When the FBI Has a Phone it Can't Crack, It Calls These Israeli Hackers

Discussion in 'privacy general' started by Dermot7, Oct 31, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average
    https://www.macrumors.com/2018/04/16/iphone-cracking-six-digit-passcode/
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    So who uses such short passcodes? I mean, way back in the day, eight characters was the norm. Now, don't people go with 32? Or at least 20?
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I doubt that there are many people that would choose such long passcodes to unlock a phone :)
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    OK, this host box is LUKS encrypted. And the passphrase is ~50 characters. However, the user password is only ~10 characters. So during my day, the host stays up, and I just lock the screen when I take a whatever break. And there's an easy-to-reach kill switch for UPS power to all machines. But I shut boxes down when I'm sleeping, or go out.

    Is something like that doable on phones?
     
  5. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    You must be joking mirimir :eek:

    Most people can barely remember 10 to 12 char passwords.
    My codes for most stuff are 64 char but that's only because I keep them "hidden" inside my work comp and just copy-paste when needed.
    (I finally decided to start using password manager .... :oops: )
     
  6. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    iPhone 7 is limited to 6 chars.
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    On iPhone you don't have two passwords, one for decryption when starting it up and another for unlocking when you use it during the day. Even if there is such an option, most people wouldn't use it. They would probably forget long passwords and would be in big trouble first time they shut down their phones.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    OK, consider this quote from Tolstoy's War and Peace:

    "We can know only that we know nothing. And that is the highest degree of human wisdom."

    That becomes "WckotwknAtithdohw". Or if you can remember tricks like "number words are numbers" and "that becomes dat", you get "Wckodwk0Adithdohw". For longer, you string together a few sentences, from different works, that are memorable. If you forget, you just find the texts, and reconstruct.
     
  9. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    That's quite clever :)
     
  10. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Android phone passcode are limited to 16 chars so best to use at least one symbol and a number in the passcode.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, that's a lot better than iPhone 7. I wonder why they went for just six characters. Did any of the older models allow longer passwords?
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    iOS 11.4 could make it tougher for cops to unlock your iPhone
    https://www.zdnet.com/article/ios-feature-will-make-it-tougher-for-cops-to-unlock-your-iphone/
     
  13. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Not that I know of but as the talk of cops being unable to access phones always seems to be about the iPhone and not Android, the length of password on Android might be a moot point especially if you have a Google account that has the features enabled that can reset password remotely.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    How easy is it to disable all features that support remote password reset?

    Also, how easy is it to break all relations with Google? I guess that it becomes harder to get apps. Are there other ~trustable sources?
     
  15. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    You can disable remote stuff like sync and backup and reset etc by just not having a Google account and disabling the services and using a firewall app.

    You don't need a Google account unless you want to buy apps from Google Play. There are plenty of free ones to download in Google Play using third party applications and also free open source apps on other app repositories like F-Droid.

    On older versions of Android it was possible to disable all the Google stuff even Google Play Services you just had to disable everything that was dependent on it first. Newer versions seem to have more that can't be disabled.

    In my opinion Android devices cannot be made private without rooting them and installing a new ROM.
    You can quiet down the stock setup by disabling as many Google apps as can be disabled and using the data saving features and turning off some permissions and installing a firewall app but it will still transfer large amounts of data autonomously.
    After doing all of the above and using a web browser with images turned off almost all of the time it should take thousands of text only web pages to equal a few megabytes, yet I see hundreds of megabytes were used each week, every week.
    The only explanation I can come up with for that kind of data usage is that large files are being uploaded, most probably audio and images covertly captured from the camera and mic.
     
    Last edited: May 8, 2018
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    The bottom line with smartphones (hugely intrusive and privacy-dangerous mini-computers in a glossy form factor) is that you cannot even authenticate with non-biometric second factor.

    That violates my Tos, so I don't use them. Messing with services and accounts to ensure privacy requires some level of trust - which I do not have.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Did A Secretive US Government Unit Just Splash $30,000 On An 'Unlimited' iPhone Unlocking Tool?
    https://www.forbes.com/sites/thomas...s-30000-iphone-hacking-company-grayshift-tech
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    This is so true and one the chief reasons while some my smartphone devices are running for example JellyBean/Lollipop and are fully Rooted and the system fully charted down to the last path.

    It's of absolute vital importance to know your own handheld devices like this inside and out or otherwise throw 'em in the incinerator.

    There is way too much fire ant-like activity flowing uninhibited day and night through those devices.
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Is This Why The FBI Massively Overstated The Number Of Phones It Can't Unlock?
    https://www.forbes.com/sites/thomas...verstated-the-number-of-phones-it-cant-unlock

    So, contractor is handling their data and not FBI itself? Great. And we should have encryption that only LEAs can break? Yeah, right.
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature
    https://motherboard.vice.com/en_us/...s-without-a-warrant-apple-usb-restricted-mode
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    New York Drug Cops Are Cracking Open iPhones With Secretive $15,000 GrayKey
    https://www.forbes.com/sites/thomas...hones-hacked-by-grayshift-graykey-in-new-york
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Ymmm. Maybe crack dealers shouldn't be carrying smartphones?
     
  23. guest

    guest Guest

    Call to delay use of Police Scotland data devices
    April 8, 2019
    https://www.bbc.co.uk/news/uk-scotland-scotland-politics-47844721
     
  24. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Related question: has anyone run across a case where an Android 9 phone was in "Lockdown" mode and they bypassed it somehow? You can use 16 characters (about) on the lockdown password, which I do. That mode disables all biometrics and is supposed to be the front line first defense to access the system. I am just looking for an actual case to see if the encryption holds up. Not someone using 4-7 characters but an actual REAL password. I would never type that many digits all the time but its nice to quickly kill bio access on my phone with a click, just in case. Any cases out there?
     
  25. guest

    guest Guest

    ICE spends more than $1 million on iPhone hacking tech
    May 13, 2019
    https://www.washingtonexaminer.com/news/ice-spends-more-than-1-million-on-iphone-hacking-tech
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.