Apple confirmed today it will close a security hole that has allowed law enforcement officials, working with forensic companies, to break into iPhones to retrieve data related to criminal investigations.
In the upcoming release of iOS 12, Apple will change default settings on iPhones to shutter access to the USB port when the phone has not been unlocked for one hour. In its beta release of iOS 11.3, Apple introduced the feature – known as USB Restricted Mode – but cut it from iOS 11.3 before that version was released publicly.
The documentation describes the new feature as a way “to improve security.”
The USB port was a conduit through which at least two forensic companies were able to crack the iPhone’s cryptographic security. Law enforcement agencies, such as the FBI, have been using the forensic companies’ technology to break into iPhones related to criminal cases.
“Of course, this is to prevent that particular attack – if not to prevent the FBI from doing it, it’s to prevent everybody from doing it,” said computer security specialist Bruce Schneier. “This is why you encrypt your data; not to prevent the FBI from getting it, but to prevent criminals from getting it.
“It’s a way to improve security against a known attack, which I assure you good guys and bad guys are using. And, we are all safer because Apple is going to do this,” Schneier added.
In a statement, however, Apple said it was not targeting law enforcement with the security change.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
Law enforcement using blackbox tech to hack iPhones
In February, reports surfaced that an Israel-based technology vendor, Cellebrite, had discovered a way to unlock encrypted iPhones running iOS 11 and was marketing the product to law enforcement and private forensics firms around the world. According to a police warrant obtained by Forbes, the U.S. Department of Homeland Security had been testing the technology.
Shortly thereafter, Grayshift emerged as a different company that had developed an inexpensive black box that could unlock any iPhone; reports revealed local and regional U.S. police departments and the federal government have been purchasing the technology.
For example, over the past year, the district attorney’s office in Baton Rouge, La., paid Cellebrite thousands of dollars to unlock iPhones in five cases, according to The New York Times. Those investigations included the hazing-related death of a fraternity pledge at Louisiana State University. Baton Rouge District Attorney Hillar Moore told the Times he is “upset that Apple planned to close such a useful investigative avenue.
“They are blatantly protecting criminal activity, and only under the guise of privacy for their clients,” Moore told the Times.
Nate Cardozo, senior staff attorney with the Electronic Frontier Foundation (EFF), a non-profit digital rights group, said law enforcement is in the “golden age of surveillance,” with an unprecedented ability to look into people’s lives and more data available than ever before. Tech firms, he said, shouldn’t have to “weaken security for millions of innocent users, just to keep one exploit working longer.
“And certainly not permanently weaken security with a mandated backdoor,” Cardozo added.
The brouhaha between law enforcement and Apple erupted after the FBI attempted to access data on an iPhone owned by San Bernardino gunman Syed Rizwan Farook, who in 2015 shot and killed 14 people and wounded 22 others in a terrorist attack. Apple refused to help the FBI crack the cryptographic security on the iPhone.
Lawmakers also argued that Apple should install a backdoor in iOS to make it easier for law enforcement and the government to access data in criminal investigations.
The Justice Department then petitioned the courts to force Apple to comply with an order to unlock the device; a judge granted the request, but delayed making a final decision until hearing arguments from both sides. The evening before a court hearing to decide the matter, the government announced it had gotten help from an outside group that allowed it to break into the iPhone; the case was dropped.
In February, reports surfaced that Cellebrite had discovered a way to unlock encrypted iPhones running iOS 11 and were marketing the product to law enforcement and private forensics firms around the world.
A ‘win for every iPhone user’
“With this change, Apple has closed a critical security loophole, which is a win for the security of every iPhone user,” Cardozo said. “The security flaw that exists in all our phones — if left open for law enforcement — will be exploited by criminals, identity thieves, corporate spies, abusive partners, and foreign agents, just to name a few.”
Cellebrite states on its website it sells its technology to law enforcement, military, intelligence, and corporate customers. Grayshift doesn’t say who its customers are. In April, however, reports arose that Grayshift was being extorted after its product’s source code was exposed online.
Attempting to keep cryptography-cracking technology in the bottle is impossible, Schneier said, which makes it all the more important that tech providers such as Apple do what they can to secure their devices. Even if Cellebrite and Grayshift claim to only sell to authorized user, such as governments and police agencies, there’s no guarantee the governments are honest.
“What about the company that does this in China to attack the dissidents? Yes, the company you interviewed may be moral and upstanding; they are not the only company on the planet with this capability,” Schneier said. “As you know, most of these companies do sell to pretty questionable governments. So, a) they’re lying and b), it doesn’t matter if they’re telling the truth.
Jack Gold, principal analyst with J. Gold Associates, said Apple wants its mobile devices to be viewed as the most secure in the industry. But he questioned whether it’s clear that Apple’s latest attempt at security will do what the company thinks it will.
“It will make it harder to break into their phones, but I’m confident that someone will find a way in, just as they did previously even though Apple said it was impossible,” Gold said via email. “This is a never ending battle: I protect, you find a way in. I protect again and so forth…”
Law enforcement efforts to crack mobile device security are also a “direct assault against Android,” Gold said, in that it’s not at all clear that most Android phones could claim the same level of anti-hacking security as Apple. The exception would perhaps be new Google at Work business devices with vaults, or Samsung Knox devices, which also have significant security barriers, Gold added.”
Overall, Gold said, “I think most Apple users will cheer this move to limit the ability to break into phones.”