Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    Apple Renews iOS 12 Data Security Arms Race With Law Enforcement

    By
    WAYNE RASH
    -
    June 16, 2018
    Share
    Facebook
    Twitter
    Linkedin
      iPhone security

      Ever since Apple refused demands by the FBI to unlock an iPhone used by a murderous terrorist in December 2015, there’s been a struggle between the company and its pledge to protect the privacy information of its customers and law enforcement, which wants access to information on suspects’ phones.

      Part of Apple’s effort is to make encryption of the data on iPhones the default setting. This has made it more difficult for police agencies to access the data of criminal suspects, but that’s not the same as impossible.

      Since 2015 Apple has worked to make data on its devices even more inaccessible. Meanwhile companies such as Cellebrite and Grayshift have developed devices that allow agencies to overcome those limitations, which in turn allows agencies to gain access to iPhones when they really need to.

      Now, Apple is upping the ante by limiting how law enforcement can unlock an iPhone. Here’s what’s going on:

      Apple’s devices have long had the ability to be locked with a PIN. Initially these were four-digits long, but they’ve been extended to allow six digits. In an effort to prevent PIN-guessing, Apple’s software also watches how fast the numbers are pressed during an unlock attempt. Too fast, and the unlock won’t work even if the numbers are correct. This is to defeat mechanical number-guessing.

      But it turns out that the iPhone (and presumably the iPad as well) can have PIN numbers injected directly via the Lightening Port by a computer running an unlock routine that repeatedly tries one combination after another. Cellebrite and Grayshift are two companies that make the devices that can access a locked iPhone in this way.

      Now, with Apple’s new release of iOS 12 that’s due out shortly, it look like this will become more difficult. The company has confirmed to the New York Times and other media sources that it is including a feature that turns off access via the Lightening Port for any use besides charging after an hour. This means that if it’s been an hour or less since the iPhone was unlocked, then access via the Lightening Port will work. After an hour, it won’t.

      When this feature of iOS 12 was revealed, law enforcement agencies expressed concern that this investigative tool will soon be unavailable. Since then, they’ve calmed down.

      The reason for the sudden calm isn’t clear, but a number of reports indicate that Grayshift has found a solution that will allow its GrayKey device to continue to unlock iPhones. While Grayshift has not responded to eWEEK’s request to discuss its operations, and for reasons that remain obscure has been unwilling to reveal its secrets to the media, there’s every likelihood that the company has known that Apple would take countermeasures and has planned accordingly.

      For that matter, so has Cellebrite, the Israeli security company that helped the FBI unlock an iPhone used by the perpetrator in terror attack in the San Bernardino in which 14 people died and 22 others seriously injured. Cellebrite is still advertising that it has the ability to perform forensics on a number of platforms, including the iPhone.

      There’s no doubt that either of those companies was prepared to respond to any changes Apple made to iPhones or iOS that made it harder to break into. To do anything less would be irresponsible in the minds of their customers, including government agencies and police authorities that depend on the ability to thward the security features to today’s mobile devices.

      Exactly what the next steps by these companies are taking is impossible to say. They are, after all, making it a point not to tell Apple. They’re also certainly mandating non-disclosure agreements with their customers that might leak such information. The rest of their customers are already keeping secrets far greater than how to unlock an iPhone, so it’s certain they’re not going to leak anything.

      If I had to speculate, I’d guess that since the Lightening Port turns off after an hour, they may tinker with the clock if they get the phone soon enough that it hasn’t timed out or the battery died. Or perhaps they’ve fond a way to change the setting of the Lightening Port accessories switch that comes with iOS 12.

      But what seems more likely is another approach entirely. Perhaps that step includes opening the case of the phone, and attaching leads upstream of the Lightening Port, and intercepting the data stream beyond the point at which the port enters the picture.

      Or it could be another approach that I haven’t imagined. What matters is that there’s apparently a method of getting law enforcement what they need, if they’re willing to pay for it.

      But all of this ignores the question of how to get legitimate access to a device when the circumstances demand it. The San Bernardino attack wasn’t really such a critical emergency need. After all, as horrific as the attack may have been, the attackers were already dead when the FBI got ahold of the iPhone they wanted to unlock. That particular set of terrorists weren’t going to kill anyone else, no matter how long it took or whether the effort was successful.

      But suppose the circumstances were different. Suppose the lives of tens, or perhaps hundreds, of people hung in the balance? Suppose law enforcement knew that a specific phone held critical information that could prevent a terrorist attack? That’s a different problem and it’s one that both law enforcement and phone makers, notably Apple, need to examine.

      I would not want to be Tim Cook, or whoever heads Apple at the time when refusal to enable access to a smartphone resulted in the deaths of hundreds of innocent people. Imagine if access to encrypted data in a device obtained by law enforcement could prevent carnage on the scale of the 911 attacks, if only if the device maker provided a legal emergency means to unlock it. 

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×