Menu
Apple moves to hinder law enforcement’s favourite phone cracking tools

Apple moves to hinder law enforcement’s favourite phone cracking tools

Will cut off communication through the USB port when the phone has not been unlocked in the past hour

Apple will change its iPhone settings to undercut the most popular means for law enforcement to break into the devices.

The company has said it is aiming to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique.

The privacy standard-bearer of the tech industry said it will change default settings in the iPhone operating system to cut off communication through the USB port when the phone has not been unlocked in the past hour.

That port is how machines made by forensic companies GrayShift, Cellebrite and others connect and get around the security provisions that limit how many password guesses can be made before the device freezes them out or erases data. Now they will be unable to run code on the devices after the hour is up.

These companies have marketed their machines to law enforcement in multiple countries this year, offering the machines themselves for thousands of dollars but also per-phone pricing as low as US$50.

Apple representatives said the change in settings will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under US law. They also noted that criminals, spies and unscrupulous people often use the same techniques. Even some of the methods most prized by intelligence agencies have been leaked on the internet.

“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said in a prepared statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs."

Apple began working on the USB issue before learning it was a favorite of law enforcement.

The setting switch had been documented in beta versions of iOS 11.4.1 and iOS12, and Apple has said it will be made permanent in a forthcoming general release.

Apple said that after it learned of the techniques, it reviewed the iPhone operating system code and improved security. It decided to simply alter the setting, a cruder way of preventing most of the potential access by unfriendly parties.

With the changes, police or hackers will typically have an hour or less to get a phone to a cracking machine. That could cut access by as much as 90 per cent, security researchers estimated.

This also could spur sales of cracking devices, as law enforcement looks to get more forensic machines closer to where seizures occur. Undoubtedly, researchers and police vendors will find new ways to break into phones, and Apple will then look to patch those vulnerabilities.

The setting change could also draw criticism from US law enforcement officials who have been engaged in an on-again, off-again campaign for legislation or other ways to force technology companies to maintain access to users’ communications.

Apple has been the most prominent opponent of those demands. In 2016, it went to court to fight an order that it break into an iPhone 5c used by a killer in San Bernardino.

Then-FBI Director James Comey told Congress that without compelling Apple to write new software to facilitate the digital break-in, there would be no way to learn if the shooter’s device contained evidence of a conspiracy. The FBI ultimately found a contractor that broke into the phone without Apple's cooperation.

Apple and most private security experts argue that government contractors and others can usually find means of cracking devices. They also say that weakening encryption by design would lead to more hacking by those outside of government.

Until recently, current FBI Director Christopher Wray repeatedly claimed that the Bureau had been unable to get into more than 7,000 phones in 2017. Last month, the Washington Post reported that the true number was less than a third as high. The FBI blamed "programing errors."

(Reporting by Joseph Menn; Editing by Greg Mitchell and David Gregorio)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags AppleiPhone

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments