It is much more likely imo, that they have zero day exploits for something that does not require the phone to be unlocked, eg wireless, 3g/4g, bluetooth, or via the lightning connector.
If they are not doing that one of the only other options i can see is if they can clone the phone and perform a offline brute force against the pin code but my understanding is that the secure enclave is meant to prevent attacks like that.
How would an exploit in wireless, 3g/4g, etc lead to a full compromise of the device? These components don’t have full access to the device to begin with, and definitely don’t have access to the disk encryption keys.
And yeah, you can’t clone an iPhone and get anything usable. The pin is entangled with a secret that never leaves the Secure Enclave, so an offline attack would be an attack on the full encryption key, not on the pin.
They demonstrated owning an Android device. The page says iPhones since iPhone 4 use the Broadcom WiFi SoC but otherwise makes no mention of whether the exploit works on iPhone.
Most mobile phones allow the baseband to have full access to the entire device, which is why an exploit of the baseband can turn into a full device compromise, but AIUI iPhones don't do this and keep the baseband as a separate unprivileged component, specifically to defend against this attack vector. So a baseband compromise might get you access to any data going over the baseband (e.g. phone calls, unencrypted data traffic, etc) but shouldn't get you access to the rest of the device.
The radio interfaces do not have total access to the device but they have enough that it is feasible to compromise a device via a compromise of a radio component.
I do not think that a radio interface could have enough access to facilitate decryption of an encrypted volume. What I imagine it has enough access to do is to pivot to the OS running on the main CPU via a bug in the interface that is exposed for the radio to communicate with the main CPU.
From there they would likely have to exploit a number of other bugs to get into the position that they want to be in.
> To protect the device from vulnerabilities in network processor firmware, network interfaces including Wi-Fi and baseband have limited access to application processor memory. When USB or SDIO is used to interface with the network processor, the network processor can’t initiate Direct Memory Access (DMA) transactions to the application processor. When PCIe is used, each network processor is on its own isolated PCIe bus. An IOMMU on each PCIe bus limits the network processor’s DMA access to pages of memory containing its network packets or control structures.
Of course there's always the chance that there's a bug in one of these interfaces
And on Android: ¯\_(ツ)_/¯ Even for the Google Pixel I can't find a security whitepaper, just a blog post with a couple of vague bullet points.
In the past a USB or WIFI/Bluetooth attack would have got kernel mode execution then used the secure enclave to brute force credentials.
I think what makes this statement interesting is that Apple recently introduced anti-replay counters into their A12 SOC to defeat replay attacks that just reset the memory after each attempt.
I think this might represent a new generation of attacks that either have found a bug in the secure enclave OS itself or some kind of local timing/side channel attack.
The secure enclave has been getting more complex (things like neural net for FaceID) and I have no idea if it has modern mitigations like ASLR so there is reasonable chance people can get execution there. Really just another local privilege escalation.
The side-channel idea is also really interesting because a lot of the row-hammer and SPECTRE style attacks seem far-fetched in real scenarios but attacking a different ring of your own chip with full kernel access makes any kind of hardware attack seem much more reasonable.
That is terrifying given how the phone is the single key to many people's digital identity and their finances.
And that's what scared me into changing my relationship with my phone. I try to treat it as an ephemeral, disposable data terminal in which I have minimal trust.
Every few weeks I back it up to the LAN and purge it. If I lose it I revoke its login certificates so that it can't access the mail and chat servers, and block the PAYG SIM.
Yet more and more services want me to regard it as a secure token endowd with ultimate trust. The latest is one of my banks ( Halifax ) which demands that I install their app to authorise any online payment.
I'm holding out hope that one day we will see an up-to-date iPod Touch type device for the Android ecosystem. (With fingerprint/NFC support, unlike the iPod Touch.) I could carry this around as a "clearnet terminal" and power it on when needed, mostly for banking, casual communications, and non-critical password storage. Everything else is relegated to more secure single-purpose devices that avoid touching the broader web.
Most users have 4-digit or 6-digit numeric passwords, which can be trivially brute-forced. The only reason they can't generally is that SEP rate-limits decryption attempts. They probably have a way around the rate-limit. Meaning: if you use an alphanumeric password, you're fine.
I can still brute force your iTunes backup without a rate limit and distributed in Amazon GPU compute instances. Combine leaked pw databases with smart software (I use Elcomsoft), and you have a fair chance at getting in.
This is supposedly how they were able to crack the earlier gen iPhone previously. But supposedly, Apple has mitigated that type of replay attack in hardware.
I can't immediately find the methodology by which a pattern is converted to a pin.
For example, what's the degree of entropy for a non-trivial 6x6 pattern? (And why is my search fu not availing me of the answer to this question? :-) )
Interesting that this company is able to do this without threat of being sued into a smoking crater by Apple. They'd have to use Apple's software to build their product, and to do that they'd be bound by the license agreement. Apple could forbid the research in the license.
Oracle created the DeWitt Clause that forbids researchers from publishinging benchmarks for their products, and this apparently stands up in court. I have to imagine Apple could forbid researching and building exploit tools just as easily.
"Oracle created the DeWitt Clause that forbids researchers from publishing benchmarks for their products, and this apparently stands up in court."
Was this "DeWitt Clause" ever challenged specifically in a trial? If yes, can you give us some details, e.g., date, the name of the opposing party, the venue, etc.?
If it has never been challenged specifically, and gone through litigation all the way to a trial, can we honestly say "it stands up in court"?
For example, if there was a lawsuit for breach of license agreement based on publishing results in violation of the "DeWitt Clause", the defendant might argue that clause was unenforceable.
It might be possible to require a publication delay as a condition to a license, but an outright ban on publication might not be enforceable. The only way to know for sure is a lawsuit that goes to trial. Of course, even if we never actually find out because it never actually is the basis of any litigation that goes to trial, inclusion of a "DeWitt Clause" in a license could still intimidate licensees and effectively discourage publication.
The 2002 story linked on the Wikipedia page for "DeWitt Clause" mentions a telephone call to DeWitt's employer asking for him to be terminated. However it says nothing about a lawsuit based on breach of this particular "DeWitt Clause".
I'm no lawyer but it seems to me the world is awash with contracts that include agreements by one or more parties not to disclose something or other. What's the sort of thing that would make this particular one 'not enforceable'?
There are copyright exceptions for security researchers. Apple can block access to their network services, but I doubt they can do legal action, at least not based on copyright laws. Of course in this particular instance it sucks, but in general, such exceptions are very valuable as they allow researchers to find out about vulnerabilities and warn the public without being impeded by the manufacturer.
The research is mostly in Apple's interest - someone does free work for them. If 'security and privacy' are features you are selling to consumers, 'we sue everyone who fiddles around' is much less convincing messaging than 'we try to make the most secure device we can and if it's compromised, we fix it'.
> Interesting that this company is able to do this without threat of being sued into a smoking crater by Apple.
Consider whether a company such as https://www.blackbagtech.com/ (specifically products like MacQuisition) can exist without active support from Apple.
Wouldn't such an ability, by virtue of having been tested at least once, run afoul of the DMCA? Of course, it is an Israeli company and not an American one, and we have no proof that they have the ability or have ever exercised it, and IANAL, but I am curious.
It is my understanding that under the DMCA the security measures themselves are copyrighted works and breaking them is a violation of the DMCA in and of itself. That’s why breaking DRM, even if it’s to access public domain works is still illegal.
If such a device were used in the course of an investigation, wouldn't the defense have the right to examine the device and cross-examine the responsible engineers to ascertain how it works and to ensure that the recovered information has not been tampered-with?
It would be interesting to know what kind of bugs they are exploiting for this. Are they attacks over USB, bugs in the lock screen, or in the radio hardware.
First of all, to give words to the obvious question here: what leads a group of people to flaunt their insanely unethical desire to profit from <insert antonym of freedom>? They are literally trumpeting the ability for their clients to forcibly copy data without the permission of the owner of the device in question. Is it just money? Is it that simple?
Annnyway, more importantly: are there any details about how their claims are even possible? I guess that somehow, in every case of both iOS and Android, the symmetric key with which the data directory is encrypted is somehow gleanable?
It's a bit puzzling, because it seems that something as simple as 15-year old LUKS (eg, using dm-crypt) is sufficient for this purpose... right?
I mean, this company isn't claiming it can perform the same attack on an off-the-shelf laptop that has FDE with dm-crypt, right?
What's the difference? Why are phones such a security nightmare? At least in terms of encryption at rest on a cold device, isn't this a solved problem?
Are you seriously shocked that there are people out there that would be willing to assist law enforcement? It's not like they are advertising this service for anyone to drop by with any arbitrary phone to unlock.
They are no worse than locksmiths advertising the ability to crack safes.
> Are you seriously shocked that there are people out there that would be willing to assist law enforcement? ... They are no worse than locksmiths advertising the ability to crack safes.
It's more like a locksmith advertising the ability to break anyone's safe that contains details on every place you've ever been, purchase you've ever made, and person you've ever communicated with. Phones are far more ubiquitous and contain far more information than any family safe. Not a fair comparison.
Well for #1 & #2, they don't need your phone for that, just subpoenas to the relevant companies. And most people are not international globe trotters where the extra stuff outside of the country would be of much use.
I'm not saying "everyone" should help the police. I do think it's alright that a few companies, in specialized professions, exist to help the police (and other governmental organizations).
Yes, a lot of the effect is harmful, including in helping police do harm. But an argument that no-one should help the police is basically an argument the police shouldn't exist.
I'd argue that nobody should help the police as they exist in many modern implementations, because the police as they exist now are often bad actors. But it's not hard to imagine a police force that's held to a higher standard such that they actually are trustworthy. The argument doesn't have to be "police shouldn't exist"--it could be "police should be better".
But since we lack an individually actionable way of making the police better, doesn't the argument reduce to "we should not help the police as they are now"?
Yes, tautologically, "no-one should help the police" means "we should not help the police as they are now", but given that's obvious, I suspect that's not what you intend to say.
My previous post was responding to your claim "But an argument that no-one should help the police is basically an argument the police shouldn't exist", which is incorrect. The two are very different arguments.
The police could not exist if most people refused to help them. Arguing for people not to help the police is therefore arguing for the police to stop existing or to become less powerful or less effective.
I take "not helping" to mean not just not developing specialized products that only police can legally use, but also not calling the police in case of crime, not helping them with investigations as witnesses. Where the law permits, not selling them generic products and services (eg food). And where personal circumstances permit, not working for a company that does business with them, deplatforming them, etc.
> basically an argument the police shouldn't exist.
Many reasonable people do indeed take the position that the recent development of a paramilitary force, professionally tasked with keeping domestic peace, has been a bad way to achieve law and order.
So sure, I'll make an argument that today's police - and the private companies who enable them to perform end-arounds on quintessential rights - are contrary to the western common-law tradition and that society will be better when we end this short experiment and move on to a different approach.
> First of all, to give words to the obvious question here: what leads a group of people to flaunt their insanely unethical desire to profit from <insert antonym of freedom>? They are literally trumpeting the ability for their clients to forcibly copy data without the permission of the owner of the device in question. Is it just money? Is it that simple?
Probably.
I've met a lot of people who argue against the right to privacy. Most of those people are in positions where they profit from trampling people's privacy in some way: social media integrations, profiting from advertising, law enforcement/spying, or simply deprioritizing security. Lots of those folks are on Hacker News.
> What's the difference? Why are phones such a security nightmare? At least in terms of encryption at rest on a cold device, isn't this a solved problem?
One horribly annoying decision of Android is that the encryption passphrase cannot be different from the unlock pin, leaving users with two choices:
- Have a long, secure password that actually makes Android's encryption worth a damn. They then have to enter this password every time they want to unlock their phone. I don't think many people go for this option.
- Have a short usable password so you can painlessly unlock your phone. However, then encryption only provides a marginal benefit
(- I decided to use a long password with fingerprint unlock as a compromise, which creates its own security problems.)
It seems that they ignore that a powered off devices could easily provide much stronger protection by allowing a separate encryption password. And if the device is powered on, limiting unlock attempts might be somewhat useful to frustrate attacks against short lock screen passwords.
You are only forced to enter your passphrase when you turn on the mobile and once every X days. The rest of the time you can use your fingerprint to unlock the mobile. Seems like a good compromise.
True, except that fingerprint sensors can often be fooled and you cannot change your fingerprint once it becomes "compromised". For instance, anyone who ever visited the US, at least as a non-citizen, will have given their fingerprints to CBP.
I think this only works for an attacker model that excludes reasonably sophisticated attackers. I expect this to thwart pickpockets or muggers, but not the police or anyone more sophisticated than that.
>First of all, to give words to the obvious question here: what leads a group of people to flaunt their insanely unethical desire to profit from <insert antonym of freedom>? They are literally trumpeting the ability for their clients to forcibly copy data without the permission of the owner of the device in question. Is it just money? Is it that simple?
That's one way to look at it. Another is that they provide law enforcement the ability to catch and trial criminals (for instance sex offenders) who are using the phone manufacturer's naivete to hide their nefarious deeds.
One way or another, they are facilitating (in fact profiting from) one human to forcibly access a sensitive device belonging to another human, with the consent of the latter.
The sex offender "spectre" completely changes that because privacy is a "qualified right" that is appropriate to violate in some circumstances.
> Under the European Convention on Human Rights, the right to privacy is, in effect, contained in Article 8, the right to respect for family and private life. It is important to know that it is also a “qualified” right. That means it is not absolute, and can be interfered with in certain limited situations, for example to protect national security or freedom of expression. However, any interference has to be necessary and proportionate.
No, but "by law enforcement" aspect does. We gave government and specifically law enforcement the ability to disregard the privacy and certain rights of certain people in certain conditions - in this case a criminal's right to privacy after or during a criminal act.
It's like saying that because hidden recording devices can be abused it should be illegal (or at least one should be ashamed of) to create it.
For many, I bet the answer is yes. Plus I bet they sleep at night justifying their actions as helping to hunt down criminals and terrorists, (which I think some of them may be thinking of as having a close experience with).
Of course these are all post-hoc justifications for the primary motivator, money.
It’s only a solved problem if you’re using high entropy passwords (6 digit pins are not). Otherwise you’re relying on some sort of anti-hammering/auto erase to make up for it.
iPhones have anti-hammering already. The Secure Enclave counts password attempts and enforced a lockout period (and wipes the keys after 10 attempts if configured to do so).
There was an attack years ago, where you could kill power to the device after failing the attempt but before it incremented the attempt counter, but they fixed that, and that may have predated the Secure Enclave anyway (and required taking apart the phone, which I assume this on-premises device doesn’t do).
“what leads a group of people to flaunt their insanely unethical desire to profit from <insert antonym of freedom>?”
Flaunting this is great advertising for them - and most importantly free advertising for them. Not saying it’s right, but this is how they get customers when direct word of mouth is too slow.
>First of all, to give words to the obvious question here: what leads a group of people to flaunt their insanely unethical desire to profit from <insert antonym of freedom>? They are literally trumpeting the ability for their clients to forcibly copy data without the permission of the owner of the device in question. Is it just money? Is it that simple?
If you ask around I'm sure most people think LE should be able to do this for security reasons. Not saying I agree or disagree but that's the way it is.
This is almost certainly a way to brute-force passwords without the rate limit which is enforced by default. The only reason passwords can be brute-forced is that they're numeric and have few digits. If you use an alphanumeric passcode with at least 8-10 digits, you're fine.
Apple can't patch it. It's a fundamental limitation that, somewhere on the device, is stored a key; if you can extract that key, then you can run brute-force on it as much as you want from a supercomputer. And it has to be extractable because the phone itself has to use it.
It's supposed to. We don't even know for sure that there's a flaw in it; they might have just bypassed it, found a way to read the flash memory directly.
I'm not saying extraction is technically impossible, just that you can't simply bypass the SEP and read its flash the way hardware reversers do with other embedded systems.
Is it certain that they encrypt the symmetric key with a hash derived from the alphanumeric one? It is not inconceivable that they assume the secure enclave is secure and just store the symmetric key verbatim. This seems like the only sensible option for PIN, so if you're already doing that, it is very possible they just use the same scheme for the alphanumeric passwords.
#1 it's the most plausible given that it's impossible to be patched upstream and apple aren't slouches regarding crypto. #2 I saw a demo a while back of such a mechanism, and it was obviously brute-forcing. Rest assured, I'm not working for cellebrite selling fake assurances; it's obvious alphanumerics aren't less secure than numeric PINs, and you shouldn't store anything actually sensitive on a biometric-enabled phone anyway.
Because (ideally) without your input the locked device is as hard to break as some blob encrypted with a random and sizable key. So it's more likely someone's found a way to brute force your input than a way to brute force a big random key or break cryptography.
I'm quite interested to hear if these attacks involve exploiting side channel leaks against the Secure Enclave, as Apple has supposedly hardened the Secure Enclave against side channel leaks.
I'm sure a technical deep dive on these vulnerabilities would be an exciting read.
I don't understand. Why would celebrate be bound by these ToS?
We talk about how we want to abolish the CFAA so we can't (morally) turn around and use it when it suits us.
EULA is not the law. Terms of service is not the law. It is absurd to say that Apple should have the legal authority to (in a practical sense) legislate. Yes, theoretically speaking we don't need an iPhone to stay alive but still. You could have argued we didn't need Carnegie steel to stay alive either.
If they are not doing that one of the only other options i can see is if they can clone the phone and perform a offline brute force against the pin code but my understanding is that the secure enclave is meant to prevent attacks like that.