[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

Jeffrey Goldberg jeffrey at goldmark.org
Thu Mar 28 18:23:38 EDT 2013


[Reply-To set to cryptopolitics]

On 2013-03-28, at 12:37 AM, Jeffrey Walton <noloader at gmail.com> wrote:

> On Wed, Mar 27, 2013 at 11:37 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:

>> ... In the other cases, the phones did have a passcode lock, but
>> with 10000 possible four digit codes it takes about 40 minutes to run
>> through all given how Apple has calibrated PBKDF2 on these (4 trials per
>> second).

> Does rooting and Jailbreaking invalidate evidence collection?

That is the kind of thing that would have to be settled by case law, I don't
know if evidence gathered this way has ever been been offered as evidence in
trial. (Note that a lot can be used against a suspect during an investigation
without ever having to be presented as evidence at trail.)

> Do hardware manufacturers and OS vendors have alternate methods? For
> example, what if LE wanted/needed iOS 4's hardware key?

You seem to be talking about a single iOS 4 hardware key. But each device
has its own. We don't know if Apple actually has retained copies of that.

> I suspect Apple has the methods/processes to provide it.

I have no more evidence than you do, but my guess is that they don't, for
the simple reason that if they did that fact would leak out. Secret
conspiracies (and that's what it would take) grow less plausible
as a function of the number of people who have to be in on it.
(Furthermore I suspect that implausibility rises super-linearly with
the number of people in on a conspiracy.)

> I think there's much more to it than a simple brute force.

We know that those brute force techniques exist (there are several vendors
of "forensic" recovery tools), and we've got very good reasons to believe
that only a small portion of users go beyond the default 4 digit passcode.
In case of LEAs, they can easily hold on to the phones for the 20 minutes
(on average) it takes to brute force them.

So I don't see why you suspect that there is some other way that only
Apple (or other relevant vendor) and the police know about.

Cheers,

-j


More information about the cryptography mailing list