you saying I don't really own my (Linux powered) Garmin GPS and my Nintendo Wii? They sure seem like mine. If I sell them I get the money.

Or is this one of those Stallman "political correctness" things?

Re:Pro Tip: (1)

mmell (832646) | about 6 months ago | (#46951369)

...and physical possession is ownership (or nine tenths of it, which is good enough for the Law).

Well, duh (1)

greenwow (3635575) | about 6 months ago | (#46950387)

Considering I was able to get password for an app (stored plain text in a plist file) off of a locked iPhone in less than ten minutes using iExplorer for OSX, I wouldn't doubt it.

RMS was right. (0)

nimbius (983462) | about 6 months ago | (#46950397)

modern technotopia devices leak data like a sieve and at so much as a passing interest, their providers will gladly ferry away any and all data youve entered into them directly into the hands of advertisers and government security agencies. It is, as RMS said, Stalins dream come true.

iMessage? (3, Informative)

kurowski (11243) | about 6 months ago | (#46950427)

"iMessage" is a message transport. The app is "Messages". The document from Apple specifically says "SMS": it does not mention either Messages or iMessage. While it's possible that Apple leaves iMessages unencrypted on the device, it would be surprising given how much trouble they go through to protect then in transit. So while this document doesn't explicitly say iMessages are safe, it also doesn't say they're vulnerable.

Re: iMessage? (0)

Anonymous Coward | about 6 months ago | (#46950511)

It makes it clear that iOS is unsafe.

Re:iMessage? (2)

BasilBrush (643681) | about 6 months ago | (#46951633)

You;re right. The only mention in the document of either "iMessages" or "messages" is:

"Apple cannot intercept usersâ(TM) iMessage or FaceTime communications as these communications are end-to-end encrypted."

As this is a document saying what Apple CAN get with a warrant, clearly iMessages can't be.

"Law Enforcement" doing their damnedest to kill (0)

Anonymous Coward | about 6 months ago | (#46950429)

"Law Enforcement" is doing their damnedest to kill the future of personal technology.

Re:"Law Enforcement" doing their damnedest to kill (1)

pedrop357 (681672) | about 6 months ago | (#46950491)

Sort of like they've been doing with cash.

Give it a few years, maybe a decade, and people who don't regularly use a smartphone/messaging system to interact and/or exchange paper notes will be viewed as highly suspicious.

s/kill/control (1)

mmell (832646) | about 6 months ago | (#46951391)

Why would they want to kill the future of personal technology, when there's so much in there for law enforcement?

Can't they just push a 'dump' app to the phone? (1)

pedrop357 (681672) | about 6 months ago | (#46950443)

Given that Apple, like Google, can push apps to the phone, what's to stop them from just pushing a custom app that just copies everything to a designated place?

Re:Can't they just push a 'dump' app to the phone? (1)

BasilBrush (643681) | about 6 months ago | (#46951649)

Given that Apple, like Google, can push apps to the phone

Apple can't. Can Google?

Therefore (0)

Anonymous Coward | about 6 months ago | (#46950453)

When the police knock throw your phone in the toilet with it on to short it out. Then call insurance claim in after you do your 50 years in jail lol..

Re:Therefore (1)

mmell (832646) | about 6 months ago | (#46951455)

It takes more than that to wipe the data. Look at the specs for military secure communication equipment - you need a mechanism to actively destroy all data present in the event of any detected tampering. It'd be nice if that mechanism were proof against accidental implementation, yet robust enough to prevent intentional intrusion.

Military grade technology will cost military grade bucks and will not be made generally available to the public. It will certainly not be made available for import/export on any civilian market you or I have access to.

This doesn't say much about Apple in fact. (1)

foxx1337 (1292800) | about 6 months ago | (#46950483)

Taking apart an iPhone 4(S) is fairly straightforward and the various connectors on the boards inside appear to be pretty much "standard". The various flavors of 5 shouldn't be too far off. I would expect some levels of the law enforcement to even have the know-how and equipment to connect to those ports and access an iPhone's internals beyond the device's standard operation - and I don't think it's anything wrong with that. By the user experience it seems that the iPhone's memory is not scrambled.
Assuming anyone would use that, at least we can hope now that such an expensive phone will still be functional when the process is done.

I wouldn't trust them (1)

koan (80826) | about 6 months ago | (#46950495)

It's been known for a while that their "Filevault" has a corporate key (allegedly for employees but wouldn't it work for anyone?) to unlock it.
Of course if you're a smart criminal you aren't using this sort of tech or if you are you have a second level of protection.

Considering the timing of the Apple "bugs" such as the SSL fiasco why would anyone think they are protected in any way while using using Apple gear?
http://www.dailymail.co.uk/sci... [dailymail.co.uk]

http://daringfireball.net/2014... [daringfireball.net]

Re:I wouldn't trust them (1)

gnasher719 (869701) | about 6 months ago | (#46951087)

It's been known for a while that their "Filevault" has a corporate key (allegedly for employees but wouldn't it work for anyone?) to unlock it.

Oh my god. When you turn Filevault on, it displays a 20 digit hex string which you can write on a piece of paper, hide in your cupboard, and use to decrypt the hard drive if you forgot the password. Alternatively, in an enterprise setting, where your Mac is under company control, that same 20 digit hex string can be sent to your company, so they can decrypt your drive if you unexpectedly leave the company. And third alternative, you can enter three security questions + answers, the same 20 digit hex string is encrypted with the answers, and sent to Apple with that encryption. You need the exact answers to get your 20 digit hex string back.

Enterprise (0)

Anonymous Coward | about 6 months ago | (#46951457)

And in the enterprise setting, your local admin can set a company-wide key and propagate that to all Macs. There's a tech-note (too lazy to look it up again) on Apple's website explaining how to set and which files to copy from "master" to all other machines.

Re:I wouldn't trust them (1)

Noah Haders (3621429) | about 6 months ago | (#46951249)

ssl bugs like heartbleed? ohyeahright apple was immune to heartbleed because they fixed it years ago across all their products and services.

The actual article (5, Informative)

rabtech (223758) | about 6 months ago | (#46950497)

Hey, let's link to the actual document in question! What a novel concept!

http://www.apple.com/legal/mor... [apple.com]

Good news:

- Apple cannot track a phone via GPS, nor forcibly enable Find My Friends/Find my iPhone

- Apple cannot monitor FaceTime or iMessage conversations since they are end-to-end encrypted

- Apple cannot provide third-party app data that is encrypted since the files are encrypted with the user's passcode.

- It appears if the user does a remote wipe before law enforcement can get a warrant and ship the phone to Apple (or fly it there), then there is nothing that can be done. I wonder if they power up the device in an anechoic chamber so it can't receive the remote wipe signal? I would guess no because most people aren't smart enough to do an immediate wipe.

- We already knew the only trick they have as far as encrypted files goes is a custom firmware that bypasses the max attempt auto-erase and rate limit feature, so it can attempt to brute-force passcodes quickly. However it requires the attempt be made on-device, since the keys are stored in the secure storage with no facility to get them off-device. So even a moderately complex passcode is effectively unbreakable, let alone a good strong password.

Questionable:

- user generated active files (this is what SMS/call logs/photos/etc are listed under). Normally if a device is powered off and rebooted, I was under the impression that these things were not available because the files are encrypted. It seems that iMessage is at least encrypted here, but I would be curious to find out what the situation is. Everything except photos, videos, and recordings is a moot point because you can get stuff like SMS history and call logs from the carrier anyway so those are the only ones I'd be concerned about.

There are some definite good points here - Apple has chosen not to build themselves backdoors or workarounds, presumably because they can't be ordered to disclose information they don't have access to... same reason they built iMessage the way they did. A court would have to order them to refactor their software before it could order them to intercept messages, and at least in the US there is no precedent or law that can compel them to do so.

However I would expect the âoeuser generated active filesâ to be encrypted after a device reboot until the passcode is entered. If that is not the case, Apple should fix it pronto.

I would also expect Apple to refactor the storage of those things to be segmented, given the NSA revelations and increasingly authoritarian behavior of law enforcement; for example, photos pending background upload could be kept unencrypted, but once uploaded they should be rewritten as encrypted so they require the passcode to access. They already have the ephemeral key tech and per-file key support so you can generate a key for the unencrypted file while the device is unlocked, then toss the passcode key when the device locks and only hold onto the file key until the upload is finished, then toss it. Thus no risk to the main key but you can still encrypt the file in the background.

I won't bother discussing Android phones - they are almost all trivial to break and access all the user's data, when people like Samsung aren't coding back doors directly into the firmware.

Surprised? (1)

Ravaldy (2621787) | about 6 months ago | (#46950571)

If at this point people are still surprised that this is possible then they are just naïve. Privacy in public forums (internet being the biggest forum of all) is not possible in this current age. Other than my personal information I don't care what people know or get from me. Some people have a dark past and don't want information to leak but I honestly have nothing to hide so I don't care.

Think of it this way: We are all Truman in the Truman show. The public is watching and so are the officials. Crooks will be caught and honest people LOLd if dumb moments make it online...

Re:Surprised? (1)

DigitAl56K (805623) | about 6 months ago | (#46950823)

No, think of it this way: You don't understand what is and is not a "public forum". The "texts, contacts, photos and videos, call history and audio recordings" stored on your personal phone are not accessible in a "public forum", and Apple is somehow (allegedly) pulling these things from your device remotely (heaven knows why the security model even allows this to happen) at the behest of law enforcement.

Other than my personal information I don't care what people know or get from me.

What if people knew you were an idiot? Congrats, you just displayed it in a public forum.

Re:Surprised? (1)

gnasher719 (869701) | about 6 months ago | (#46950999)

No, think of it this way: You don't understand what is and is not a "public forum". The "texts, contacts, photos and videos, call history and audio recordings" stored on your personal phone are not accessible in a "public forum", and Apple is somehow (allegedly) pulling these things from your device remotely (heaven knows why the security model even allows this to happen) at the behest of law enforcement.

The whole thing and how it works has been well-documented for a long time.

First, an iOS device's flash storage is always encrypted. The encryption is basically unbreakable. But obviously, the iPhone can still read it. That's because you enter your passcode, and that passcode is used to unlock the data.

The bit of code where you enter your passcode is written and signed by Apple. Only code that is cryptographically signed by Apple is capable of checking a passcode and with the right passcode giving access to the flash drive. And Apple's code that you have installed on your iOS device has features like erasing the drive when you enter the wrong code too often, requiring longer and longer delays between attempts, and so on. So a policeman taking away your phone can try a few times to unlock it, but most likely this doesn't work.

Apple, and nobody else, can write code that tries more passcodes and sign it with Apple's key, which is required for it to work. The passcode checking algorithm is designed to take about 1/10th of a second. So if Apple has your phone, and a search warrant, they can check passcodes at a rate of ten per second.

Without the phone physically there, or with a broken phone, there is no way. If the data has been erased, no way. Removing the flash drive from the phone, no way. Imagine a switch where any delays in the passcode checking is turned off, and a robot hand capable of entering ten keys per second. That's about what Apple can do. 8 digits + letters is uncrackable.

Re:Surprised? (1)

tlhIngan (30335) | about 6 months ago | (#46951795)

Apple is somehow (allegedly) pulling these things from your device remotely (heaven knows why the security model even allows this to happen) at the behest of law enforcement.

Not remotely, unless your definition has changed to "using some other computer hooked up to it".

Apple needs to be in physical possession of the suspect device, AND said device needs to be delivered with warrant simultaneously.

Likely this means the phone needs to be hooked up to a special test rig to actually work.

Older iPhones and other phones often have special download rigs that police can have and they use over USB to extract data, but later ones only Apple can retrieve data from. With physical possession. And that hasn't been remotely wiped. And with a warrant.

It's actually kind of refreshing that Apple details what it can and cannot retrieve and the conditions for it publicly

data thieves!!! (0)

FudRucker (866063) | about 6 months ago | (#46950665)

i wonder how much data did Apple steal to give to their cronies and partners for profit

closed-source shitheads (0)

AndyKron (937105) | about 6 months ago | (#46950723)

And I STILL don't own any Apple products, because I've always thought they were closed-source shitheads. I guess they're way more than that after all.

Re:closed-source shitheads (1)

BasilBrush (643681) | about 6 months ago | (#46951719)

Clearly the intelligencia is backing open-source these days...

EaseUS Mobisaver Freecan download that stuff...Duh (4, Interesting)

DanSSJ4 (1693476) | about 6 months ago | (#46950931)

I just did this on a locked iPhone i Found Yesterday to try to identify the owner.

It was locked from too many bad PIN's entered and I was able to access Photos, Call Log, TXT Messages, etc.

Didn't give me access to every single thing on the phone, but that is still a lot considering this is a shareware limited app anyone can download.

There are more advanced Forensic programs that are available, but they can get more pricey.

But if anyone with google can find a shareware app, what hope to you have against the government with all their money and resources.

http://www.easeus.com/mobile-t... [easeus.com]

Re:EaseUS Mobisaver Freecan download that stuff... (2)

BasilBrush (643681) | about 6 months ago | (#46951765)

what hope to you have against the government with all their money and resources.

Given that the App you mention and Apple's list of what they can extract amount to the same thing, it's probable the government also can access the same things. Basically anything that not encrypted on the device or backup can be accessed by all (with physical access). Things that are encrypted can't be. Even by people working for scary 3 letter acronyms.

ff (0)

Anonymous Coward | about 6 months ago | (#46951003)

ff

Re: ff (0)

Anonymous Coward | about 6 months ago | (#46951023)

Sorry it was a test, I wanted to know if Slashdot fixed their mobile website before submitting... After typing a long comment and clicking the submit button, it used to fail each time.

I can extract anything from locked laptops... (0)

Anonymous Coward | about 6 months ago | (#46951055)

By mounting their drives as a file system on my laptop, as long as its not encrypted.

Re: I can extract anything from locked laptops... (0)

Anonymous Coward | about 6 months ago | (#46951141)

Or by booting from a live CD/USB...

Very Interesting... (0)

Anonymous Coward | about 6 months ago | (#46951101)

Very interesting...especially considering that iOS 7 no longer has the email encryption for attachments.

Even though apple phones have encrypted files... (2)

spinozaq (409589) | about 6 months ago | (#46951129)

I had someone give me an iphone 4 last year where a child playing with the phone had accidentally deleted all the pictures. My task was to recover all the deleted pictures. It took me a few hours, mainly because I had never done anything with an iphone before. The process that worked invovled booting the phone with a different bootloader and breaking the encryption key. Most of the information and software to accomplish this can be found with a few minutes of searching.

Device Loyalty (0)

Anonymous Coward | about 6 months ago | (#46951247)

I'm truly amazed that some people thought there was a time when Apple did not have this ability. This is why I will never buy a smart mobile device from any company, even though I work as an iOS developer right now. No, I'm not RMS. Yes, I think the surveillance conducted on me via my feature phone is just too great -- moving up to a "smart" device demonstrates pure lunacy.

The real issue here is one of device loyalty. If I purchase a piece of equipment then I own that equipment. If it's programmable, then my equipment should do what I want it to, not what somebody else wants it to. Since that's never been the case with phones, doesn't appear to be the case with tablets, and vehicles appear to be joining this party, I find that I really can't trust any of them with any personal data.

Looking to the future, as a proper implementation of IPv6 rolls out across the world and all our electronics become addressable and accessible over the internet, these electronics that I supposedly own but demonstrate loyalty and provide data to others, I think I'll become a collector of 20th century appliances.

And so can just about everyone else (2)

fma (71738) | about 6 months ago | (#46951647)

See http://www.cellebrite.com/mobile-forensics. Every Apple store has Cellebrite phone forensics software and so do a every police agency who can afford it.

The official documentation (1)

crdotson (224356) | about 6 months ago | (#46951917)

I posted this elsewhere in the thread, but this describes the iOS security mechanisms in excruciating detail, including the full-disk encryption, etc. etc. Note that it does vary by hardware platform (3GS, 4, 4S, 5, 5S) and iOS version, so this is the "new hotness". There's a lot of incorrect information in the comments.

http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?