Apple Taking Steps to Prevent Law Enforcement From Unlocking iPhones
Ever since Apple refused demands by the FBI to unlock an iPhone used by a murderous terrorist in December 2015, there’s been a struggle between Apple pledging to protect the privacy information of its customers and law enforcement wanting access to information on suspects’ phones.
Part of Apple’s effort is to make encryption of the data on iPhones the default setting. This has made it more difficult for police agencies to access the data of criminal suspects, but companies such as Cellebrite and Grayshift have developed devices that allow agencies to overcome those limitations.
In response, Apple is now limiting how law enforcement can unlock an iPhone.
Here’s what’s going on:
Apple’s software watches how fast PIN numbers are pressed during an unlock attempt. Too fast, and the unlock function won’t work even if the numbers are correct. This is to defeat mechanical number-guessing.
But it turns out that the iPhone (and presumably the iPad as well) can have PIN numbers injected directly via the Lightning Port by a computer running an unlock routine that repeatedly tries one combination after another. Cellebrite and Grayshift are two companies that make devices that can access a locked iPhone in this way.
Now, with Apple’s new release of iOS 12 that’s due out shortly, Apple is including a feature that turns off access via the Lightning Port for any use besides charging after an hour has passed since it was last unlocked.
Law enforcement agencies expressed concern when this feature of iOS 12 was revealed, but they have since calmed down. A number of reports indicate that Grayshift has found a solution that will allow its GrayKey device to continue to unlock iPhones. If so, they are making it a point not to tell Apple and mandating non-disclosure agreements with their customers that might leak such information.
The issue is complicated, but imagine if access to encrypted data in a device obtained by law enforcement could prevent carnage on the scale of the 9/11 attacks. Would the sacrifice in privacy be worth it?