Apple has consistently earned top marks for its privacy and data security policies. That said, since the San Bernardino shooting, which left 14 dead and 22 seriously injured, the company's privacy-first approach has been experiencing a sort of baptism by fire. Much debate has arisen around the encryption on San Bernardino shooter Syed Rizwan Farook's iPhone 5C. Shortly after the shooting, the iCloud password associated with Farook's phone was reset by a law enforcement officer attempting to gather information.
The snafu purportedly eliminated the opportunity for any information on the phone to auto backup onto the cloud when the device was used on a recognized Wi-Fi network. This information could have then been retrieved. According to ABC News, the last time Farook's phone had been backed up was Oct. 19, 2015 -- a month and a half before the attack. Apple provided the FBI with the iCloud backups prior to Oct. 19. But the government wanted access to the phone, at least partially to discern if Farook had any terrorist ties.
And, to get to it, the FBI asked Apple to reverse a feature that erases an iPhone's data after 10 failed attempts to unlock it. If Apple did so, the government could use software to guess Farook's passcode. The FBI argued its reset of Farook's password should not prevent Apple from honoring this request. And, last week, a federal court ordered Apple to develop a custom iOS so the FBI could gain access to the phone. Apple is refusing to comply with the court order. CEO Tim Cook said in an open letter to Apple customers.
Consumer awareness around privacy and encryption has gained traction, following Edward Snowden's revelations regarding the scope of government surveillance practices at the National Security Agency. Still, the public's response to Apple's current plight remains divided. To create an iOS or any other kind of backdoor into a personal device creates moral hazard.
The potato chip theory applies to law enforcement and the erosion of the constitutional rights guaranteed to all U.S. One potato chip leads to another, and it's hard to stop eating them. In the same way, one legal mulligan leads to another. There has to be a point in the evolution of consumer privacy (or its disintegration) where we can no longer lower our standards as fast as our situation is deteriorating. When it comes to our privacy we really have to stand firm -- and Tim Cook is doing that.
Executive Director of the Privacy and Big Data Institute at Ryerson University Ann Cavoukian long ago coined the phrase "Privacy by Design" to describe what's starting to happen in the U.S. Her theory was that consumers will start shopping for the best deals on their privacy -- the less personal information required by a potential service or product, the more appealing it will be to the consumer.
Of course, an iTunes backup is also a great source of data, but with TAR, you get… well, almost everything except the keychain. Is it possible to perform “true” physical acquisition for iOS devices, and create a DMG image of the device storage, You can forget about it since Apple started using 64-bit processors and Secure Enclave (iPhone 5S to iPhone X).
You are now limited to the TAR archive, which, in fact, has almost everything you need. Unallocated space cannot be decrypted anyway. So what will GreyKey do once the passcode is recovered, They either exploit some CVE vulnerabilities to gain root privileges or operate right from the custom firmware, and save a TAR file containing the image (or, rather, a copy) of the file system. What will ElcomSoft do, We won’t break the passcode, yet we can still use a lockdown record to extract some information from a locked iPhone.
But what if you do know the passcode, or what if there is no passcode at all, If this is the case, we (Elcomsoft iOS Forensic Toolkit) will make a TAR image of the file system; the very same TAR image as one can obtain with GreyKey. However, our tool requires you to manually jailbreak the iPhone before the extraction.
0 Comments