This report seems really fishy to me. If the FBI could hack only older iPhones, why would they be publicizing their inability to hack the 6 series? Wouldn't the FBI in that case be telling evil doers, in essence, go out and buy yourself a 6 series iPhone? Wouldn't it make more sense for the FBI to keep its limitations secret in the hopes that evil doers are using older iPhones (or at least, some of them)?
i would guess that the FBI also can hack a 6 but they just want to lull the "bad guys" into a false sense of complacency/security. No?
... I watched Truth 2015 last night, the attack on CBS's 60 Minutes crew (Dan Rather, Mary Mapes), and it's similar to this witch attack on Apple except both Republicans and Democrats are attacking Apple using hearsay and a lack of understanding and fear mongering to get what they want while making Apple look real bad. ...
Not sure which way you are intending this comment. It was proven that they relied on false documents for their reporting. They cried they were attacked for using false documents all the while attacking someone using false documents. The rewriting of history in a movie does not change those facts so without further explanation, that part of your comment is ambiguous.
This is my question. How did I know about the IP-Box but the head of the FBI did not? John Gruber reported on this over a year ago on Daring Fireball which is when I switched to an alpha-numeric passphrase.
This will set another battle against Apple when the next case when newer iPhone needs to be unlocked. FBI never stops. The good news is White House just withheld the support for legislature on forcing companies to crack encryptions. Thank you, Obama. Is this the reason why they don't want Obama to have iPhone because they can't monitor what's going on in his phone? LOL.
It's not just the FBI. They are the current player. They and their partner the DOJ. We have had local LEO, DEA, and others attempting the "Precedent" path.
A huge benefit from this kind of thing for Apple and the general public (but not the FBI) is that the endless speculation (and proof in some cases) from experts that see potential security holes is that Apple is busily plugging every leak. The result is going to be a hardware and software platform that is dramatically *more* secure than the already highly secure iPhone.
The FBI unwisely put all their chips on this move and lost spectacularly; at least they figured it out before a judge decided against them. The FBI has come across like bumbling idiots; gone is the mystery and mystic of the all-powerful and secretive FBI that can accomplish anything. Now, the only real hope moving forward for them is trying to get laws in place forcing backdoors by tech companies, and in the current political environment, that's not going to happen. Even if it did happen in the USA, there are innumerable foreign app-makers that will still offer secure communications and show the FBI the middle finger.
The unlocking procedure used by the Federal Bureau of Investigation to break into an iPhone 5c at the center of the San Bernardino case cannot be used on new devices, the bureau's director said on Wednesday.
The IP Box setup, via MDSec.
Comey told a group of students and educators at Kenyon College in Ohio that his department had "purchased a tool" from a third party to unlock the iPhone in question, according toCNN Money. Though he stopped short of revealing the exact process, he did note that it would not work on more modern handsets.
"This doesn't work on 6S, doesn't work on a 5S, and so we have a tool that works on a narrow slice of phones," Comey said.
Discussing Apple's request that the bureau unveil its method, Comey was noncommittal but said he was worried about losing what little access the bureau does have.
"We tell Apple, then they're going to fix it, then we're back where we started from," he said. "We may end up there, we just haven't decided yet."
Since the FBI revealed its success late last month, most speculation regarding their method has centered around the so-called "IP Box" that first appeared last spring. That tool -- which retails for less than $300 -- latches onto a susceptible iPhone's power circuitry and enters PINs over USB.
When a wrong guess is detected, the tool aggressively cuts power to the iPhone's logic board before the guess is recorded, defeating the 10-try limit.
Apple is believed to have patched this hole in older iPhones with iOS 8.1.1; as the iPhone 5c in question is thought to be running iOS 9, the FBI has either chosen a different method or has purchased the device from a company that has discovered an as-yet unreported flaw in later software.
Beginning with the iPhone 5S, PIN guesses are managed in the hardware Secure Enclave, rendering such an attack useless.
So, if we use an actual password instead of a 4-digit PIN, then we should be good, even on the older devices. Bye, bye, PIN's.
The unlocking procedure used by the Federal Bureau of Investigation to break into an iPhone 5c at the center of the San Bernardino case cannot be used on new devices, the bureau's director said on Wednesday.
The IP Box setup, via MDSec.
Comey told a group of students and educators at Kenyon College in Ohio that his department had "purchased a tool" from a third party to unlock the iPhone in question, according toCNN Money. Though he stopped short of revealing the exact process, he did note that it would not work on more modern handsets.
"This doesn't work on 6S, doesn't work on a 5S, and so we have a tool that works on a narrow slice of phones," Comey said.
Discussing Apple's request that the bureau unveil its method, Comey was noncommittal but said he was worried about losing what little access the bureau does have.
"We tell Apple, then they're going to fix it, then we're back where we started from," he said. "We may end up there, we just haven't decided yet."
Since the FBI revealed its success late last month, most speculation regarding their method has centered around the so-called "IP Box" that first appeared last spring. That tool -- which retails for less than $300 -- latches onto a susceptible iPhone's power circuitry and enters PINs over USB.
When a wrong guess is detected, the tool aggressively cuts power to the iPhone's logic board before the guess is recorded, defeating the 10-try limit.
Apple is believed to have patched this hole in older iPhones with iOS 8.1.1; as the iPhone 5c in question is thought to be running iOS 9, the FBI has either chosen a different method or has purchased the device from a company that has discovered an as-yet unreported flaw in later software.
Beginning with the iPhone 5S, PIN guesses are managed in the hardware Secure Enclave, rendering such an attack useless.
So, if we use an actual password instead of a 4-digit PIN, then we should be good, even on the older devices. Bye, bye, PIN's.
I would recommend a passcode on all iPhones that have Touch ID, since you don't have to input it often. On older devices, the passcode can be a little too much, but I would recommend increasing it to at least 6-digits.
PS: The iPhone's passcode is well over BASE-102. That's just 26 lowercase, 26 uppercase, 10 numbers, and the 40 special characters; but it doesn't include all the other text options for a long-press like Ç or ç or ¢ or £ and on and on. Even a 4-character passcode with BASE-102 is 108,243,216 possibilities.
You just like to make stuff up out of thin air, don't you?
Do you understand what a logical fallacy is?
what's wrong about it? the fbi's inability to use their secret technique on anything newer than a 5C does not mean they cannot hack anything newer. it simply means not with *this* technique. that may seem like splitting hairs, but it isn't. it's the art of symantics.
I still think all this is moot. Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
I still think all this is moot. Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
TouchID needs live tissue for capacitance, I believe.
I also believe that I heard once that someone had TouchID activated but only had his glans penis registered. Good security, I guess, since how likely is anyone to check it?
Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
TouchID needs live tissue for capacitance, I believe.
I also believe that I heard once that someone had TouchID activated but only had his glans penis registered. Good security, I guess, since how likely is anyone to check it?
That must work great when using ApplePay at the grocery store.
Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
TouchID needs live tissue for capacitance, I believe.
I also believe that I heard once that someone had TouchID activated but only had his glans penis registered. Good security, I guess, since how likely is anyone to check it?
1) It doesn't need "live tissue" so much as something that mimics that of living tissue. This is probably the easiest to trick on Touch ID.
2) Penis, nose, nipple, cat and dog paw. Pretty much anything with some heat, natural electric field, and perhaps blood vessels. I'd bet your scrotum would work, too, but since that changes more often than Trump's positions on important political matters, you find it difficult to get a successful read over time.
Remember, Touch ID, isn't looking for a 100% match like with any PIN or passcode, it's looking for certain number of points that result in a certain threshold of likelihood that the person that set up the Touch ID is, in fact, the same user. This is why the PIN/passcode is used when you restart it, then 48 hours has passed, when too many failed Touch ID attempt are made, and when trying to add a Touch ID access point or trying to dis/enable Find My iPhone.
Comments
i would guess that the FBI also can hack a 6 but they just want to lull the "bad guys" into a false sense of complacency/security. No?
It's not just the FBI. They are the current player. They and their partner the DOJ. We have had local LEO, DEA, and others attempting the "Precedent" path.
Waterrockets is right.
The FBI unwisely put all their chips on this move and lost spectacularly; at least they figured it out before a judge decided against them. The FBI has come across like bumbling idiots; gone is the mystery and mystic of the all-powerful and secretive FBI that can accomplish anything. Now, the only real hope moving forward for them is trying to get laws in place forcing backdoors by tech companies, and in the current political environment, that's not going to happen. Even if it did happen in the USA, there are innumerable foreign app-makers that will still offer secure communications and show the FBI the middle finger.
PS: The iPhone's passcode is well over BASE-102. That's just 26 lowercase, 26 uppercase, 10 numbers, and the 40 special characters; but it doesn't include all the other text options for a long-press like Ç or ç or ¢ or £ and on and on. Even a 4-character passcode with BASE-102 is 108,243,216 possibilities.
Yeah, see? I'm an artist! :P
I also believe that I heard once that someone had TouchID activated but only had his glans penis registered. Good security, I guess, since how likely is anyone to check it?
2) Penis, nose, nipple, cat and dog paw. Pretty much anything with some heat, natural electric field, and perhaps blood vessels. I'd bet your scrotum would work, too, but since that changes more often than Trump's positions on important political matters, you find it difficult to get a successful read over time.
Remember, Touch ID, isn't looking for a 100% match like with any PIN or passcode, it's looking for certain number of points that result in a certain threshold of likelihood that the person that set up the Touch ID is, in fact, the same user. This is why the PIN/passcode is used when you restart it, then 48 hours has passed, when too many failed Touch ID attempt are made, and when trying to add a Touch ID access point or trying to dis/enable Find My iPhone.