Could IP-Box crack ...
 
Notifications
Clear all

Could IP-Box crack 6 digit passcode on iOS 9?

26 Posts
12 Users
0 Likes
1,976 Views
(@gorvq7222)
Posts: 229
Reputable Member
Topic starter
 

Law Enforcement usually use IP-Box to crack 4 digit passcode of iDevices. What about 6 digit passcode??? Did someone test IP-Box with iPhone uprading to iOS9?

My friends want to know if IP-Box works when dealing with 6 digit passcode. Please let us know the testing result. Thanks a lot.

 
Posted : 26/09/2015 2:06 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Law Enforcement usually use IP-Box to crack 4 digit passcode of iDevices. What about 6 digit passcode??? Did someone test IP-Box with iPhone uprading to iOS9?

My friends want to know if IP-Box works when dealing with 6 digit passcode. Please let us know the testing result. Thanks a lot.

IOS9 does not contain on mistakes which IP-Box uses for pass PIN.

 
Posted : 26/09/2015 3:32 pm
(@trewmte)
Posts: 1877
Noble Member
 

Apple patched the vulnerabilities after 8.1.1, as far as I know, which prevents exploits by tools like IP-Box.

 
Posted : 26/09/2015 4:09 pm
(@twjolson)
Posts: 417
Honorable Member
 

The hardware and software is limited to just four numeric characters.

 
Posted : 28/09/2015 7:23 pm
(@gorvq7222)
Posts: 229
Reputable Member
Topic starter
 

Thank you guys. What a pity IP-Box does not work with 6-digit passcode…I think there is a conflict between security and forensics. The great irony is that the more secure the iDevices is, the more difficult for forensic guys to examine and analyze iDevices. Could someone ask Apple not to enhance security so fast??? Or leave a backdoor for Law Enforcement???

Why don't we just tell everybody that if you want to do something illegal, you have to use iDevices…So Suspects won't worry about being monitored or examined.

 
Posted : 30/09/2015 8:03 am
(@mark_adp)
Posts: 63
Trusted Member
 

The balance between privacy and security is the real issue here, and in part Apple has identified that people do want their data to be kept "secure" from unintended and unauthorised persons. While this is great for the privacy of the users, it does cause great difficulties for Law Enforcement who are unintended viewers of data stored on devices, but are in most cases authorised. I believe where Apple should change their policy is with regards to providing assistance to LE when the authority is in place.

In my view it comes down to when people feel they have had their privacy violated, and I believe this happens when norms are violated. An example, my mobile is hacked into and all my pictures are uploaded to a website for the world to see. In this example I have lost the control over information/data that is about me. A clear violation.

However, if my phone is seized in a murder enquiry where I am the prime suspect, there is (IMO) social norms that exist and a social expectation that authorised public bodies (LE) can and should be allowed to search my data in the interest of justice and public safety.

gorvq7222 I think you are right, there should be a "backdoor", but that "backdoor" should perhaps be more like a "frontdoor" meaning transparency exists as to who and when these requests are invoked and a well thought out and consistent justification framework exist.

I am writing my MSc dissertation on this topic, so perhaps it can be of use at some point in the future.

 
Posted : 30/09/2015 2:07 pm
(@gorvq7222)
Posts: 229
Reputable Member
Topic starter
 

Thank you guys. In my opinion, there is an invisible war between manufacturers and Forensic guys(including LE). Those manufacturers claim that the purpose is to protect privacy, but in the meanwhile they also build huge barriers for forensics. Actually they care about sales and revenue, not security. They just use security as a feature to make more money.

Manufacturers should offer "backdoor" or "frontdoor" for LE, this is a responsibility and no negotiation they have to cooperate with LE. Think about those victims, don't let them disappointed just because stupid smartphones protect bad guy's privacy.

 
Posted : 08/10/2015 5:24 am
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

To play devil's advocate; the danger with any frontdoor or backdoor is that if it exists, then there is the potential for hostile actors to discover it and abuse it.

Let's say that Apple provide a secret backdoor for all iDevices whereby if you show a locked phone a picture of Steve Jobs it says "WELCOME, YOUR HIGHNESS" and unlocks the phone. Their aim is to allow LE a way to access locked phones, as you say.
Unfortunately, this backdoor is discovered by accident by someone who is reading the Steve Jobs biography in Starbucks. They post their findings to Reddit, and now everyone knows that in order to unlock an iPhone all you need is a picture of Steve Jobs and now there is no secure way for anyone to protect their phone from physical intrusion.

This is a silly example, but the idea is really the same for any backdoor. What if we encrypt the phone using an encryption key that can be provided if required? Well, once that key is discovered you're back to square one.

I totally agree with you that it is frustrating for LE to have these obstacles, but I'm not sure what the solution is. In the UK we have RIPA, which can be used to send people to prison if they don't divulge their passwords - but this has been a controversial piece of legislation, to say the least. But what other option is there..?

 
Posted : 08/10/2015 11:51 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

However, if my phone is seized in a murder enquiry where I am the prime suspect, there is (IMO) social norms that exist and a social expectation that authorised public bodies (LE) can and should be allowed to search my data in the interest of justice and public safety.

Sure, and let's say that you are innocent and that the good LE guys find nothing to connect you to that murder BUT casually find out that you are involved in illicit smuggling of meerkat images 😯 (credit for the meerkat idea goes to Adam10541 http//www.forensicfocus.com/Forums/viewtopic/p=6569664/#6569664 ).
What would happen?
Will this info be ignored?
Will you be prosecuted for this other crime?
You won't be prosecuted for this other crime but you will be put under surveillance or simply entered in a secret database of meerkat pornography offenders?

Remember that any of the above would be in the interest of justice and public safety ) , but what if initially you were suspected by mistake or the charge was put up just to have an occasion to snoop on your data (because you were actually suspected of smuggling meerkat pics but there were no grounds to seize your device)?

Or even without any crime involved, your device simply contains data that prove you are cheating on your partner and this info *somehow* is made public?

jaclaz

 
Posted : 08/10/2015 12:12 pm
(@chris_c)
Posts: 1
New Member
 

There's a very intelligent discussion of this encryption topic in the appendix of the 2015 Europol Internet Organised Crime Threat Assessment, which is available here

 
Posted : 08/10/2015 4:38 pm
Page 1 / 3
Share: