When the FBI Has a Phone it Can't Crack, It Calls These Israeli Hackers

Discussion in 'privacy general' started by Dermot7, Oct 31, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average
    https://www.macrumors.com/2018/04/16/iphone-cracking-six-digit-passcode/
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,058
    So who uses such short passcodes? I mean, way back in the day, eight characters was the norm. Now, don't people go with 32? Or at least 20?
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    I doubt that there are many people that would choose such long passcodes to unlock a phone :)
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,058
    OK, this host box is LUKS encrypted. And the passphrase is ~50 characters. However, the user password is only ~10 characters. So during my day, the host stays up, and I just lock the screen when I take a whatever break. And there's an easy-to-reach kill switch for UPS power to all machines. But I shut boxes down when I'm sleeping, or go out.

    Is something like that doable on phones?
     
  5. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    477
    You must be joking mirimir :eek:

    Most people can barely remember 10 to 12 char passwords.
    My codes for most stuff are 64 char but that's only because I keep them "hidden" inside my work comp and just copy-paste when needed.
    (I finally decided to start using password manager .... :oops: )
     
  6. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,801
    iPhone 7 is limited to 6 chars.
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    On iPhone you don't have two passwords, one for decryption when starting it up and another for unlocking when you use it during the day. Even if there is such an option, most people wouldn't use it. They would probably forget long passwords and would be in big trouble first time they shut down their phones.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,058
    OK, consider this quote from Tolstoy's War and Peace:

    "We can know only that we know nothing. And that is the highest degree of human wisdom."

    That becomes "WckotwknAtithdohw". Or if you can remember tricks like "number words are numbers" and "that becomes dat", you get "Wckodwk0Adithdohw". For longer, you string together a few sentences, from different works, that are memorable. If you forget, you just find the texts, and reconstruct.
     
  9. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    477
    That's quite clever :)
     
  10. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,801
    Android phone passcode are limited to 16 chars so best to use at least one symbol and a number in the passcode.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,058
    Well, that's a lot better than iPhone 7. I wonder why they went for just six characters. Did any of the older models allow longer passwords?
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    iOS 11.4 could make it tougher for cops to unlock your iPhone
    https://www.zdnet.com/article/ios-feature-will-make-it-tougher-for-cops-to-unlock-your-iphone/
     
  13. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,801
    Not that I know of but as the talk of cops being unable to access phones always seems to be about the iPhone and not Android, the length of password on Android might be a moot point especially if you have a Google account that has the features enabled that can reset password remotely.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,058
    How easy is it to disable all features that support remote password reset?

    Also, how easy is it to break all relations with Google? I guess that it becomes harder to get apps. Are there other ~trustable sources?
     
  15. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,801
    You can disable remote stuff like sync and backup and reset etc by just not having a Google account and disabling the services and using a firewall app.

    You don't need a Google account unless you want to buy apps from Google Play. There are plenty of free ones to download in Google Play using third party applications and also free open source apps on other app repositories like F-Droid.

    On older versions of Android it was possible to disable all the Google stuff even Google Play Services you just had to disable everything that was dependent on it first. Newer versions seem to have more that can't be disabled.

    In my opinion Android devices cannot be made private without rooting them and installing a new ROM.
    You can quiet down the stock setup by disabling as many Google apps as can be disabled and using the data saving features and turning off some permissions and installing a firewall app but it will still transfer large amounts of data autonomously.
    After doing all of the above and using a web browser with images turned off almost all of the time it should take thousands of text only web pages to equal a few megabytes, yet I see hundreds of megabytes were used each week, every week.
    The only explanation I can come up with for that kind of data usage is that large files are being uploaded, most probably audio and images covertly captured from the camera and mic.
     
    Last edited: May 8, 2018
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,648
    Location:
    UK
    The bottom line with smartphones (hugely intrusive and privacy-dangerous mini-computers in a glossy form factor) is that you cannot even authenticate with non-biometric second factor.

    That violates my Tos, so I don't use them. Messing with services and accounts to ensure privacy requires some level of trust - which I do not have.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    Did A Secretive US Government Unit Just Splash $30,000 On An 'Unlimited' iPhone Unlocking Tool?
    https://www.forbes.com/sites/thomas...s-30000-iphone-hacking-company-grayshift-tech
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,611
    Location:
    U.S.A. (South)
    This is so true and one the chief reasons while some my smartphone devices are running for example JellyBean/Lollipop and are fully Rooted and the system fully charted down to the last path.

    It's of absolute vital importance to know your own handheld devices like this inside and out or otherwise throw 'em in the incinerator.

    There is way too much fire ant-like activity flowing uninhibited day and night through those devices.
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    Is This Why The FBI Massively Overstated The Number Of Phones It Can't Unlock?
    https://www.forbes.com/sites/thomas...verstated-the-number-of-phones-it-cant-unlock

    So, contractor is handling their data and not FBI itself? Great. And we should have encryption that only LEAs can break? Yeah, right.
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature
    https://motherboard.vice.com/en_us/...s-without-a-warrant-apple-usb-restricted-mode
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    9,570
    Location:
    Slovenia
    New York Drug Cops Are Cracking Open iPhones With Secretive $15,000 GrayKey
    https://www.forbes.com/sites/thomas...hones-hacked-by-grayshift-graykey-in-new-york
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,058
    Ymmm. Maybe crack dealers shouldn't be carrying smartphones?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.