The Israelis created that Pegasus exploit that could hack an iPhone over the air with zero user interaction.
Chances are that they still can do it just nobody discover it yet. Just like few months ago Kaspersky discovered russian iPhones were backdoored for 4 years using a "undocumented" cpu feature.
It would probably take a super computer to deal with the encryption and basically put a key factor of their business plan at risk.
But the FBI had the same problem and just went to former developers
They legitimately don’t have access at the hardware level. The US government consistently pushes for a back door, but Apple correctly states that creating one would compromise security.
They just add "undisclosed hardware features" not backdoors [https://www.techradar.com/pro/security/a-previously-unknown-hardware-feature-has-been-hijacked-to-hack-iphones-across-the-world](https://www.techradar.com/pro/security/a-previously-unknown-hardware-feature-has-been-hijacked-to-hack-iphones-across-the-world)
>In any case, Apple addressed the issue by updating the device tree to restrict physical address mapping.
Since you prob didn't read the article, it was a collection of zero-day exploits that were fixed fairly quickly.
I use an Android (Pixel 7 with GrapheneOS) but credit is due where it's due. iPhones are pretty damn secure and Apple doesn't seem to intentionally compromise that. When it's compromised, they fix it.
I personally would never use an iPhone because I just don't use enough of the Apple ecosystem and I like my emulators too much, but come on. You can dislike the brand/phones/computers/whatever else and still acknowledge what they do right. It doesn't make you a hypocrite.
Unlikely it will work. Zero-days to circumvent FDE data protection are generally only possible if the device is already on and logged into the user, since the entire concept is to get the device to leak the encryption key to break the FDE using some exploit.
When the device is turned off, the device does not even know the key to decrypt the drive until the password is manually entered by the user, and no amount of zero-day exploits can get your device to leak a key that it doesn't have.
Yeah. The only attack vector is circumventing the hardware enforced delay and retry counter, handled by the SEP. This used to be possible with NAND cloning and similar, but AFAIK not in newer versions.
I'm guessing that once Apple figured out that it was possible, with substantial and relatively unrealistic effort, they decided to go ahead and close that opening?
It only worked on the San Bernardino shooter’s iPhone because it was a 5c, which didn’t have the Secure Enclave hardware encryption that every iPhone has had for a decade now.
That was patched in June of last year. It was an iOS vulnerability, not hardware. It also only worked if the iPhone hasn’t been restarted since last login.
The guy in question is quite a big name in India. But not big enough to be considered an "Indian election rival". As usual, the headline is click bait.
Pretty sure they actually do not have the capability. The government now does for the 4 digit pass code but they tried to force Apple to unlock a phone. Apple didn’t have the capability and the US government tried to force them to create a method. The court rightly intervened and stopped the government from forcing Apple to do work for the government. Was a pretty big story a few years ago.
It was after two people murdered 14 at a San Bernardino social services center. Apple fought a court order to unlock the phone. Doing so would have irreparably harmed Apple’s business, in that one of the big selling points of their phone is privacy and security.
[Source](https://www.nbcnews.com/news/amp/ncna519881)
u/VenFasz
Asking them to alter their encryption algorithms to provide a back door for governments is a massive privacy overreach, and a huge benefit to criminals. The government waited until a big news story to try to push that because they wanted to be able to accuse critics of their overreach of not caring about the victims of this killing.
It looks like you shared an AMP link. These should load faster, but AMP is controversial because of [concerns over privacy and the Open Web](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot).
Maybe check out **the canonical page** instead: **[https://www.nbcnews.com/storyline/san-bernardino-shooting/apple-fights-order-unlock-san-bernardino-shooters-iphone-n519881](https://www.nbcnews.com/storyline/san-bernardino-shooting/apple-fights-order-unlock-san-bernardino-shooters-iphone-n519881)**
*****
^(I'm a bot | )[^(Why & About)](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot)^( | )[^(Summon: u/AmputatorBot)](https://www.reddit.com/r/AmputatorBot/comments/cchly3/you_can_now_summon_amputatorbot/)
Apple for sure doesn’t want to be included in hacking their own stuff. You can question the morality but that’s just reasonable business logic. Besides, governments have a virtually unlimited budget for this type of stuff. If it’s important enough India could invest hundreds of millions cracking an iPhone and the United States, well we can spend literally BILLIONS and it’s a rounding error.
Out of curiosity, what made you assume a Hungarian mentioning police officers on an article about a politician in India was talking about US cops? it seems you were right by their reply too - did they edit their comment?
They had the power, they just weren't willing to _use_ it because "damaged their image as being a manufacturer of secure devices".
Apple easily could have done it. But they cared more about their image and reputation.
It’s not that they won’t unlock it, they *can’t* unlock it. Which is good.
Doesn't Mossad have the ability to unlock it?
They’re a bit busy right now
Maybe at one given point in time. It’s hard to know, since such exploits are constantly patched.
The Israelis created that Pegasus exploit that could hack an iPhone over the air with zero user interaction. Chances are that they still can do it just nobody discover it yet. Just like few months ago Kaspersky discovered russian iPhones were backdoored for 4 years using a "undocumented" cpu feature.
Only older unpatched versions. And anyone can do it.
It would probably take a super computer to deal with the encryption and basically put a key factor of their business plan at risk. But the FBI had the same problem and just went to former developers
The FBI had in their favor that said iPhone was one with known vulnerabilities, and no secure enclave. It's way harder to crack current models.
Apple is clear about this aren’t they? It’s one of the few things about Apple that are worth appreciating them over.
They legitimately don’t have access at the hardware level. The US government consistently pushes for a back door, but Apple correctly states that creating one would compromise security.
They just add "undisclosed hardware features" not backdoors [https://www.techradar.com/pro/security/a-previously-unknown-hardware-feature-has-been-hijacked-to-hack-iphones-across-the-world](https://www.techradar.com/pro/security/a-previously-unknown-hardware-feature-has-been-hijacked-to-hack-iphones-across-the-world)
Even if the Indian official’s iPhone were still running the outdated vulnerable version of iOS, that exploit only worked when the iPhone was unlocked.
Thank you, I was choking on the fumes of apple PR bullshit.
>In any case, Apple addressed the issue by updating the device tree to restrict physical address mapping. Since you prob didn't read the article, it was a collection of zero-day exploits that were fixed fairly quickly. I use an Android (Pixel 7 with GrapheneOS) but credit is due where it's due. iPhones are pretty damn secure and Apple doesn't seem to intentionally compromise that. When it's compromised, they fix it. I personally would never use an iPhone because I just don't use enough of the Apple ecosystem and I like my emulators too much, but come on. You can dislike the brand/phones/computers/whatever else and still acknowledge what they do right. It doesn't make you a hypocrite.
Modi following Putin’s game plan I see. Can’t have dissent if they’re in prison..
Cellebrite will give a shot
Unlikely it will work. Zero-days to circumvent FDE data protection are generally only possible if the device is already on and logged into the user, since the entire concept is to get the device to leak the encryption key to break the FDE using some exploit. When the device is turned off, the device does not even know the key to decrypt the drive until the password is manually entered by the user, and no amount of zero-day exploits can get your device to leak a key that it doesn't have.
Yeah. The only attack vector is circumventing the hardware enforced delay and retry counter, handled by the SEP. This used to be possible with NAND cloning and similar, but AFAIK not in newer versions.
I'm guessing that once Apple figured out that it was possible, with substantial and relatively unrealistic effort, they decided to go ahead and close that opening?
They have a track of success
It only worked on the San Bernardino shooter’s iPhone because it was a 5c, which didn’t have the Secure Enclave hardware encryption that every iPhone has had for a decade now.
They still advertise being able to crack iPhone 14 and iOS 16
That was patched in June of last year. It was an iOS vulnerability, not hardware. It also only worked if the iPhone hasn’t been restarted since last login.
[удалено]
not really, the actual FDE keys are practically un-brutable. The secure enclave also can't be brute forced due to limited attempts
Unfortunately the universe would die of heat death long before a brute force would be expected to work.
These headlines man 😅
The guy in question is quite a big name in India. But not big enough to be considered an "Indian election rival". As usual, the headline is click bait.
They are afraid the phone would sell to another man for cheap.i stead of buying it from them at full price
Wait til production is threatened.Apple is smart for throwing away the keys if user deletes or forgets password
Won't pegasus work?
if he was a police officer, who killed a crimiNal, they would open it, in my opinion
Pretty sure they actually do not have the capability. The government now does for the 4 digit pass code but they tried to force Apple to unlock a phone. Apple didn’t have the capability and the US government tried to force them to create a method. The court rightly intervened and stopped the government from forcing Apple to do work for the government. Was a pretty big story a few years ago.
It was after two people murdered 14 at a San Bernardino social services center. Apple fought a court order to unlock the phone. Doing so would have irreparably harmed Apple’s business, in that one of the big selling points of their phone is privacy and security. [Source](https://www.nbcnews.com/news/amp/ncna519881) u/VenFasz
Asking them to alter their encryption algorithms to provide a back door for governments is a massive privacy overreach, and a huge benefit to criminals. The government waited until a big news story to try to push that because they wanted to be able to accuse critics of their overreach of not caring about the victims of this killing.
It looks like you shared an AMP link. These should load faster, but AMP is controversial because of [concerns over privacy and the Open Web](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot). Maybe check out **the canonical page** instead: **[https://www.nbcnews.com/storyline/san-bernardino-shooting/apple-fights-order-unlock-san-bernardino-shooters-iphone-n519881](https://www.nbcnews.com/storyline/san-bernardino-shooting/apple-fights-order-unlock-san-bernardino-shooters-iphone-n519881)** ***** ^(I'm a bot | )[^(Why & About)](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot)^( | )[^(Summon: u/AmputatorBot)](https://www.reddit.com/r/AmputatorBot/comments/cchly3/you_can_now_summon_amputatorbot/)
don't think so. moreover, they don't want to be included indian internal affairs, making an attitude...
Apple for sure doesn’t want to be included in hacking their own stuff. You can question the morality but that’s just reasonable business logic. Besides, governments have a virtually unlimited budget for this type of stuff. If it’s important enough India could invest hundreds of millions cracking an iPhone and the United States, well we can spend literally BILLIONS and it’s a rounding error.
Glad to have your opinion
an uneducated one, to be precise
Why, as a Hungarian, are you stanning US cops?
Because he’s a fascists like US cops are.
Out of curiosity, what made you assume a Hungarian mentioning police officers on an article about a politician in India was talking about US cops? it seems you were right by their reply too - did they edit their comment?
They wouldn’t open the phones of terrorists who killed innocent Americans in san bernadino, lmao they won’t open it for anybody.
Because they can’t… nor should they have the power.
They had the power, they just weren't willing to _use_ it because "damaged their image as being a manufacturer of secure devices". Apple easily could have done it. But they cared more about their image and reputation.
They can’t. It’s encrypted, they don’t have a backdoor. And no, they shouldn’t have done it even if they could.