880
Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops
(www.404media.co)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 09 Nov 2024
880 points (98.1% liked)
Technology
59340 readers
1411 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Why does rebooting it improve the safety or security of the phone?
When you first boot up a device, most data on that device is encrypted. This is the Before First Unlock (BFU) state. In order to access any of that data, someone must enter the passcode. The Secure Enclave uses it to recreate the decryption keys that allow the device to access that encrypted data. Biometrics like Face ID and Touch ID won’t work: they can’t be used to recreate the encryption keys.
Once you unlock the device by entering the passcode the device generates the encryption keys and uses them to access the data. It keeps those keys in memory. If it didn’t, you’d have to enter your passcode over and over again in order to keep using your device. This is After First Unlock (AFU) state.
When you’re in AFU state and you lock your device, it doesn’t throw away the encryption keys. It just doesn’t permit you to access your device. This is when you can use biometrics to unlock it.
In some jurisdictions a judge can legally force someone to enter biometrics, but can’t force them give up their passcode. This legal distinction in the USA is that giving a passcode is “testimonial” because it requires giving over the contents of your mind, and forcing suspects to do that is not legal in the USA. Biometrics aren’t testimonial, and so someone can be forced to use them, similar to how arrested people are forced to give fingerprints.
Of course, in practical terms this is a meaningless distinction because both biometrics and a passcode can grant access to nearly all data on a device. So one interesting thing about BFU vs AFU is that BFU makes this legal hair-splitting moot: biometrics don’t work in BFU state.
But that’s not what the 404 Media articles are about. It’s more about the forensic tools that can sometimes extract data even from a locked device. A device in AFU state has lots of opportunities for attack compared to BFU. The encryption keys exist, some data is already decrypted in memory, the lightning port is active, it will connect to Wi-Fi networks, and so on. This constitutes a lot of attack surface that hackers could potentially exploit to pull data off the device. In BFU state, there’s very little data available and almost no attack surface. Automatically returning a device to BFU state improves resistance to hacking.
Fun fact: in Australia we don't have a bill of rights of any kind, so the cops can just force you to reveal your passwords. The maximum penalty for refusing is 2 years imprisonment.
Umm I forgot.
what!
wtf
Honestly, as an american, I could live with watered down rights if it meant a more representative government
Once rebooted, you need to enter your PIN to unlock the phone (and the SIM as well). Before that it is not possible to unlock the phone with biometric credentials (face ID or fingerprint).
As far as I'm aware, police can force you to hand over your biometric credentials (they can hold the phone to your face to unlock it when you have face ID enabled, or can move your finger to the fingerprint sensor). But they can't force you to reveal the PIN number.
"federal court decided that police officers can make you unlock your phone, even by physically forcing you to press your thumb against it."
Yep: but they can't force you to give them the password because of 5th Amendment protections from self-incrimination.
And even if they did have the right to tell you to give them the password, they don't have access if you simply refuse to cooperate. They can get your fingerprints, face ID, or retina scan by force. They cannot extract information from your brain.
BTW: Lots if phones also have a "lockout mode" that can be enabled that will give you the option to lock it down to password-only without turning it off. It can be good for recording police interactions, because it will continue to record them while they can't access the contents of the phone if they swipe it from you.
What about amputating the hand?
Yeah but that would imply they are bringing the phones to the person multiple times to use their face/finger, or they are keeping the phone active so it never locks, unless they are actively changing the settings to never lock somehow. Seems like an easier fix to just require you to enter your pin to change your lock setting to indefinitely.
Side note: the last time I was arrested the officer asked me if I wanted to reboot my phone or turn it off before handing it over so I knew they weren't going to go through it. Was surprised
The more full reason is that the device is still encrypted prior to first unlock and is harder to extract any information from. As to what you said about police requiring you to enter your PIN, they can't. You can't be forced to reveal your passwords/PINs but they can legally force you to unlock biometrics (fingerprint/face ID)
I never said they could require you to enter a pin, my words are often a jumble. I was saying cops actually asked me if I wanted to restart or shut down my phone so I had peace of mind that they wouldn't go through it.
I don't know how the procedere would be executed, but I imagine that police could have the phone present during an interrogation and try to nlock it there (possibly by making you to look at the phone to unlock it, if the phone has been set up to unlock this way). Once unlocked, it would be sufficient to have a peek into the camera roll or messages, until the phone locks again. I don't know about the law, but I can imagine that if a police officer had a look into your phone, even briefly, it may be held against the one who is being interrogated.
BFU (before first unlock) vs AFU (After first unlock)
Basically encrypted vs decrypted
As I understand it, even though after Reboot the OS looks like its in about the same state with the wallpaper and same password to unlock, the fact that it hasn't been unlocked yet means that certain attacks don't work as well. I don't know why specifically. I think it's because the attack may still work but doesn't reveal any sensitive data because it's just the ROM, wallpaper, sim, etc.
Most likely after rebooting but before unlocking the decryption key is not present in memory in plaintext.