Ever since Apple refused demands by the FBI to unlock an iPhone used by a murderous terrorist in December 2015, there’s been a struggle between the company and its pledge to protect the privacy information of its customers and law enforcement, which wants access to information on suspects’ phones.
Part of Apple’s effort is to make encryption of the data on iPhones the default setting. This has made it more difficult for police agencies to access the data of criminal suspects, but that’s not the same as impossible.
Since 2015 Apple has worked to make data on its devices even more inaccessible. Meanwhile companies such as Cellebrite and Grayshift have developed devices that allow agencies to overcome those limitations, which in turn allows agencies to gain access to iPhones when they really need to.
Now, Apple is upping the ante by limiting how law enforcement can unlock an iPhone. Here’s what’s going on:
Apple’s devices have long had the ability to be locked with a PIN. Initially these were four-digits long, but they’ve been extended to allow six digits. In an effort to prevent PIN-guessing, Apple’s software also watches how fast the numbers are pressed during an unlock attempt. Too fast, and the unlock won’t work even if the numbers are correct. This is to defeat mechanical number-guessing.
But it turns out that the iPhone (and presumably the iPad as well) can have PIN numbers injected directly via the Lightening Port by a computer running an unlock routine that repeatedly tries one combination after another. Cellebrite and Grayshift are two companies that make the devices that can access a locked iPhone in this way.
Now, with Apple’s new release of iOS 12 that’s due out shortly, it look like this will become more difficult. The company has confirmed to the New York Times and other media sources that it is including a feature that turns off access via the Lightening Port for any use besides charging after an hour. This means that if it’s been an hour or less since the iPhone was unlocked, then access via the Lightening Port will work. After an hour, it won’t.
When this feature of iOS 12 was revealed, law enforcement agencies expressed concern that this investigative tool will soon be unavailable. Since then, they’ve calmed down.
The reason for the sudden calm isn’t clear, but a number of reports indicate that Grayshift has found a solution that will allow its GrayKey device to continue to unlock iPhones. While Grayshift has not responded to eWEEK’s request to discuss its operations, and for reasons that remain obscure has been unwilling to reveal its secrets to the media, there’s every likelihood that the company has known that Apple would take countermeasures and has planned accordingly.
For that matter, so has Cellebrite, the Israeli security company that helped the FBI unlock an iPhone used by the perpetrator in terror attack in the San Bernardino in which 14 people died and 22 others seriously injured. Cellebrite is still advertising that it has the ability to perform forensics on a number of platforms, including the iPhone.
There’s no doubt that either of those companies was prepared to respond to any changes Apple made to iPhones or iOS that made it harder to break into. To do anything less would be irresponsible in the minds of their customers, including government agencies and police authorities that depend on the ability to thward the security features to today’s mobile devices.
Exactly what the next steps by these companies are taking is impossible to say. They are, after all, making it a point not to tell Apple. They’re also certainly mandating non-disclosure agreements with their customers that might leak such information. The rest of their customers are already keeping secrets far greater than how to unlock an iPhone, so it’s certain they’re not going to leak anything.
If I had to speculate, I’d guess that since the Lightening Port turns off after an hour, they may tinker with the clock if they get the phone soon enough that it hasn’t timed out or the battery died. Or perhaps they’ve fond a way to change the setting of the Lightening Port accessories switch that comes with iOS 12.
But what seems more likely is another approach entirely. Perhaps that step includes opening the case of the phone, and attaching leads upstream of the Lightening Port, and intercepting the data stream beyond the point at which the port enters the picture.
Or it could be another approach that I haven’t imagined. What matters is that there’s apparently a method of getting law enforcement what they need, if they’re willing to pay for it.
But all of this ignores the question of how to get legitimate access to a device when the circumstances demand it. The San Bernardino attack wasn’t really such a critical emergency need. After all, as horrific as the attack may have been, the attackers were already dead when the FBI got ahold of the iPhone they wanted to unlock. That particular set of terrorists weren’t going to kill anyone else, no matter how long it took or whether the effort was successful.
But suppose the circumstances were different. Suppose the lives of tens, or perhaps hundreds, of people hung in the balance? Suppose law enforcement knew that a specific phone held critical information that could prevent a terrorist attack? That’s a different problem and it’s one that both law enforcement and phone makers, notably Apple, need to examine.
I would not want to be Tim Cook, or whoever heads Apple at the time when refusal to enable access to a smartphone resulted in the deaths of hundreds of innocent people. Imagine if access to encrypted data in a device obtained by law enforcement could prevent carnage on the scale of the 911 attacks, if only if the device maker provided a legal emergency means to unlock it.
