Apple Will No Longer Unlock Most iPhones, iPads For Police 504
A reader writes with this selection from a story at the Washington Post: Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data. The move, announced with the publication of a new privacy policy tied to the release of Apple's latest mobile operating system, iOS 8, amounts to an engineering solution to a legal dilemma: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company – or anyone else but the device's owner – to gain access to the vast troves of user data typically stored on smartphones or tablet computers. The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails, recordings or other documents. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS8, it said in a new guide for law enforcement. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its Web site. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
So everything is protected by a 4 digit passcode? (Score:5, Interesting)
So everything is protected by a 4 digit passcode?
Wow... Impregnable.
Re:So everything is protected by a 4 digit passcod (Score:5, Funny)
My luggage only has a 3 digit passcode, iphone is 10 times stronger encrypted!
Re: (Score:2, Funny)
Fill you luggage with locked iPhones.
Now that's secure!
Re: (Score:2)
I'm pretty sure you can download some sort of suitcase app onto each of these phones.
Re: (Score:3)
It was designed for syncing a folder on your computer with a floppy disks. Now that we have flash drives, seek times aren't so bad and you can operate on them directly (or use cloud storage).
The feature's technically present even in Windows 7. Just add a desktop.ini file to any folder with the following lines:
[ShellClassInfo]
CLSID={85BBD920-42A0-1069-A2E4-08002B30309D}
ConfirmFileOp=0
Apparently there's a way to re-enable it in Windows 8, too.
Source: http://en.wikipedia.org/wiki/B... [wikipedia.org]
Re:So everything is protected by a 4 digit passcod (Score:4, Informative)
You can also set it to erase everything if the passcode is wrong more than ten times.
Re:So everything is protected by a 4 digit passcod (Score:5, Funny)
It could be a 4096-bit private key with uberultra fugu-based quantum encryption:
http://xkcd.com/538/ [xkcd.com]
Re:So everything is protected by a 4 digit passcod (Score:5, Insightful)
Re: (Score:2, Informative)
No, you can, and should, use a much longer (and with more varied characters) passcode than that on iOS. The device actively tells you you should if you set up touch ID.
Re: (Score:3)
Yes, but you can easily set your device to wipe after 10 incorrect passcode entries. So, what this really means (assuming that Apple's statements are true) is that, in the event the police want access to your iDevice, their only option (unless they're willing to play 1000:1 odds) is to get the passcode from you.
Re:So everything is protected by a 4 digit passcod (Score:5, Interesting)
i'm sure the cops can image your encrypted phone and try to break the encryption offline without risking loss of data. if they can't break it now, they will simply store the data for the next 10 years until they can and go back to it then. sort of like fingerprints, DNA or any other crime scene evidence
Re: So everything is protected by a 4 digit passco (Score:5, Informative)
No because encryption is derived from passcode and device key which is in the cryptochip sillicon. You have to brute force those things 'online' due to this as anyone who has done iOS forensic will tell you. Now if you want to break that full key out of the blue offline then... hm. yeah.. see you in a million years.
Re: So everything is protected by a 4 digit passco (Score:5, Insightful)
some of us are old enough to remember when 128 bit keys were considered unbreakable
Re: So everything is protected by a 4 digit passco (Score:5, Insightful)
Yes, that is true...
But it isn't logarithmic, it is exponential...
A 256-bit encryption isn't twice as hard as 128-bit, and a 4096-bit is beyond silly.
There might be fault with the method of encryption, perhaps a hack or a mistake in the code, but you won't brute force 4096-bit encryption. It would take more energy than exists in the universe, go look it up. :)
Re: So everything is protected by a 4 digit passco (Score:5, Informative)
Most folks say that AES-128 is about equivalent to RSA/3072, and Elliptic Curve would need to be 256 bits to be roughly equivalent to AES-128.
The big upcoming problem with RSA is that the number of bits needed per key goes up rapidly as you need to get to stronger key sizes. To get something equivalent to AES-256, you would need a 15360 bit RSA key. Which makes Elliptic Curve crypto more interesting because you only need about a 512 bit EC key to match AES-256 strength.
Re: So everything is protected by a 4 digit passco (Score:4, Informative)
But it isn't linear, it is exponential...
Re: (Score:3)
Ahh...
+1 to you... :)
Yea, you're right...
Re: (Score:3)
AES-256 will never be able to be brute force broken.
Never.
And I don't use that word lightly.
The energy to check all the possible keys doesn't exist.
You would have to come up with a way to run the math using energy from outside our known universe.
http://www.reddit.com/r/theydi... [reddit.com]
Re: So everything is protected by a 4 digit passco (Score:5, Interesting)
id think in even a few hundred years our best encryption would be trivial to break.
Not without huge advances in theoretical mathematics, no. We have encryption that would take longer to crack than the heat death of the Universe, even if every atom in it were a modern computer.
On the other hand, advances in the factoring of large numbers, could, for example, make some modern encryption method a lot more vulnerable. But I am told, by people who do research on that topic at MIT and Caltech, that momentous breakthroughs in that area are unlikely - modest improvements, certainly, earth-shattering advancements, no.
Re: (Score:3)
For the AES encryption used on the iOS flash, you need advances in the discrete logarithm problem, not factoring large numbers. There’s no RSA involved in protecting the flash contents.
Additionally, there’s no known way to make the boot loader just dump an image of the encrypted flash for you to start brute forcing on. You’d need to disassemble the phone, desolder the flash chips, and read them out in another circuit.
That’s certainly do-able, but not something that can be done to a
Re: (Score:3)
Loading the CPU with custom software would either require a ROM-level vulnerability in the bootloader or for Apple to sign your alternate firmware to load in.
To my knowledge there have been no bootloader vulns since the early production runs of the iPhone 4S. All jailbreaks since that time have depended on vulnerabilities later in the software stack. The bootloader will not accept a firmware older than the one currently installed on it, so downgrading to exploit since-fixed bugs isn’t possible.
There
Comment removed (Score:5, Insightful)
Re: (Score:3)
Or, they simply use a $5 wrench [xkcd.com].
If they simply want the information, the $5 wrench works. If they want it to be admissible in court, then it doesn't work so well.
Re:So everything is protected by a 4 digit passcod (Score:5, Funny)
Or, they simply use a $5 wrench [xkcd.com].
Don't be ridiculous, we're talking about the US government and not some thugs.
It would be a $5,000 wrench.
Re:So everything is protected by a 4 digit passcod (Score:5, Informative)
Case law is slightly conflicted in different US Federal districts, but the majority are that you can’t be compelled to provide your decryption keys. They’d need evidence to throw you in prison for 30 years, and your lack of providing the key is NOT evidence.
Recent statements made by several SCOTUS justices relating to warrantless phone searches suggest that as cases involving compelled key disclosure reach the Supreme Court, they will likely be decided in favor of the defendant. IE that the 5th Amendment protects you from being compelled to turn over an encryption key to information that would be used against you.
The legal situation outside the US is of course different. In the UK in particular, you CAN be compelled to provide the key under penalty of indefinite detention.
Re: (Score:3)
The US courts CAN compel you to disclose your keys in some specific circumstances. The canonical example was when child porn was seen on a screen and the owner managed to then turn the laptop(?) off. When rebooted it could not be seen because it was encrypted.
In that case the courts held that because the government already knew (had seen) that the kiddie porn was present they where not forcing the owner to disclose something unknown. So they could force him to hand over his keys.
Re: (Score:2)
i'm sure the cops can image your encrypted phone and try to break the encryption offline without risking loss of data. if they can't break it now, they will simply store the data for the next 10 years until they can and go back to it then. sort of like fingerprints, DNA or any other crime scene evidence
For that they would not need to crack a password, but create 256 bit encryption. With different encryption keys for every single file in the file system. I think brute forcing 256 bit encryption unless severely flawed is at the "physically impossible" level.
Re: (Score:3)
There are not different keys for every file, or if there are they are tied to a master key. The only way you can view an encrypted device with a single passphrase is because that single passphrase is tied to a single master key somewhere.
iOS uses a different encryption key for every file. One component of the encryption key is stored in the directory, one part comes from the device encryption key.
Re: (Score:3)
And there's always this [xkcd.com].
Procedures only work when you follow them. (Score:2)
One would think so, but they may also just want to activate the wipe to intentionally delete the data on the phone that could exonerate you!
http://justiceforbradcooper.wo... [wordpress.com]
Re:So everything is protected by a 4 digit passcod (Score:5, Informative)
Standard data forensics procedure is to write-protect any storage device which contains evidence, copy it bit-for-bit, and do all the decrypting and data analysis from the copy. The 10-try limit may protect your data from a random thief who lifts your phone, but the only way it's going to protect you from the government or any other technically-capable hacker is if Apple baked the limit into the flash memory-reading hardware.
And there's always this [xkcd.com].
You can put a complex password on your iPhone:
1) Settings->Passcode, enter your 4 digit passcode.
2) Flip the "Simple Passcode" switch.
3) Set your new arbitrary length complex password.
4) Enable the "Erase Data" setting which wipes the device after 10 incorrect password inputs.
5) Enjoy entering your complex password every time you want to access the phone.
The encryption on these iDevices and the Macs is non trivial to crack. Combine this encryption with a properly strong password and that wipe feature and even the Police would be shit out of luck. I know of a case where a guy resolutely refused to provide police with the password and crypto-key for his MacBook. The cops shipped the laptop to Cupertino who sent it back after a few weeks having failed to crack the drive encryption. The cracking would take longer than the expected lifespan of the universe. Your only hope of getting into a properly password protected and encrypted device be it an iDevice, an Android device or a Windows phone is if there happens to be some software vulnerability that enables you to bypass the login screen.
Re: (Score:3)
The cracking would take longer than the expected lifespan of the universe.
The obvious solution is inter parallel universe travel. We find the parallel universe in which the only difference is that the suspect didn't lock his/her phone and get the data there. Problem solved.
Re: (Score:3)
You don't have to enter the passcode every time if you've got a TouchID device. When my new phone shows up, I have a 13-digit code memorized from when I was a kid (long story). I'll input that once a day, and use the scanner to unlock the device the rest of the time.
Really you only need a 6-digit passcode to be exceptionally safe, but it's honestly easier for me to remember this particular code than something shorter.
Re: (Score:3)
Yes I'm sure that anybody who doesn't want their data to be read by the authorities won't be able to afford to buy an iPhone with TouchID.
5) Enjoy entering your complex password every time you want to access the phone.
Re: (Score:3)
Too bad for "standard forensics" that the passcode is mixed in with a hardware-specific key baked into the SOC [apple.com]. So you'll first need to be able to run arbitrary code on the individual's phone itself in order to keep guessing beyond the limit. That's going to require a significantly more intrusive examination.
Re: (Score:2)
Re:So everything is protected by a 4 digit passcod (Score:5, Informative)
The pass code is limited to four numbers, but you can switch it to a longer pass phrase which may include any number of alphanumerical characters.
Re: (Score:3)
The pass code is limited to four numbers, but you can switch it to a longer pass phrase which may include any number of alphanumerical characters.
Actually this is no longer true as of iOS 8 - it wants you to set up a complex pass code by default.
Re: (Score:2)
Re: (Score:2)
Like "123456789" maybe?
That's the average user's version of a pass-code like they use "password" for a password
Re: (Score:2)
I have one question:
If you damage your iDevice and forget your password, can they recover your data?
If the answer is yes, they are lying if they say they cannot assist law enforcement. And between lying to their consumers and lying to the government... I am pretty sure I know which way they will lean.
Re: (Score:2)
If you damage your iDevice and forget your password, can they recover your data?
If you forget your password, and you lost the backup key that Apple tells you to put in a save place when encryption is turned on, and you forget the answer to your security question, then yes, your data is gone. Forever.
Re:So everything is protected by a 4 digit passcod (Score:5, Insightful)
and you forget the answer to your security question,
The presence of a security question on any service indicates immediately that they almost certainly have access if served with a warrant.
Re: (Score:3)
That works for basic access passwords since the only check is "is it right yes/no?" at one particular entry point (the login screen.) You can reset that password and they only have to "update" the one location (their password hash file.)
Encryption is a whole different beast as you're effectively password protecting every single byte on your device. Simply changing the access password won't change those bytes.
So unless they're storing your password in plaintext (or reversibly encrypted,) or they've built a
Re: (Score:2)
Re: (Score:3)
Re:So everything is protected by a 4 digit passcod (Score:5, Informative)
FOR GOD'S SAKE.
I know you guys hate Apple, and that's fine. But do try to use your brain a little bit. Do you honestly believe that the flash storage is encrypted with a 4-digit numeric key? Of course it isn't, it's encrypted with a 256-bit AES key that's generated using a per-device hardware key and the passcode (which can be much longer than a 4-digit pin if you can be bothered to type it in every time you use the phone). If you pull the hardware out of the phone, then this is the key you're going to be cracking.
Good luck with that.
Re: (Score:3)
A double post because I wanted to follow up on something.
I know you guys hate Apple,
I dont hate Apple. I think they are really good at many things, including user interface, and they make some fine products.
What I absolutely hate is the culture around their products that assumes that theyre always doing something new and different, and that anyone who doesnt think their products are magical is a naysayer. Full disk encryption is a problem that has been solved for 15-20 years now and everyone does it the same way, because that way w
Re: (Score:2)
only if you are retarded and only use a 4 digit code.
Re: (Score:2)
The after the first fail it times-out for 5 minutes, then 30, then 60, 24 hours, etc... This is an example, I'm not sure of the actual times. But I've seen it happen.
If you get to a dozen tries you're about a month into it.
Or your fingerprint ... (Score:3)
So everything is protected by a 4 digit passcode?
Or your fingerprint, and where would the police get your fingerprint?
Re:Or your fingerprint ... (Score:5, Informative)
If you believe you may soon be under arrest, power off or hard reset (hold power & home) your device.
Only the OS itself is accessible immediately after reboot. All user-level flash is secured with a different key than the OS, and that key is secured by your passphrase, not your TouchID. That’s why you need to enter your password every time you reboot & can’t TouchID unlock until you do. If you reset your phone, the cops can hold it against your thumb all day long, and it won’t do them any good.
For an in depth discussion of how the crypto in iOS is implemented, see:
http://www.apple.com/ipad/busi... [apple.com]
Re:So everything is protected by a 4 digit passcod (Score:5, Funny)
Can't wait to see how people spin this as anything but good news.
-- Complex passcodes take more computational power to crack.
-- More computational power takes more electricity.
-- More electrical use leads to burning more coal and oil which leads to global warming.
-- Global warming is bad.
Q.E.D - complex passcodes are bad.
Re: (Score:2)
Well done.
Re: (Score:3)
They'll use the usual police state nonsense:
"Think of the children!"
"Apple is letting criminals hide their crimes!"
Sanity... (Score:5, Insightful)
This is how things are supposed to be. The legal system was designed for individuals "to be secure in their persons, houses, papers, and effects."
Re: (Score:3)
No it isn't. Law enforcement is supposed to be able to obtain relevant information with a search warrant.
Re:Sanity... (Score:5, Insightful)
Re: (Score:3)
Sure it is:
http://en.wikipedia.org/wiki/F... [wikipedia.org]
Re: (Score:3)
That was before law enforcement became the worlds largest street gang.
Re: (Score:3)
That is why a court order is needed. So now all the big companies will use the same method on all of their communications.
Of course the court could just order you to turn over your password.
Re:Sanity... (Score:5, Insightful)
Of course the court could just order you to turn over your password.
Sure, but you also have the right to refuse... They can charge you with contempt perhaps, but you at least have that choice.
Before, you didn't even have that much of a choice...
Actually... (Score:2)
This is how things are supposed to be. The legal system was designed for individuals "to be secure in their persons, houses, papers, and effects."
Like many countries, we inherited a strange and somewhat muddled legal system from England. That bit got added along the way.
Re: (Score:3)
Yea... I normally am rather unhappy with much of what Apple does...
But I'll give credit where it is due, this is clearly a customer friendly policy and I'll applaud them for it...
It improves Apple's imagine in my view and anyone who has privacy concerns should give Apple another look.
Re:Sanity... (Score:5, Insightful)
Re: (Score:3)
With this turn by Apple, the police have one less tool.
It sure is comforting to know, a pig would not be able to access the data on my phone until a judge agrees with him and orders me to divulge the PIN. Is such reassurance of dignity for millions of honest folks worth the increased chances for hundreds of criminals of getting away? Probably...
Re: (Score:3)
Re: (Score:3)
>defend the rights of pedophiles
small correction, should be "Defend the rights of accused pedophiles" Once proven guilty of a crime, the law (mostly) and most people then (and only then) support taking away many rights of the individual. We are different than many countries in the stage of protecting the accused from things like self incrimination... But the apple decision (and my support of the direction) is more driven from the lax oversight of subpoena's. If that process was rare, and rigorous eno
So then they get another warrant ... (Score:5, Insightful)
Then they're served with another warrant ... one that obliges them to put a back door into either the individual device, or their whole infrastructure. Without informing users that such a warrant has been served.
Then what?
It's like a game of chess where the values of the piece can be unilaterally changed by one side.
Re: (Score:2)
2) Move your corporate headquarters off shore. Then tell them they have no authority over you, but if they want to sue your country or publicly demand you stop selli
That doesn't mean this is a bad move (Score:2)
Re: (Score:2)
Then you hire a lawyer because no court in the U.S. has the authority to order a specific change to a product. The most they can do is declare a product to be unlawful as shipped, and that is done very publicly.
only small claims can't order specific performance (Score:3)
> no court in the U.S. has the authority to order a specific change to a product.
Not that they'd actually order that a backdoor be developed, but most courts can order specific performance. In many states, small claims courts are limited to monetary damages, but any other court of general jurisdiction can issue a specific performance order. You see this used in custody cases where the father is ordered to provide health insurance, for example. It's also common to have specific performance ordering a
Re:So then they get another warrant ... (Score:5, Insightful)
They don't need a back-door.
Sure they'll encrypt your files with a key they don't know just like they said. But to comply with law enforcement all they would have to do is intercept your password when you enter it. And that's done easily : keyboard driver update patch for target users: collects and forwards the password to the feds.
That way they're still encrypted as advertised. And its possible that if you lose your phone or its confiscated that this would still be a plus. But I think this password intercept is how the feds would get access if they're monitoring you specifically.
What's your suggestion for intelligence work? (Score:2)
I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...
This isn't
Re:What's your suggestion for intelligence work? (Score:5, Informative)
I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...
Aren't you rewriting history a little bit there? The USA didn't crack German codes. That was a bunch of Polish mathematicians, followed by British mathematicians and engineers. And when Americans make movies, three British sailors of whom two died getting secret materials out of a sinking German U-Boot suddenly become Americans!
Re: (Score:3)
No, because I don't get my historical information from fictional films. I watched a fictional movie last year about giant robots landing on the moon but I didn't get upset at Hollywood for claiming that giant robots beat us there. Only a moron gets angry at a fiction writer for writing fiction. Now, if you had said "Ken Burns made a WW2 documentary and got the following facts wrong..." Then yes, I would say you had a legitimate gripe at Ken Burns (and not at "Hollywood"), but I would just tell you to st
Re: (Score:3)
Yahoo has something to tell you about their $250,000 per day fine [bloomberg.com] if they didn't accept PRISM
Re: (Score:3)
Slightly different scenario. Yahoo had the data and refused to turn it over. Apple is in effect ensuring it can never have the data that the NSA is seeking without new code. Warrants, in this instance, can't really be used to compel you to make something you wouldn't otherwise make. That's not the type of a warrant they can actually seek; there is no "do what we tell you warrant".
Apple's entire gambit is to avoid the messiness of the law aspect by just preventing their own access to the data so they hav
Re:So then they get another warrant ... (Score:5, Insightful)
THEY *HAVE* GOTTEN WARRANTS LIKE THAT. WORSE, EVEN.
Remember Lavabit? They got a warrant to seize his private SSL key, so they could hijack connections from every user. The warrant only covered one person specifically but the order was for the SSL key itself, giving them the technical ability to read everything the users read. He even offered to modify his code so it would do it for just that one user, and they refused. The warrant even came with a gag order preventing him from talking about it.
Re: (Score:3)
They've done even worse than that. There was a company that I can't remember the name of that ran a service (I think it was VPN but I can't be sure) but specifically wouldn't log their service or traffic, this was an advertised feature and their sole differentiation in a very competitive business. A judge ordered them to turn on logging. This predates the lavabit thing and basically in both cases the entire reason for the business was negated by what I consider an illegal court order.
Important part of the statement: (Score:2)
Assuming .... (Score:2)
Re: (Score:2)
What? It's only a matter of time... (Score:2)
"So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Let Apple relax for it's a matter of time. As any software developer knows, software will [always] have bugs. Apple's software is no different.
"unlike competitors" ??? (Score:3)
Nothing prevents you to use 3rd party encryption on your Android phone (and I'm not speaking about 3rd party system)... and I seriously doubt that Google will be able to do anything about data crypted by 3rd party system.
On Android, you work on a system of service provider/consumer. Your contact list ? you've an application acting as contact provider and other as contact consumer (reader/writers).... If you want to protect them, nothing prevents you to use a different default contact provider which uses an encrypted container. Same for most of the phone features...
On iPhone, you can only trust Apple's word... like we did when it was about geolocation data...
Re:"unlike competitors" ??? (Score:5, Informative)
On Android, you can use dm-crypt to encrypt your /data partition with a passphrase of a real length, which is separate from your screen unlock PIN/password.
You do need to root it, and type in a command similar to this:
vdc cryptfs changepw newpass
or to enable encryption via the command line:
vdc cryptfs enablecrypto inplace
With /data encrypted, it will prompt for the long passphrase at boot, then from there on, just need the short screen locker password.
I like this part of Android -- you can easily pack your own parachute when it comes to encryption.
remark (Score:2)
We'll see (Score:5, Interesting)
Blackberry used to be secure until they wanted to sell phones in India and the Indian government demanded a backdoor in order for them to sell phones there.
Will India now also refuse the sale of iOS8?
"Most"? (Score:5, Interesting)
Re:Is this real? (Score:4, Insightful)
Even if it is real. How long before there is an amendment to the patriot act stipulating that every encrypted gadget should have a master key and that master key should be provided to uncle sam?
Re:Is this real? (Score:5, Informative)
Key escrow laws have been attempted before. And failed.
Re: (Score:2)
There already is a master key, or, more specifically, a master wrench. Preferably a 1 inch or larger spanner wrench.
Applied to various parts of the body it will do a wonderful job of improving certain specific memories. This isn't designed to prevent the NSA from going after you should they find that desirable (don't kid yourself, twinky). This is designed to protect yourself against two bit private investigators, your local sheriff, the creep down the block and your mother. No security is perfect, but
Apple hate and paranoia (Score:3)
why is everybody so full of hate here.
For some, it's because Apple has the audacity to make tech easy for non-techies to use—that is, take away the exclusivity that some of the geeks here feel they should have on being able to use complex electronic devices.
For others, it's because Apple doesn't open up everything so that they can tinker with the innards and customize it to their exacting specifications (at least without jailbreaking).
In these cases, and some similar ones, there's a strong sense that Apple is not serving true geeks, but r
Re:So, do yoiu believe 'em? (Score:5, Interesting)
Not to mention their warrant canary is dead [boingboing.net].
Re: (Score:2)
Re: (Score:3)
Or switch to a pass phrase, which can be of any length.
Re: (Score:3)
Re:Riddle me this Batman (Score:4, Informative)
You can do that. You can enter emergency contact info in the health app which is available from the lock screen with no password. It can also include allergies, insurance information and other things useful to first responders.
Re: (Score:3)
Maybe instead of searching for nudies on their phone and drugs in their car, these samaritans should consider calling a fucking ambulance and doing some basic first aid.