iPhone spyware lets police log suspects' passcodes when cracking doesn't work
https://www.nbcnews.com/tech/security/iphone-spyware-lets-cops-log-suspects-passcodes-when-cracking-doesn-n1209296
@voltronic Okay now that I've actually read the article I'm even *more* baffled on how this could be effective against a reasonably-secured OS. This isn't just pulling data off of a cache, but also requires actually installing software on the phone without user authentication. That shouldn't be possible, period.
@john_b @voltronic Oh this kind of thing works. It's an ancient technique. It's just another way of brute-forcing a password. But, it will fail if your device is properly secured with 2-factor authentication or other methods. Fortunately for cops, most people haven't a clue when it comes to security.
Hold up: first, an iPhone will go into infinite lockout after a sufficient number of failed passcode attempts.
Second, you simply cannot install software onto an iPhone that you can't unlock.
Tell me how this "works" in light of these facts, because I can't see it.
Well, if I just search for "sasquatch" or "adrenochrome vampires" or "antigravity", I can find "quite a few articles stating this is a thing".
The fact is that either GreyKey seems to be full of shit, or Apple is full of shit, and I saw plenty of permanently-disabled devices when I was repairing them.
@mcfate @voltronic @john_b Cops usually don't have a clue, but security companies do. I've seen a Graykey box in operation. It's kludgy and it takes forever, but I've seen it eventually get there twice. I've also seen it fail as many times.
See, that's where I'm thinking this is at. I'd bet its overall success-to-failure ratio is minuscule, and certainly far out of proportion for what people pay for this thing.
@mcfate @voltronic @john_b I don't know what it's selling for currently, but it was in kissing distance of five figures when they were showing it off at law enforcement security shows.
I feel confident it's at least 80% a scam.
@mcfate @voltronic @john_b NO bet. I know several police departments, usually the ones with someone who had a security clue, who declined to buy it.
@voltronic @sjvn @john_b
Do you actually have evidence of that happening, aside from anecdotes that basically emanate from Graykey?
Me, I don't think most cops have a clue when it comes to computer security.