DriveSavers launches passcode-beating iPhone cracking service for the public
Data recovery firm DriveSavers is now selling a "passcode lockout recovery" service claimed to be the first for the general public able to crack any iPhone.
The company's technology purportedly ensures a "100 percent success rate" with iPhones, regardless of passcode length, according to marketing. DriveSavers doesn't say what exact means it's using, or offer an upfront price. Forensic-level recovery is typically expensive however -- Grayshift for example charges a minimum of $15,000 to law enforcement agencies.
To ensure people such as thieves don't abuse its service, DriveSavers is promising to validate legal rights to data during "all phases" of a recovery attempt.
Apple and forensics firms have been engaged in an unspoken race in which the latter exploit security vulnerabilities until Apple can fix them. Once a passcode is enabled iPhones are protected with full-disk encryption, and trying to brute-force a passcode risks losing data completely if someone has chosen to enable a self-wipe after 10 failed attempts.
In October, a report revealed that Grayshift's GrayKey had been disrupted by iOS 12, limiting it to a "partial" extraction of unencrypted files and metadata.
For some law enforcement agencies it may be more practical to force a suspect to unlock a device via Face ID or Touch ID. U.S. police can't legally demand that someone turn over their passcode, but they can use biometrics. In some cases this approach has even been used with the dead.
The company's technology purportedly ensures a "100 percent success rate" with iPhones, regardless of passcode length, according to marketing. DriveSavers doesn't say what exact means it's using, or offer an upfront price. Forensic-level recovery is typically expensive however -- Grayshift for example charges a minimum of $15,000 to law enforcement agencies.
To ensure people such as thieves don't abuse its service, DriveSavers is promising to validate legal rights to data during "all phases" of a recovery attempt.
Apple and forensics firms have been engaged in an unspoken race in which the latter exploit security vulnerabilities until Apple can fix them. Once a passcode is enabled iPhones are protected with full-disk encryption, and trying to brute-force a passcode risks losing data completely if someone has chosen to enable a self-wipe after 10 failed attempts.
In October, a report revealed that Grayshift's GrayKey had been disrupted by iOS 12, limiting it to a "partial" extraction of unencrypted files and metadata.
For some law enforcement agencies it may be more practical to force a suspect to unlock a device via Face ID or Touch ID. U.S. police can't legally demand that someone turn over their passcode, but they can use biometrics. In some cases this approach has even been used with the dead.
Comments
If they have reverse-engineered Apple's private key from the public key, then their claims are quite believable. If they've been using their corporate spare computer cycles over the past few years to look for this, perhaps they have gotten lucky?
We need a volunteer which some spare money.
In an ideal world, sure, I get it. Regrettably, state actors have consistently and determinedly ignored our collective right to privacy. Any ability to break encryption will be disseminated faster than the Salt Bae meme. Due process and legal oversight will be dispersed just as frivolously.
Anyway this looks like it's geared more towards someone who's suffering dementia, comatose, or passed away and family members need access to that person's phone. There's a whole bunch'a hoops to jump thru proving the need (ex. Death certificate for a deceased, several forms of personal ID for the living, etc) before the device is accepted.
I attended a presentation once where the company sales director said his development team could guarantee their software was 100% bug free.
We didn't partner with him because he was obviously lying.