back to article Apple will throw forensics cops off the iPhone Lightning port every hour

Apple isn't backing down from a move to lock down the iPhone’s data port to increase security for users, even though it means thwarting some of the password-cracking tools used by forensics experts. In the latest beta versions of iOS, Apple includes a feature called USB Restricted Mode, which disables the data connection of …

  1. msknight Silver badge

    Tim Cook...

    Playing a brave game, or a dangerous one? Answers on an encrypted post card to....

    1. karlkarl Bronze badge

      Re: Tim Cook...

      Nope, they are just playing a childish one.

      "I want to be in control mummy!!!"

      Oh well. I am hoping this kind of behavior will help create new laws against locking down shitty hardware in the future.

      1. Joe Gurman

        Re: Tim Cook...

        Rather decent hardware, actually, and it's the FBI and local police departments who are throwing the hissy fits. Despite all the bad-mouthing here, Americans actually do have civil liberties, one of which has repeatedly been defined by the courts as privacy.

        1. Anonymous Coward
          Anonymous Coward

          Re: Tim Cook...

          >Americans actually do have civil liberties, one of which has repeatedly been defined by the courts as privacy.

          Americans only have civil liberties for Americans, if you're not American you don't have any in their view.

          1. eldakka Silver badge

            Re: Tim Cook...

            Americans only have civil liberties for Americans, if you're not American you don't have any in their view.

            That is legally incorrect, although that might be the view of most Americans, it is not the caselaw.

            1. Alan Brown Silver badge

              Re: Tim Cook...

              "That is legally incorrect"

              Perhaps, but it's the de-facto state of things.

        2. Anonymous Coward
          Anonymous Coward

          Re: Tim Cook...

          Americans actually do have civil liberties, one of which has repeatedly been defined by the courts as privacy.

          So why's GDPR such a worry to US data slurpers?

  2. hplasm Silver badge
    Pint

    Kudos!

    I must tip my hat to Apple, for Atomic Level awkwardness security-mindedness!!

    1. Stu Mac

      Re: Kudos!

      Totally gets my support!! mass surveillance is a sop to targeting the minorities who are really of concern. IMHO fork them up as much as you like but leave me TF alone.

  3. frank ly Silver badge

    Just wondering

    "Since cracking the six-digit passcode may take up to 22 hours (or longer for a passphrase), then brute-force methods used by the cracking tools are likely to cease to work."

    Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts? Or did they and the hackers have found a way to bypass it?

    1. msknight Silver badge

      Re: Just wondering

      There may possibly be a way around this. If the phone gets its time signal from the network, simply put it next to a stingray and feed it the same time and date. Might work... depending on how they are counting the hour duration.

      1. Waseem Alkurdi Silver badge

        Re: Just wondering

        You could also "hack" the RTC chip (theoretically).

        Another attack is done using NAND flashing - in which the chip is backed-up at zero passcode attempts, then the iPhone is bruteforced until it gets locked out, at which the NAND is restored ... Sort of like savestates in an emulator.

        1. detuur

          Re: Just wondering

          I can't imagine that the RTC or NAND being relied on by the Secure Enclave Processor would be vulnerable to external hardware attacks. They are most likely part of the same die as the processor which means it's impossible to access them directly.

    2. DougS Silver badge

      Re: Just wondering

      It isn't clear how Cellbrite et al's PIN finder works, though presumably Apple got their hands on one at some point so you would think they should have been able to fix whatever they were doing to brute force the passcodes.

      This fix is more elegant though, since 99% of the time you haven't entered your password within the last hour even if the cops get your phone while it is unlocked (or force to finger/face unlock it) the USB port will be disabled.

      I have to think that the FBI is going to have a hissy fit about this - but they're going to play it coy and wait for a headline terrorist incident or school shooting investigation that is hampered by this before they do to try again to get the public on their side like they failed to do with San Bernadino.

    3. Anonymous Coward
      Anonymous Coward

      Re: Just wondering

      The whole point of these devices is that do exploit a "hole" in the security and they do get around the 10 tries - and most users probably don't have the nuclear delete option turned on anyway.

      1. DougS Silver badge

        Re: Just wondering

        You don't have to turn on the 'nuclear' option, just use a password instead of a passcode. They wouldn't even try to brute force that, it would take forever.

      2. Anonymous Coward
        Anonymous Coward

        Re: Onanism

        > most users probably don't have the nuclear delete option turned on anyway

        Most users store and back up everything on iCloud, which is easily subpoenaed.

        https://www.linkedin.com/pulse/how-when-apple-discloses-your-data-law-enforcement-matt-washchuk/

    4. eldakka Silver badge

      Re: Just wondering

      @frank ly

      Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts? Or did they and the hackers have found a way to bypass it?

      I think that "found a way to bypass it" is implicit in this sentence from the article:

      An analysis was undertaken by Malwarebytes in March that suggested it took advantage of undisclosed flaws in iOS.

  4. R 11

    Poor DJs. If only there was a technology that could safely allow the output of audio data to speakers and which doesn't require two-way exchange of data exposing the inner workings of the phone?

    1. Dave 126 Silver badge

      In this context the iPhone is usually a control device - iPhones have always had MIDI baked in.

    2. Waseem Alkurdi Silver badge

      You mean the 3.5mm headphone jack?

      1. graeme leggett

        Or the Line Out on the 30pin connector.

    3. Sgt_Oddball Silver badge
      Headmaster

      Bluetooth then?

      1. Dave 126 Silver badge

        So there's three of you who think that DJs use audio out from an iPhone instead of balanced output from a FireWire/Thunderbolt soundcard? Okaaaay

        Some DJs will use an iPhone as an XY control surface (ersatz Kaos Pad) in conjunction with with other devices. Some will even take advantage of its gyros and accelerometers. Either way, its just a control device.

        1. R 11

          I think you misunderstand. A professional DJ can likely afford a dedicated device. Indeed if they're smart, that's exactly what they'd do in case some app gone rogue destroys their set.

          The amateur DJs, be they playing music for themselves, their friends, or another small gathering probably don't have a separate balanced output system. They have an iDevice and speakers.

          1. Inspector71
            Trollface

            A "real" professional DJ drops the needle on those SL-1200 MkII's.

            1. DougS Silver badge

              Yes, but those using the classic SL1200s (ah, I remember them well from my club DJ days...) will have time coded 12" 45 rpm records for when they want to use a digital source, whether that's off an iDevice, computer, or what have you. Very very few DJs are still 100% analog.

              1. Inspector71

                Agreed but nostalgia apart, there is/was a greater sense of theatre with a box of 12's, a pair of SL-1200s and working the crossfader on an SH-DJ1200. I was a very poor amateur but when you saw DJ Shadow or Z-Trip or DJ Hype do a vinyl set live (as I have several times over the years) it was some experience.

                It's all too perfect today where you can fade in the breakdown to the thousandth of a millisecond and you can pretty much pre program your set. Even the old school DJs who have embraced the digital age still have a little xtra something to my mind as a lot of them still use it in an analog way with all the imperfections that implies.

                I know, I know, rose-tinted.

                1. DougS Silver badge

                  Ah well I knew the days of being good with the turntables were numbered when a friend who ran a mobile DJ company showed me his latest toy - a Numark board that had two CD players with pitch control and a "mix" button. It was only a matter of time before the million monkeys took over all but the priciest venues because few patrons can tell a live performance from a computerized or pre-staged one - they might notice a blown mix but 1) not realize it means the DJ is performing live and 2) prefer the "perfect" pre-staged one anyway.

                  I never liked re-using the same mixes very often unless they were really something, so I was always doing something different. I'd make cassette recordings for people for $20 for whatever I happened to play during that 90 minutes. It was always fun to listen to the next day, since I was usually so drunk by the time things got really hopping I couldn't remember what I'd played. I learned some of my favorite mix combinations listening to what I'd drunkenly come up with the night before :)

                  1. Inspector71
                    Coat

                    Doug S

                    Then came Traktor and then you didn’t even need hardware. Nowadays you literally can “phone in” a set.

                    Mine’s the one with a pair of Sennheiser HD25s in the pocket.

                    1. DougS Silver badge

                      Yep, it got easier and easier as technology continued to progress. I downloaded a DJ app for my iPhone a while back intending to fool around and see what it can do but never got around to it. Maybe this weekend I'll check it out now that its top of mind again.

                      The ironic thing is that while I correctly assessed that being a skilled DJ would matter much less when computers could do the job for you, I totally missed that a small number of DJs would be able to make millions of dollars a year in the future. Not that it would have helped me had I chosen that as a career path - it isn't about skill it is about star power. Unless Paris Hilton really is such an amazing DJ that she's worth $300,000 for a night's work!

                      1. Inspector71

                        It's less DJing now and more live "producing" now that you can essentailly have a complete recording studio on your MacBook. Layering not just effects but actual instruments over the tracks and then doing the mixdown live as you go. Be it automated or manually tweaking it with a controller. The next step is no doubt going to be an AI DJ. (shudders)

                        In the end the real skill of a DJ is not being able to put together a seamless mix or knowing where exactly to place the drop or being able to scratch 3 decks at once, it's simply about choosing good music to create a mood as it always has been. Be it in a hip club at 2.00am or your cousin's wedding.

                        Right I'm off to Discogs....

        2. jaywin

          So there's three of you who think that DJs use audio out from an iPhone instead of balanced output from a FireWire/Thunderbolt soundcard? Okaaaay

          And here's another, except in my case I've worked with world class DJs and plugged up the 3.5mm jack to phono cable into the mixer for them. Besides, using a balanced out when going into an unbalanced input on a DJ mixer is a bit pointless dontyathink?

    4. DougS Silver badge

      Lightning isn't USB

      It can act as USB, but it can also act as Lightning. That is, disabling the USB functionality doesn't have to disable the Lightning functionality, so any sort of digital audio Lightning connection wouldn't be impacted by this change.

  5. Anonymous Coward
    Anonymous Coward

    Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

    Because the tool works by replacing a JLE with a NOP - so you can't count failed attempts.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

      Would that prevent the option of incrementally increasing the delay between incorrect password attempts?

      1. Milton Silver badge

        Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

        I still think there is nothing better than a 10—12-character alphasymbonumeric passcode. The Adversary can try a million times a second for half a billion years and see where it gets him.

        I won't rehearse the passwords again because I've said it here before. To summarise:

        • Make up something ridiculous, non-dictionary and memorable because you can say it—like "sq8-Ed2ph01e" (squat-ed-to-foal)

        • Make up a nemonic if you need to, e.g. a short fat guy called Ed having a baby horse: hard to forget that image once you've pictured it

        • The Adversary has 12 random (to him) characters, each from among about 70 possibilities if you include upper/lower alpha, numeric and a few symbols

        • That's 13,841,287,201,000,000,000,000 combinations

        • To go through half of those at 1 million/sec would take just under 439 million years

        I agree the system should introduce progressive latency after X failed attempts, but even if it doesn't, you can easily create a passcode which is (a) unbruteforceable and (b) resistant to errors by Apple and weaknesses in its hardware.

        And Reg: FFS get a less hopelessly incompetent Captcha system.

        1. Charles 9 Silver badge

          Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

          Now repeat it over and over and you start asking, "Now was it correcthorsebatterystaple or donkeyenginepaperclipwrong?" Even with mnemonics you can get mixed up, especially if you start mixing up mnemonics.

          1. Tikimon Silver badge
            Thumb Up

            Easy good passwords, here I go again...

            Apologies if you've seen me bang on about this before. I figure every time it's new to a few more people. It just WORKS! My most clueless users do this with no problem.

            Start with a sentence you can remember. SAY IT to yourself silently, and type every first or second letter (depends on length). Capitalize the first letter, add punctuation at the end. This method means it's not necessary to actually remember the password itself! There's no need to remember which letters were changed to what. It's stupid easy.

            Example: "What we've got here is failure to communicate" (Cool Hand Luke) becomes

            "Whwegoheisfatoco..."

            There are no numbers and limited symbols. However it's a random string of letters that real people can actually remember and use. If there's an easier way to remember random-ish passwords, please share!

            1. Lee D Silver badge

              Re: Easy good passwords, here I go again...

              Quite.

              Choose a password that isn't brute-forceable. You then never have to worry about someone brute-forcing it, or changing it either (it's now considered BAD advice to enforce regular password changes on users ).

              To paraphrase the XKCD that we all know, after 20 years of effort we've trained everybody to use passwords that are easy for computers to guess and difficult for people to remember.

              The only thing that matters in a password in length. That's it. Not even complexity. A long a-z-only password beats out a short, complex password basically EVERY TIME, sometimes by factors of millions or billions.

              M to the power of N is much more heavily influenced by N (the number of characters in the password) than by M (the number of possibilities for each character). You don't need to get far out of stupid-password territory (8-10 characters or so) for it to always be true, even if someone decides to use the entire Unicode space as possible characters.

              And if you have a password that's not brute-forceable, you don't have to worry about someone attacking your number of password attempts per second (whether time-outs are incorporated or not) past the fact that they would DoS you in even trying a million combinations a second.

              Seriously, stop it and use real passwords. And avoid services that refuse to let you use longer passwords (HSBC banking stops at 12 characters, I believe) and/or which enforce ridiculous character sets on you (Apple iTunes accounts are terrible for this).

              1. mark l 2 Silver badge

                Re: Easy good passwords, here I go again...

                A long password with an uncommon symbols such as µ or » make it super secure as most brute forcers only tries common symbols available on the keyboard plus numbers and letter so would never crack it even if it were left running for 100s of years.

                1. doublelayer Silver badge

                  Re: Easy good passwords, here I go again...

                  Technically true, but usually it won't work. Most systems will disallow things other than plain ASCII. Unicode and in some cases extended ASCII is out. In fact, there was one system I had to use that blocked a password using the question mark (?) symbol. Actually, it sent the password in but chopped out the question mark first, such that the original password would not work but the one with the mark excised would. Great job there. Rather than allowing a system to get confused, I tend to go for length plus a few punctuation marks; that way, nobody can just brute force the alphabet to get it.

                  1. TechnicalBen Silver badge

                    Re: Easy good passwords, here I go again...

                    I also had experience with a system that accepted numerical characters in some fields (user name and surname) when they had a typo... but of cause refused them in the login field. I was only paid to answer the phone... so my efforts to fix that obviously broken system were to transfer the call.

                2. Mr. Flibble

                  Re: Easy good passwords, here I go again...

                  Which is fine unless you have to use foreign keyboards regularly, and then it becomes a bloody nightmare.....

              2. Anonymous Coward
                Anonymous Coward

                Re: Easy good passwords, here I go again...

                Not quite correct, if the password is alphanumeric and an actual word or combination of words, dictionary based attacks drastically shorten the time to "guess". If a single word length is possibly even a negative as the number of words at a given length reduces past beyond about 8 letters. Combinations of words are harder but still have the drawback of being drawn from a very limited subset of the possible combinations of words.

                Using first letters of words from phrases also has weaknesses as the letters are drawn from typically a very limited subset of possible combinations. If the pass phrase is long enough this may be mitigated, but only truly random combinations require random searches and are subject to the combination rules.

                And of course "truly random" combinations are very much harder to remember.

                Just FWIW

                1. eldakka Silver badge

                  Re: Easy good passwords, here I go again...

                  > Combinations of words are harder but still have the drawback of being drawn from a very limited subset of the possible combinations of words.

                  If using words in a password, each word is the equivalent of a single character in a random character password. But that actually expands the set of characters when compared to an ASCII character set at least. Below is a copy-paste of a post I wrote a few weeks ago about using dictionary words, note that it was based on using 5 words (not just 1) as a password. I will preface it by saying that I think it is not practical to use, as while theoretically the set is quite large, what's the chances anyone would use the long words (say 6+ characters) in their combination of words? But in theory:

                  The Oxford English Dictionary has ~171,000 'active' words in it (it has an additional 41k obsolete words and some other types).

                  So, a 5 word phrase would have complexity of 171000^5, or a complexity of:

                  146,211,169,851,000,000,000,000,000

                  And this assumes that every letter is typed in in the same case, no mixed case.

                  A 10-character password using the printable characters usually found on an English-based QWERTY keyboard is, umm, roughly 49 keys, each with 2 characters, for 98 combinations.

                  So it'd be 98^10 which is a complexity of:

                  81,707,280,688,754,689,024

                  Which is significantly less complex than 5 random words.

                  You'd need a difficult to remember password of 14 random characters to exceed the difficulty of an easier to remember 5 random words password.

                  Of course, you may be able to increase the set of characters above 98 by using a larger UTF character set.

                  But then, you could increase the set of words by including non-english words, or using techniques others have discussed like misspellings, mixed case, replacing alphabetic characters with other characters, and so on.

                  Spanish has around 88k words, depending on how you count them (some sources say there are many more), German, again depending on how you count the words and which sources you use, has at the low end about 140,000, and another 100k or more for french.

                  So if we add those 4 dictionaries (English, Spanish, French and German) we've increased our word set to 469k, so:

                  469000^5 =

                  22,691,552,673,349,000,000,000,000,000 combinations.

                2. fidodogbreath Silver badge

                  Re: Easy good passwords, here I go again...

                  Using first letters of words from phrases also has weaknesses as the letters are drawn from typically a very limited subset of possible combinations.

                  Assuming, of course, that the attacker knows you have used this method.

                  What you describe is correct for a specific known password mnemonic method. However, an attacker typically has no way to determine which method the user might have employed to create the mnemonic. Or, in fact, that the user even employed such a method at all.

                3. Michael Wojcik Silver badge

                  Re: Easy good passwords, here I go again...

                  if the password is alphanumeric and an actual word or combination of words, dictionary based attacks drastically shorten the time to "guess" [blah blah blah]

                  Sigh.

                  Arguments like this are just handwaving without some actual statistics, or at least back-of-the-envelope approximations.

                  A recent version of the aspell US English dictionary contains around 204800 words. Using an xkcd-style four-word phrase (which gives a passphrase on the order of 20 characters, quite easy to type reliably for many users; I routinely use passphrases twice that long) gives about 70 bits of entropy. That's assuming words are chosen with equal distribution from the list; it assumes nothing about, say, the per-symbol entropy of English.

                  Note it also assumes the passphrase contains no spacing, punctuation, or non-letter symbols, except the ones that appear in the aspell US-English dictionary (things like apostrophe and hyphen). Those can easily be added by the user in a meaningful fashion, increasing the entropy. It also assumes monocase, or a case-insensitive verification mechanism; if the system is case-sensitive, we can use mixed case as well.

                  What's 70 bits of entropy worth? Compare it with a random (equal distribution) password drawn from mixed-case English letters, numerals, and a dozen non-alphanumerics. That's 64 symbols, or 6 bits of entropy per symbol. So 70 bits of entropy for the passphrase is just shy of a 12-character password using this scheme.

                  If you can make a million attempts per millisecond, brute-forcing a 70-bits-of-entropy passphrase takes a little under 19 thousand years, on average.

                  The trick with xkcd-style bag-of-words passwords is to generate a number of unbiased phrases from the dictionary, then pick one you can remember by visualization, "newspaper headline" interpretation, or whatever. The relatively low per-symbol and per-word entropy of natural language really doesn't matter when it comes to resistance to brute forcing, once the phrase gets to be even a few words long. Models only do well against plausible natural-language phrases.

                  There's a commonplace among infosec folks that xkcd-style passphrases are not particularly strong. Schneier subscribes to it in this post, for example, talking about the password-cracking bake-off Ars Technica hosted back in 2013. But it's not the scheme itself that's broken. The weakness comes from weak use of it - from users choosing words from too small a dictionary,1 or creating passphrases that are too small.

                  (Also, the Ars piece only worked with one attack mode - cracking a corpus of unsalted MD5 hashes. While Schneier generalizes that to "password crackers know to combine words from their dictionaries", even with smarter candidate generation, stronger key-derivation functions such as Argon2 are going to slow brute-forcing tremendously.)

                  Even then, terms like "broken", "weakness", and "too small" are misleading. Absolutes are always inaccurate when discussing security. What we need to talk about is the risk (probable loss) under a threat model. My probable loss for someone brute-forcing my Reg password is very low - I don't have much at risk here, under my threat model. And the probability of someone brute-forcing it is relatively low, because most attackers have little incentive to do so. So my password only has to be strong enough against brute-forcing to lower that risk to a point that I'm comfortable with.

                  1Generally that means "user has a larger dictionary, but only chooses familiar words, and has a relatively small working vocabulary in the first place". For a random-word-phrase scheme, the user's "dictionary" is the set of words they're willing (with high probability) to use.

            2. Doctor Syntax Silver badge

              Re: Easy good passwords, here I go again...

              "What we've got here is failure to communicate"

              Or was it "a failure"? or did I expand "we've" to "we have"? So many things to remember...

            3. Allan George Dyer Silver badge
              Black Helicopters

              Re: Easy good passwords, here I go again...

              @Tikimon - "it's a random string of letters"

              Wrong!

              "Start with a sentence you can remember."

              This isn't a random start to the process, the following steps are deterministic, so the output is not random. Meaningful sentences in any language will have some statistical pattern to the initial letters. Worse, a memorable sentence is likely to be a quote, so the password crackers will drop a dictionary of quotations into their process if this becomes popular.

              So, if you are using this scheme, the last thing you want is for everyone else to be using the same scheme... Therefore, you aren't using this, and you're a spook who has worked out how to crack this easily, hey, are those black helicopet//

            4. Steve the Cynic

              Re: Easy good passwords, here I go again...

              However it's a random string of letters that real people can actually remember and use

              Real people who can spell.

              Those are becoming rarer these days.

              1. fidodogbreath Silver badge

                Re: Easy good passwords, here I go again...

                Real people who can spell.

                In the case of choosing an unguessable password, poor spelling might be an advantage. The root words do not have to be spelled correctly, they just have to be reproducible for the user.

            5. Michael Wojcik Silver badge

              Re: Easy good passwords, here I go again...

              If there's an easier way to remember random-ish passwords, please share!

              Use passphrases rather than passwords. Cognitively-normal humans are very good at remembering quite long sequences of meaningful natural-language expressions.

              That said, all of this stuff - generation and mnemonic techniques for passwords and passphrases - has been studied and discussed extensively for decades. There's a huge corpus of literature about it, and I'd be shocked if anyone posts anything novel on the subject here. Anyone actually interested in the subject would be better off doing a bit of research (try this new-fangled "world wide web" thing) than bullshitting about it on Reg forums.

              Of course, bullshitting on the forums is usually more a socialization activity than any attempt at serious inquiry. Where that's the case, carry on by all means.

          2. Jonathan Richards 1
            Go

            Mixed mnemonics!

            Ha! As the years advance, I have adopted a mnemonic I'm never going to forget: it's for the password ErR,'avI'ad-me-d1nner_y3t?

          3. Michael Wojcik Silver badge

            Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

            Even with mnemonics you can get mixed up

            Certainly, the user can get mixed up. Whether that's a significant risk depends quite a lot on the user in question and the scheme being employed. To reject passphrase mnemonics in general because a few schemes don't work for a few users is pure foolishness.

            Security is always about the economics of risk. If a given user can employ a passphrase + mnemonic that greatly reduces the possibility of brute-forcing1 while only slightly increasing2 the possibility of forgetting the credentials, that's a net gain for defenders.

            On the other hand, compressing and mapping sufficiently-long passphrases simply to use a larger alphabet, as suggested by the OP, generally isn't worthwhile. You can get sufficient entropy with normal natural language use, even given the low per-symbol entropy of readable text. The exceptions are crap authentication systems with too-tight restrictions on passphrase length and character set, and crap authentication systems that require a large alphabet rather than estimating entropy. In the latter case, though, it's still usually possible to use readable text rather than compress-and-map tricks.

            1And possibly of other attacks, depending on the verification mechanism, resources available to the attacker, etc.

            2Or not increasing at all, since there's ample evidence to show that in general people are better at remembering mnemonic schemes than they are at remembering even short random sequences. That's why they call them "mnemonic".

        2. badger31

          Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

          @milton - Oh hell, no! That's a shitty password; impossible to remember and a pain in the arse to use. I'd rather take my chances with pa55word~

        3. Omgwtfbbqtime Silver badge

          Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

          I think i would stick with !d0ggggggggg as my 12 digit password or something similar.

          Easier to remember without writting it down and still a random target for the hacker to find.

        4. R 11

          Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

          • Make up something ridiculous, non-dictionary and memorable because you can say it—like "sq8-Ed2ph01e" (squat-ed-to-foal)

          How the hell did you know my password?

    2. karlkarl Bronze badge

      Re: Why didn't they operate a 1 hour lock-out after five (or whatever) failed attempts?

      How did they patch the binary at that level? Surely they could just keep on patching and NOP out the entire password check? ;)

      1. Anonymous Coward
        Anonymous Coward

        Re: Surely they could just keep on patching and NOP

        because you need the password to unlock the main memory - it's used to generate a unique key.

  6. Doctor Syntax Silver badge

    Apple isn't backing down from a move to lock down the iPhone’s data port to increase security for users, even though it means thwarting some of the password-cracking tools used by forensics experts.

    "Even though" doesn't seem quite the way to express it.

    1. Jellied Eel Silver badge

      Break my pancreas!

      Ok, not mine. But there have been some nifty applications using an iPhone, a continuous glucose monitor and an insulin pump to automate some of the rigmarole T1 diabetics have to go through. Which means not having to wake up regularly to check glucose levels & correct with insulin doese to avoid hypos and death. Which allows them to get a decent night's sleep and avoid inconvenient things like hypos and comas. If you google 'Artificial Pancreas', there are quite a few examples, including using USB as a safety/security feature to prevent WiFi problems.

      So presumably apps like that will also stop working.. Unless app devs grease the Apple and pay to licence a feature that allows them to bypass the proprietary port locking..

      1. fidodogbreath Silver badge

        Re: Break my pancreas!

        So presumably apps like that will also stop working.. Unless app devs grease the Apple and pay to licence a feature that allows them to bypass the proprietary port locking

        Or they could just turn it off in the settings app.

  7. Anonymous Coward
    Anonymous Coward

    Don't worry about the DJ's...

    No serious DJ's are using any iOS devices in their live setup.

    Most are using MacBook Pros for the I/O ports, larger screens, greater storage capacity, and processing power to run a variety of software and hardware controllers.

    It's also pretty rare to find a decent controller that is compatible, and when most clubs have a controller that any laptop can be connected to, it would be stupid to use iOS devices, because they'd have to lug around their controller to all their gigs.

    1. Dave 126 Silver badge

      Re: Don't worry about the DJ's...

      Nobody uses just iDevices, but they are common as part of a setup. They're not typically used to output audio though - there are external DACs with a variety of balanced outputs for that, usually from the MacBook as you say. The low latency and compatibility with legacy standards (eg wireless MIDI) make iPads good control surfaces. A multi-touch screen offers a better UI for some applications (eg a virtual mixing desk) than a MacBook does.

      DJs use a variety of gear, some just using two turntables and a cross-fader, others using time-stamped vinyl to control digital music, others a Kaos pad or other XY pad to apply effects in real time.

    2. Rob Fisher

      Re: Don't worry about the DJ's...

      Not everyone is serious. At one point I was looking at a controller that controlled the Djay app, because it works with Spotify. There is a whole class of such cobtrollers. Audio comes from the iPad and the controller talks to the iPad via USB. Not sure how this affects it.

  8. Jason Bloomberg Silver badge

    Does not compute

    "Law enforcement and security teams are unlikely to be the only people affected. iPhone peripherals have industrial and medical uses - and DJs had better not wander too far from the decks"

    Surely any owner who wants to allow an ongoing data connection will simply disable the 'disconnect after an hour' function?

    That may be an inconvenience but not much of a problem. Apple could even arrange for a pop-up to remind users that they will be disconnected if they don't change settings whenever they connect to hardware which desires a persistent connection.

    1. Geekpride

      Re: Does not compute

      Yep. I was going to say the same thing. This seems to provide extra security for those who want it (law enforcement aren't the only ones who might want to try cracking into a phone) with the option to disable it for those who'd find it inconvenient. Seems like a good feature to me.

  9. Anonymous Coward
    Anonymous Coward

    Apple CarPlay

    So how would this affect Apple CarPlay? Would be a bit annoying if you had to pull over every hour to re-enter your lock code to keep using Spotify or Apple Maps

    1. D@v3

      Re: Apple CarPlay

      Fortunately, there is already an option that says "Allow CarPlay while locked"

    2. NordieBoy

      Re: Apple CarPlay

      From the article...

      The "USB restricted mode" appeared in the iOS 11.4.1 and iOS 12 betas in which it is turned on by default – but it can be manually turned off in settings.

  10. Tikimon Silver badge
    Facepalm

    If cops had their way...

    If our current cops had been around in the past, they would be complaining about people putting locks on their doors and demanding Master Keys to bypass them. Also demanding that houses be built with spy ports in the walls (which only the cops would use, hehehe) because people use curtains and shutters on their windows.

    The US Constitution was deliberately written to protect us from that kind of intrusion, and the cops/spooks are determined to ignore and destroy those rights. Gosh, I wonder why nobody likes or trusts the government anymore?

    1. Charles 9 Silver badge

      Re: If cops had their way...

      Thing is, there's no electronic equivalent of a battering ram.

      1. Gene Cash Silver badge

        Re: If cops had their way...

        Sure there are... they just go by the name of "hoarded zero-days" instead of battering rams.

      2. Cyril

        Re: If cops had their way...

        Er.... Brute force password cracking?

    2. Anonymous Coward
      Anonymous Coward

      Re: If cops had their way...

      >The US Constitution was deliberately written to protect us from that kind of intrusion, and the cops/spooks are determined to ignore and destroy those rights

      Maybe learn from the Declaration of Independence:

      "deriving their just powers from the consent of the governed, That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government"

      After all, that's why y'all have so many guns

  11. Gene Cash Silver badge

    I don't like Apple

    But I do enjoy the two fingers they're giving the FBI...

    We need an "enjoying the popcorn" icon.

  12. pɹɐʍoɔ snoɯʎuouɐ
    Boffin

    Wait for the AI...

    No matter what scheme you come up with now for devising passwords at some point will be crackable.

    Ultimately, the cracking of passwords comes down to the N vs NP problem. for those who may not be aware of the N vs NP problem, It asks if a problem whose solution can be quickly verified can also be solved quickly. At the moment, it cant. There is still a prize available of $1M for anyone who can solve the problem. I suspect the prize for anyone who does crack it could be worth a lot more as it will essentially break every password.

    Current computing can only break passwords by bruit force, but with the rise of quantum computers, neural network and AI I am sure that there is be someone working on N vs NP.

    As for cracking passwords made up from the first two letters of a quote or saying with added punctuation, it wouldn't be too hard to scrape all the movie quotes from imdb, then do a list of just the first two letters of the quotes then use that as a word list with a combo of punctuation. So, you will need to use a more complex series of punctuation marks to be "safe" if you use a move quote.

    passwords alone are not safe*, you need two factor and I bet in the future that's going to be three factor.

    * safe is relative, for a web forum, a password will do you fine, but online banking needs 2 factor ....at least

    boffin, because it wont be for long !!

    1. Michael Wojcik Silver badge

      Re: Wait for the AI...

      No matter what scheme you come up with now for devising passwords at some point will be crackable.

      Handwaving bullshit. A completely untestable and thus vapid claim.

      Ultimately, the cracking of passwords comes down to the N vs NP problem.

      Your argument might be a little more persuasive if you knew that the name of this problem is "P versus NP", not "N versus NP". But probably not, so I wouldn't worry about it too much.

      Your (corrected) claim is common, but it's also wrong. Even if P=NP (very unlikely), there are still functions with asymmetric effort, where both F and F-bar (its inverse) are in P but F-bar has a worse polynomial growth rate.

      for those who may not be aware of the N vs NP problem, It asks if a problem whose solution can be quickly verified can also be solved quickly.

      No, it really doesn't. The P-versus-NP problem asks whether a particular (isomorphic) class of functions that are poly-time verifiable also have a poly-time solution. Polynomial time is not necessarily "quick".1

      Even with large-scale general quantum computing and problems that are also in BQP, functions of this sort generally only get a square-root improvement on running time. So you double the length of the "hash".

      It's true that passwords are terrible authenticators, under pretty much any metric other than ease of implementation and familiarity. And passphrases really aren't that much better. And yes, multiple authenticators (preferably weighted N-of-M authentication, not the sort of half-assed 2FA or 1.5FA we typically see) looks like the only viable direction to go, given the current IT landscape. But trying to derive those conclusions from P-vs-NP is cargo-cult analysis.

      1Matt Scala had a good example of this once: he derived and proved an algorithm, for an actual problem he was working on, which had a best-case polynomial time with a huge exponent. It's in P, but completely unusable for non-degenerate cases.

  13. fedoraman
    Coat

    5-dollar wrench

    What? Is no-one going to post it?

    Allow me to be the first, then.

    https://xkcd.com/538/

    1. Doctor Syntax Silver badge

      Re: 5-dollar wrench

      Doesn't work if: suspect is dead cf San Bernadino, have phone but suspect has escaped, want to unlock phone without suspect knowing etc.

      1. Charles 9 Silver badge

        Re: 5-dollar wrench

        Or if the suspect is a masochist (likes getting hit) or a wimp (faints at the sight of it, too easy to intimidate). Couple this with being a loner (no family or friends to threaten) and you have basically no way in.

  14. JeffyPoooh Silver badge
    Pint

    Oh goodie...

    "...disables the data connection of the iPhone’s Lightning port after a given time, while allowing it to continue to charge the device."

    You know the aftermarket $2-each eBay Lightning charging cables with the stolen DRM key that has since been revoked by Apple for the sole purpose of imposing their tax. Presumably they'd need a "data connection" to check the Key (which is data) in the DRM chip embedded into the Lightning charging cable.

    So does this mean that those unlicensed Lightning charging cables would start to actually work again after not working for an hour?

    1. doublelayer Silver badge

      Re: Oh goodie...

      Probably not. The phone will refuse to send any data or accept input from the connection, but it can still read the chip. Even if it does use the same bus, I don't think you can put something on the USB end to get it to trust the cable, because the chip is read directly. So the cables will most likely remain broken.

  15. Tom Kelsall

    Just me who thinks that, if your investigation hinges on the evidence contained in a phone you can't unlock, then you don't have enough OTHER evidence? Surely there need to be two or more pieces of independently verifiable corroborative evidence to conclusively prove a crime "beyond reasonable doubt"? In that case, why do the FBI and/or (fukda) polis so desperately need this?

    1. Claptrap314 Bronze badge

      While the public focus has been on criminal convictions, there are at least two other major uses for this data. 1) To stop a crime in progress. That is, to reveal the location of stolen goods or kidnapped individuals. 2) To disrupt criminal organizations. The utility of this information can be tremendous.

      The utility of having an effective privacy right against the government by the citizens is several orders of magnitude greater, however.

      1. Michael Wojcik Silver badge

        The utility of this information can be tremendous.

        The utility of having an effective privacy right against the government by the citizens is several orders of magnitude greater, however.

        Well said. Some time back I saw a presentation by a US ADA about the use of phone data in a number of actual investigations, including what was gathered and what permission (warrant, subpoena, nothing) was required to get it. The focus on cases like San Bernardino doesn't do a good job of representing the whole picture.

        In a civil society there's always a complex trade-off between civil rights and law enforcement. Reasonable people will disagree on what that trade-off should be. Personally, I favor strong privacy rights, but I don't believe that position is prima facie correct.

    2. Anonymous Coward Silver badge
      Facepalm

      By your own argument... "Surely there need to be two or more pieces of..." if they already other evidence then the phone could well be the bit that they use to corroborate it.

    3. Anonymous Coward
      Anonymous Coward

      "...OTHER evidence?"

      Nope. You may commit any crime, and then simply grind your phone to dust and you'll never be convicted. ;-)

      My evil plan is to steal a used & full vacuum cleaner bag from the local shopping mall's janitor. I'll sprinkle its contents across my crime scene, to give the forensic investigators something to do.

  16. JohnFen Silver badge

    Apple does more good

    At this rate, I might actually be persuaded, some day, to use Apple devices. It's hard to get over the whole walled garden thing, though.

    1. fidodogbreath Silver badge

      Re: Apple does more good

      It's hard to get over the whole walled garden thing, though.

      Honestly, it's not the BFD that people make it out to be. I got very tired of the wild wild west of the Play Store: relentless permission creep, apps able to use other methods (such as view wifi networks) to geolocate me after I'd turned off location services, "no permission" apps that could download and execute malicious payloads, etc. And, of course, Google's own relentless slurp. It made me weary, and I don't miss it at all.

  17. Dwarf Silver badge

    Does this mean ...

    That all backups, music sync and other operations that use the lightning port must complete within an hour too ?

    Could be a problem for backups, restores of content to new phones etc.

    1. Anonymous Coward
      Anonymous Coward

      Re: Does this mean ...

      To be fair though, given the data transfer speeds now, there would have to be something seriously wrong to take close to an hour to transfer 250 Gb of data via a lightening port.

      I've only done this with a 128 Gb device and that takes say 10 minutes or so. Downloading from an iCloud backup across a slow wifi network could do it I guess. Would just take the input of the pass code to continue.

      It might be a minor inconvenience if you know the passcode - it's really aimed at people who don't know that code but who are trying to find it out.

    2. gnasher729 Silver badge

      Re: Does this mean ...

      Depends on what is actually implemented.

      The idea is that if the police / some criminals take away your locked phone, then they can't unlock it using some hardware connected through USB after an hour. So they'd have to be quite quick.

      When you do a backup, your phone isn't locked. Since the whole reason is to stop miscreants from unlocking your phone, there is no need for any measures when your phone is already unlocked.

      1. doublelayer Silver badge

        Re: Does this mean ...

        My solution to this problem, while slightly less secure, is to cut off data transfer an hour after it stopped already. Therefore, anything that you started with proper access goes to completion just fine, and an hour after that, the lock goes into effect. This also means that someone who has a device they want to continue to have access can do that because the connection remains live and has to die for an hour before the lock engages. This does mean that if there was a data transfer less than an hour before the police try to get into the device, then their device can brute force all it likes because the transfer can't be interrupted. However, given the relative rarity of people actually using hardware data transfer with phones, this probably isn't a big deal. Also, under this system, I'd probably reduce the time to about ten minutes.

  18. Aquatyger

    Aiding and Abetting

    I wonder what would happen to Apple's policy if their executives were hauled before the courts for aiding and abetting criminal and terrorist activities.

    1. Doctor Syntax Silver badge

      Re: Aiding and Abetting

      "I wonder what would happen to Apple's policy if their executives were hauled before the courts for aiding and abetting criminal and terrorist activities."

      That would require going to court to prove that such activities did actually depend on the phones being lockable. The risk would be failure to prove that to a court's satisfaction, blowing up all the PTB's arguments in their face. That's a risk they're unlikely to take.

    2. Argus Tuft

      Re: Aiding and Abetting

      No problem with them doing that so long as the same logic applies to the exec's of, say, Colt, Browning etc. Hell even Ford (for the getaway car), and Yale (for the locks on their safe house)

      For some reason, IT seems to have a higher standard-of-responsibility for end user actions.

      1. Jeffrey Nonken Silver badge

        Re: Aiding and Abetting

        The government would have to arrest themselves. After all, they're the ones maintaining the roads used for the getaway.

    3. DougS Silver badge

      Re: Aiding and Abetting

      Let me guess, you're one of those "if you have nothing to hide" idiots who has no problem giving away your freedom if it makes you a little less fearful of all the Bad Guys you're scared are out to get you?

      Not sure why this change would be "aiding and abetting terrorists" but making iMessage use encryption or allowing people to put a password on their GMail account isn't - those also make the FBI's job more difficult...

    4. JohnFen Silver badge

      Re: Aiding and Abetting

      That might be a worry if Apple was aiding and abetting, but this action is nothing even remotely close to that.

    5. Claptrap314 Bronze badge

      Re: Aiding and Abetting

      I hate Apple & their **** walled garden. I hate their aggressive liberal politics. I hate their marketing shtick.

      And I would go ape if they were so charged.

      There are real limits to how much bs a government can pull before the citizens reach their limit. Such a stunt would cross mine.

  19. DMcDonnell

    Instant lockout

    Instant lockout:

    The 1 hour delay might be Apple's idea of a good default but I would like to see the option of having instant lockout.. When the phone is locked then the ports are locked at the same instant.

    1. DougS Silver badge

      Re: Instant lockout

      That would make it kind of hard to connect to a computer, since the phone is going to go to sleep (and lock) after a minute or two.

      The one hour delay isn't a problem because it starts from the time you last unlocked your phone with a password. It has been at least a couple days since I last unlocked my X (supposedly you need to unlock with a password every 48 hours to re-enable Touch ID / Face ID, but I find it sometimes goes longer so I'm not sure exactly how this works)

      That means if the FBI broke down my door right now, and grabbed it out of my hands just after I had picked up my phone and unlocked it with my face, even if they had a Cellbrite machine with them and plugged it in immediately it wouldn't work. They'd have to get lucky and raid me within an hour of the time I last typed in the password, and then only have the remaining part of that hour left. i.e. I unlocked it with a password 45 minutes ago, they have 15 minutes to try to brute force my password. And good luck to them, because it is a password not a passcode so the Cellbrite won't work for them anyway!

  20. Anonymous Coward
    Anonymous Coward

    how about ?

    hardware limiting the data rate for password/pin entry ?

    It would require the security portal to be separate from your bulk data, with countermeasures to avoid simply bypassing it, but if its only even looking at 2 to 5 entries per second then brute-forcing loses its brute-yness without affecting manual entry.

    Personally I think this should be a requirement for all password checks.

  21. cutterman

    Most dictionary attacks use English, so just use an obscure language - like Finnish or Maltese.

    Anyone for Marsaxloxx?

    Mac

  22. Claverhouse Bronze badge

    ...a debate about whether Apple should install backdoors for forensics teams to access data on iPhone quickly –in this case, specifically on the iPhone of the shooter, who killed 14 people in the attack. A judge decreed it should, but Apple CEO Tim Cook refused, with the firm saying the nation's "founders would be appalled".

    I have no respect at all for the dreary old wankers who founded that country, but I really, really doubt that.

    Goes double for Abraham Lincoln.

  23. John Robson Silver badge

    Just needs an option for certain peripherals to be explicit trusted

    So you can go an 'trust' your car, or your headphone adaptor, or your hdmi adaptor or whatever...

    Because otherwise it will be turned off more than it will be turned on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019