Apple Closing Loophole That Lets Authorities Hack iPhones

Since Apple’s publicized showdown with the FBI following the San Bernardino shooting in 2015, after the company refused to unlock a suspected killer’s iPhone, law enforcement agencies have been turning to third parties in order to access information from iPhones. Now Apple has indicated an upcoming software update, designed to enhance security, will block access to an iPhone’s Lightning port one hour after it is locked. Some authorities believe the update also impacts their ability to access phone data in criminal investigations, which could reignite the privacy debate that followed San Bernardino.

“Apple said it was planning an iPhone software update that would effectively disable the phone’s charging and data port — the opening where users plug in headphones, power cables and adapters — an hour after the phone is locked,” reports The New York Times. “While a phone can still be charged, a person would first need to enter the phone’s password to transfer data to or from the device using the port.”

apple_iphone_7

Law enforcement officials have been connecting devices with special software to the same port on suspects’ iPhones in order to transfer data important to their cases. This method can still work “days or even months after the smartphone was last unlocked.”

For example, the Indiana State Police spent $15,000 on such a device from a company called Grayshift, and with warrants, used it to unlock 96 iPhones this year. Authorities can use the GrayKey device to unlock an iPhone or they could send the handset to a company such as Cellebrite, which will unlock the phone for several thousand dollars.

While these methods may be effective for law enforcement and government agencies, privacy advocates fear what would happen if such technology gets out to the public.

“The encryption on smartphones applies only to data stored solely on the phone,” notes NYT. “Companies like Apple and Google regularly give law enforcement officials access to the data that consumers back up on their servers, such as via Apple’s iCloud service.”

Apple contends that the update is not meant to slow the efforts of law enforcement. “We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” the company explained in a statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”

According to The Washington Post, “the FBI has been criticized for understating its ability to break into encrypted devices. In March, an inspector general for the Justice Department found that federal law enforcement officials ‘did not pursue all possible avenues’ to break into the iPhone of the San Bernardino attacker.”

Related:
Meet Apple’s Security Headache: The GrayKey, a Startup’s iPhone-Hacking Box, The Wall Street Journal, 6/14/18