Maybe I just don’t understand the modern criminal mindset: do criminals really store evidence of their felonious activities on phones, or bring traceable phones along on crimes? At least ones with an IQ above room temperature?
It’s encrypted, so you have nothing to search, just as in the case of not having an iPhone at all.
I would assume that people wouldn’t just be leaving their photos of where they buried the bodies on their phone.
But there could still be incriminating or circumstantial evidence. There could be logs of your movements, records of your contacts, and your messages, that while they are maybe a bit encoded, still can provide evidence of conspiracy.
It’s notable that the change Apple is making is to work around specific exploits that exist in the wild. It’s not like only the police can buy those iPhone crackers, or that the device requires a warrant to use. They’re out there! Anyone can use them to break into an iPhone.
People talk about how breakable encryption could be used by anyone, as though it were a hypothetical. But it’s actually happening. There are bad actors right now relying on the same methods that police want to preserve.
In that context, it’s pretty clear that Apple’s move is the correct one. Their customers rely on them to keep data secure, and leaving this exploit unprotected is not doing so.
If you were a safe-maker, and you discovered that some company was selling a device that circumvented your safes, you’d have to be pretty dumb to not fix that as best you could in the next model. For one, you probably wouldn’t be a safe-maker for very long if you sold safes that were easily cracked.
Has anyone? AFAICT these devices are not sold to the public at large. Can you provide a link where I can buy one?
I cannot provide a link where you can buy one. I will grant that it is possible that I am overreacting and that no bad actors have used devices to break into iPhones without legal warrants.
I can’t provide a link where you can buy a database of 1 million credit card numbers with names and zip codes either, but I’m certain that people buy those.
I would also argue that if I’m wrong, if it really is the case that every company supplying these cracks does so only in accordance with the law, it seems to be only a matter of time before that’s not the case.
GrayKey is just a turn-key brute force pin guesser device.
Really just a device that is created because the average police officer doesn’t know how to write Python.
A couple of days on code school any anyone can replicate this, and thus the reason we have methods that disable accounts when brute force attempts are detected.
Emails, Text messages are of value. Also remember that unlocking the phone gives them access to social media and typically bank records if people save the passwords.
It also give the access to the random ID for Siri’s data files, which is basically a voluntary always on wire that most people carry around.
It’s more than that. Because iPhones already have several methods of throttling brute force attempts. So it’s a brute force password guesser combined with one or more exploits to get around the throttling.
It takes some pretty serious opsec to keep a phone used for illegal purposes totally clean.
Even if you’re well-funded and replacing phones regularly, you likely have at least a few days of activity on it. You might have “deleted” stuff from it, but depending on how the phone works, it might not really be deleted. If you’re rotating burners regularly, you probably have to have your fellow conspirators’ phone numbers stored in the phone, because who can remember a dozen regularly changing phone numbers. And if just one of those conspirators messed up and used their dirty phone to call some phone that can be linked to a real person, or turned it on and it auto-joined a wireless network somewhere that stores security camera videos, or dozens and dozens of other ways to mess up, then relevant info is gleaned.
Criminals aren’t experts at erasing their digital footprints. Almost anyone is going to fuck this up.
I haven’t heard whether the current generation of iPhone cracking devices have escaped into the wild yet. The previous generation did, and there’s no reason to assume that this iteration will play out any differently:
Given this situation, it is clearly prudent for Apple to patch the security hole ASAP before the current exploit becomes generally available.
Well, iOS 11.4.1 with the new security enhancement has just gone live. It was nice knowing y’all before the world was overrun by criminals against whom the police are helpless…