Schneier on Security

65535 • March 24, 2018 6:41 AM

@ Godfree Roberts, A Nonny Bunny and others

“Executes 2,000 people each without trial [police gun killings and or drone killings?]. Imprisons…people a year, also without trial…Keeps secret lists of 50,000 people whom it won’t allow to fly and won’t explain… Has secret courts whose records and rulings are not available to the public where only the government’s lawyers appear without possibility of challenge to the government’s submissions and applies a legal standard profoundly at odds with the Constitution which requires the presentation of evidence of probable cause of a crime as the trigger for a search warrant…Eavesdrops on all their citizens communications 24 x365…” – Godfree Roberts

Yes.

“…what an optimist you are! Cynical old cusses like me believe that Apple is fully aware of the vulnerability and will not patch it unless they have to. Apple, like Facebook, Google and other USA tech companies are in the business of selling a contradiction.”- Humdinger

I concur with your nexus between the huge USA Intelligence complex and business. It is an nod and wink system. Your correct statement, “[silicon valley corporations] are in the business of selling a contradiction” is an understatement. It is more like selling a con-game or outright fraud to consumers. Take a look at the small font and every changing “terms of service” which is spread over several co-owned sites and you will find that all of your private information is for sale to someone.

I agree that the USA is on a slippery slope downwards with evaporating Constitutional rights and poor Moral turpitude of the USA government and its tentacle from the NSA to local police and possibly Private Investigators.

We are seeing huge sums of money spent on spy devices and zero day vulnerabilities. This is increasing the military industrial complex in ways not seen in years.

Greykey is a good example of a bad example. The corporation is basically selling military grade technology weapons to local police and probably any dictator who has the cash on hand. Grayscale will probably become greatly enriched from taxpayers who are their targets. They have little oversight and even less morals. This must stop.

[The technical side]

“Assuming that this is exploiting a vulnerability of which Apple is currently unaware, then the propagation of these devices should result in the vulnerability becoming known to Apple. In other words, the “security” of the device is based on the obscurity”- J Badger

That could be very possible.

“…everyone who carries data in memory on mass produced devices has to assume that there’s a high interest in cracking those – be it for politics or financial motives.”- neill

Yes. It also increases the profitability of GreyKey and their kindred corporations. This is bad.

“This hack will work for another month or so until Apple patches the way the password incrementation time delay is managed and then this device will only work on older non patchable devices such as the 5S and below.”- Petter

Maybe and maybe not.

I am doubtful that GreyKey would tell the public their true cracking capabilities. They would tell a customer who has signed and non-disclosure contract.

As other poster have noted the number pin tries and failure slowing components should have stopped this brute force attack but it did not. I maybe off target on this. I suspect a side channel attack of sorts. Does anybody have an answer?

Excuse all of the mistakes. I an not at my best.

65535 • March 24, 2018 11:48 AM

@ Hacker Uno

‘1) I’d bet that the exploit somehow relies on pulling the credentials from the secure enclave, so the phone is bypassed altogether, and the cracking is done of the gray box, not the phone.”

That sounds reasonable considering the 3 AMD exploits and possibly Meltdown and Spectre vulnerabilities. Another area is re-flashing the chips in the secure enclave with microcode malware.

“2) …using an alphanumeric passcode impacts the device’s ability to crack the lock. I’d wager that their system only attempts to break numeric passcodes, and that a 12+ character alphanumeric passcode would not be breakable.”

That is a good question.

But, if your first idea “pulling the credentials from the secure enclave” and the passwords are hashed I don’t know if alpha-numeric 12 digit passcodes are safe. I would guess these passcodes are deep in the boot strap process and must be correct, copied or decrypted to boot the iPhone. Thus, if they are pulled from the secure enclave eventually they could be broken.

Conversely, if GreyKey is somehow using a token to access and online backup of the passcode stored on Apple servers all bets are off.

Excuse the mistakes I am not at the top of my game.

65535 • March 24, 2018 10:52 PM

@ moz
‘“…the phones will display a black screen with the passcode, among other information.” – I think this suggests pretty clearly that the cracking all happens on the phone.”’

Your explanation is the most plausible so far.

I am sure the rainbow tables are much better than in years past. These rainbow tables could be optimized if GreKey knows the maximum pin length and all characters allowed to be used. These rainbow tables would be much improved knowing the absolute Passcode space and characters [ Passcode = PIN in this post].

It may be possible to use both the phone’s CPU and GreyKey’s box and their cloud platform to do the cracking. But other ways are possible.

Mat Green has some information on Apple passcode generation but he also says basically you either trust Apple or don’t. Apple may have a second boot image that boots the machine without a PIN. What SW and HW does this work? Who knows if this is true.

[Mat Green]

“Apple claims that it does not record these keys nor can it access them. On recent devices (with A7 chips), this key and the mixing process are protected within a cryptographic co-processor called the Secure Enclave. The Apple Key Derivation function ‘tangles’ the password with the UID key by running both through PBKDF2-AES — with an iteration count tuned to require about 80ms on the device itself.** The result is the ‘passcode key’. That key is then used as an anchor to secure much of the data on the phone. (Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!… one view of Apple’s process is that it depends on the user picking a strong password. A different view is that it also depends on the attacker’s inability to obtain the UID. Let’s explore this a bit …The Secure Enclave is designed to prevent exfiltration of the UID key… earlier Apple devices this key lived in the application processor itself. Secure Enclave provides an extra level of protection that holds even if the software on the application processor is compromised — jailbroken…One worrying thing about this approach… is according to Apple’s documentation, Apple controls the signing keys that sign the Secure Enclave firmware. So using these keys, they might be able to write a special “UID extracting” firmware update that would undo the protections described above, and potentially allow crackers to run their attacks on specialized hardware… One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can’t they do it today? …the most likely explanation for this policy is probably the simplest one: Apple was never really ‘cracking’ anything. Rather, they simply had a custom boot image that allowed them to bypass the ‘passcode lock’ screen on a phone. This would be purely a UI hack and it wouldn’t grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn’t encrypt all of the phone’s interesting data using the passcode, the unencrypted data would be accessible upon boot. No way to be sure this is the case, but it seems like the most likely explanation…Notes: * Previous versions of iOS also encrypted these records, but the encryption key was not derived from the user’s passcode. This meant that (provided one could bypass the actual passcode entry phase, something Apple probably does have the ability to do via a custom boot image), the device could decrypt this data without any need to crack a password. ** As David Schuetz notes in this excellent and detailed piece, on phones with Secure Enclave there is also a 5 second delay enforced by the co-processor. I didn’t (and still don’t) want to emphasize this, since I do think this delay is primarily enforced by Apple-controlled software and hence Apple can disable it if they want to. The PBKDF2 iteration count is much harder to override. .”-Mat Green

https://blog.cryptographyengineering.com/2014/10/04/why-cant-apple-decrypt-your-iphone/

[Hence you have to trust Apple to not provide a backdoor as stated previously].

If GreyKey is using an custom boot image and scams the secure enclave chip it is almost game over. Who knows?

Excuse my mistakes. I am not at my best.