**ᏤⵁŁ₮ƦⵁИł€** @[email protected] · Jun 23, 2021, 15:45

**ᏤⵁŁ₮ƦⵁИł€** @[email protected] · Jun 23, 2021, 15:45

ᏤⵁŁ₮ƦⵁИł€ @[email protected]

Jun 23, 2021, 15:45

iPhone spyware lets police log suspects' passcodes when cracking doesn't work
https://www.nbcnews.com/tech/security/iphone-spyware-lets-cops-log-suspects-passcodes-when-cracking-doesn-n1209296

#cososec

**John** @[email protected] · Jun 23, 2021, 17:16

**John** @[email protected] · Jun 23, 2021, 17:16

Jun 23, 2021, 17:16

John @[email protected]

@voltronic Okay now that I've actually read the article I'm even *more* baffled on how this could be effective against a reasonably-secured OS. This isn't just pulling data off of a cache, but also requires actually installing software on the phone without user authentication. That shouldn't be possible, period.

**sjvn** @[email protected] · Jun 23, 2021, 17:24

**sjvn** @[email protected] · Jun 23, 2021, 17:24

Jun 23, 2021, 17:24

sjvn @[email protected]

@john_b @voltronic Oh this kind of thing works. It's an ancient technique. It's just another way of brute-forcing a password. But, it will fail if your device is properly secured with 2-factor authentication or other methods. Fortunately for cops, most people haven't a clue when it comes to security.

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 17:35

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 17:35

Jun 23, 2021, 17:35

⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙ @[email protected]

@sjvn @john_b @voltronic

Hold up: first, an iPhone will go into infinite lockout after a sufficient number of failed passcode attempts.

Second, you simply cannot install software onto an iPhone that you can't unlock.

Tell me how this "works" in light of these facts, because I can't see it.

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 17:37

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 17:37

Jun 23, 2021, 17:37

⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙ @[email protected]

@sjvn @john_b @voltronic

https://www.tomsguide.com/how-to/what-to-do-when-your-iphone-is-disabled

**ᏤⵁŁ₮ƦⵁИł€** @[email protected] · Jun 23, 2021, 17:39

**ᏤⵁŁ₮ƦⵁИł€** @[email protected] · Jun 23, 2021, 17:39

Jun 23, 2021, 17:39

ᏤⵁŁ₮ƦⵁИł€ @[email protected]

@mcfate
That matches with everything I've read, but somehow these Graykey boxes are getting keyloggers onto locked iPhones.

@sjvn @john_b

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 17:40

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 17:40

Jun 23, 2021, 17:40

⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙ @[email protected]

@voltronic @sjvn @john_b

Do you actually have evidence of that happening, aside from anecdotes that basically emanate from Graykey?

Me, I don't think most cops have a clue when it comes to computer security.

**sjvn** @[email protected] · Jun 23, 2021, 20:24

**sjvn** @[email protected] · Jun 23, 2021, 20:24

Jun 23, 2021, 20:24

sjvn @[email protected]

@mcfate @voltronic @john_b Cops usually don't have a clue, but security companies do. I've seen a Graykey box in operation. It's kludgy and it takes forever, but I've seen it eventually get there twice. I've also seen it fail as many times.

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 20:25

**⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙** @[email protected] · Jun 23, 2021, 20:25

Jun 23, 2021, 20:25

⚙ 𝕄ᶜ₃𝔽₃𝕒₇𝕥₁𝕖 ⚙ @[email protected]

@sjvn @voltronic @john_b

See, that's where I'm thinking this is at. I'd bet its overall success-to-failure ratio is minuscule, and certainly far out of proportion for what people pay for this thing.

**sjvn** @[email protected] · Jun 23, 2021, 20:27

**sjvn** @[email protected] · Jun 23, 2021, 20:27

Jun 23, 2021, 20:27

sjvn @[email protected]

@mcfate @voltronic @john_b I don't know what it's selling for currently, but it was in kissing distance of five figures when they were showing it off at law enforcement security shows.