Apple only included their non-proprietary information in the recently approved iOS (correct way to use this acronym, Cisco owns the IOS acronym) CoreCrypto Kernel Module security policy. Even so, I want to believe the encryption requires two secret keys, one
Apple has tied to the hardware and the other is only known by the user.
Starting on page 15, the policy document talks about crypto keys. IF Apple had a master crypto key that bypassed the user key, that could be a problem, however, I welcome input from people using the Good Technology MDM system asking if Good has their own
master key or at least a group admin key that would do the same thing people are saying Apple does. The FIPS certification is only for Apple's CoreCrypto, not the cryptographic module Good uses but there might be some similarity.
Of course, I doubt you'll find any public documentation discussing this from Apple because it would definitely be proprietary information that all of us ADC member don't stand a chance ever seeing.
As for forensics software, I'm sure they're just performing brute force attacks on the hardware. Of course we could always ask Timothy McGee to try hacking into an iPhone. He should have access to all the keys.
--if you have to ask who Tim is, you aren't watching the right TV shows. :)
wrote:
On May 10, 2013, at 2:50 PM, "Villano, Paul A CIV USARMY TRADOC (US)" <
email@hidden> wrote:
Wasn't
this bypassing thing all over the news a while back, that you could bypass the lock screen because of emergency call setups or something?
No, that's a programming error, what this thread is referring to is Apple's ability to bypass the lock screen (I assume by Apple's people only) in some other way.
I say *duh* to the whole thing. Apple has the keys (quite literally), so why wouldn't they able to do this?
--
Joel
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
email@hidden