Security News

Apple to Close iPhone Security Hole That Police Use to Crack Devices

SAN FRANCISCO — Apple has mentioned the iPhone as one of the secure phone that only the owner could open. Which has led to the battle with law enforcement officials who wants to get the information off them, including a well-publicized showdown with the F.B.I in 2016 after Apple refused to help open the locked iPhone of a mass killer.

The F.B.I has paid the third party to get into the phone, Since then, the law enforcement agencies around the country have increasingly employed strategy to get into the locked iPhones they hope will hold the key to cracking cases.

Now Apple is closing down the loophole that let the authorities hack into anyone’s iPhone, angering police and other officials and reigniting a debate over whether the government has a right to get into the personal devices that are the center of modern life.

Apple has earlier said that they are planning to Update the iPhone Software which will effectively disable the phone’s charging and data port — The opening where the users plug in headphones, power cables and adapters — an hour after the phone is locked. While a phone can be still charged, now the person ought to first need enter the phone’s password to transfer the data to or from the device using the port.

A change to this loophole would hinder the law enforcement officials, who were typically been opening the iPhones by connecting another device running special software to the port, often the days or even the month the smartphone was last unlocked. This news of Apple’s planned software update has begun spreading around the security blogs and other law enforcement circles — and many in investigative agencies are infuriated.

“If we go back to the situation where we again don’t have access, now we know directly all the evidence we have lost and all the kids we can’t put into a position of safety,” said Chuck Cohen, Who basically leads the Indian State Police task force on internet crimes against children. The Indians State Police said that they have unlocked around 96 iPhones for various cases this year, each time with a warrant, using a $15,000 device it bought in March from a company called Grayshift.

The Privacy advocates said that Apple has the full right to fix a security flaw that has now become easier and cheaper to exploit. “This is really big vulnerability in Apple’s phones,” Said Matthew D. Green, a professor of cryptography at Johns Hopkins University. A Grayshift device sitting on a desk at police station, he said, “could very easily leak out into the world.”

Apple and Google, which made their software in early all of the world’s Smartphones, began encrypting their mobile software by default in 2014.
Encryption scrambles the data which makes the unreadable until accessed with a special key, known as a password. That frustrated the police and the prosecutors who could not pull the data from Smartphones, even with a warrant.

The story comes from the public point of view where the F.B.I could not access the iPhone of a gunman who, along with his wife, killed the 14 innocent people in San Bernardino, California., in late 2015.
A federal judge ordered the Apple to figure out how to open the phone, prompting Timothy D. Cook, Apple’s chief executive, to respond with a blistering 1,100 word letter that said the company refused to compromise its user’s privacy. “The implications of the government’s demands are chilling,” he wrote.

The both two sides were in fought in the court for over a month. Then the F.B.I abruptly announced that it has found an undisclosed group to get into the phone, paying at least $1.3 million because the hacking techniques were not common on that time. An inspector general’s report suggest that this year the F.B.I should have exhausted more options before it took Apple to court.

Since then, the two main companies have helped the law enforcement to hack into the iPhones: Cellibrite, an isreal forensics firm purchased by Japan’s Sun Corporation in 2006, and Grayshift, which was basically founded by the Former Apple engineer in 2016. Law enforcement officials said they generally send iPhones to Cellebrite to unlock, with each device cost several thousands of dollars to unlock the phone. In March, Grayshift began selling a $15,000 GrayKey device that the police can use to unlock iPhones themselves.

Apple has then closed the loophole in the past. For years, the police used software to break into the phones by simply just trying every single possible passcode.
Apple has successfully blocked that technique in 2010 by disabling iPhones after a certain number of incorrect attempts. The Grayshift and Cellebrite software appears to be successfully disabling the Apple technology, which basically is allowing them to test the devices with over thousands of passcodes, Mr.Green said.

Cellebrite declined to comment. Grayshift did not respond to requests for comment.

Opening the locked iPhones through these methods is becoming more easier over time, the law enforcement officials said. Federal Authorities, as well as the large state and local police departments, typically have access to the tools, while smaller local agencies enlist the federal authorities to help on high profile cases, they said.

The Law enforcement agencies have purchased the GrayKey device which includes the Drug Enforcement Administration, where they bought an advanced model this year for about $30,000, according to public records. Maryland’s State police have one, as do police department in Portland Ore., and Rochester, Minn., according to records.

Hillar Moore, the district attorney in Baton Rouge, La, said his office had paid the Cellebrite thousands of dollars to unlock the iPhones in the five different cases since 2017, including the investigation into the hazing-related detah of a fraternity pledge at Louisiana State University. He has also said that the phones has given crucial information, and he was upset that the Apple has planned to close such a useful investigative avenue.

“They are blatantly protecting criminal activity, and only under the guise of privacy for their clients,” he said.

Michael Sachs, an assistant district attorney in Manhattan, said his office uses workarounds — he declined to specify which — to access locked iPhones several times a week.
That has helped several times the cases in the past few months, including the cases like iPhones to find videos of suspect sexually assaulting a child. This man convicted this year.

In the very first 10 months of 2017, the Manhattan district attorney’s office said it had recovered and obtained the warrants to search for over 702 locked Smartphones, two-thirds of which were indeed iPhones.
Smartphones running Google’s Android software have been so easy to access, just because many older devices lack encryption.

The encryption basically applies to Smartphones which stores the data inside the phone. Companies usually like Google and Apple give the Law Enforcement officials access to the data that consumers back up on their servers, such as via Apple’s iCloud service.
Apple said that since over 2013, it has responded more than 55,000 requests from United States Government seeking information more over than 208,000 devices, accounts or financial identifiers.

Federal officials have renewed a push for legislation that would require the tech companies like Apple to provide the police an access into the phones, though they were recently found to be overstating the number of devices they could not access.

Apple for sure won’t make it easier for the police to access the phone easily if not forced by the Congress, given that it has made the privacy and security of iPhones a central selling point. But as well the company has complied with the local laws that conflict with its privacy pust.
In china, for instance, Apple recently began storing its Chinese customer’s data on Chinese-run servers because of a new law there.

Apple’s latest move is just a part of a longer cat-and-mouse game between the tech companies and law enforcement, said Michelle Richardson, an analyst at the center of Democracy and Technology, which is supposed for protecting the online privacy.

“People always expected there would be this back-and-forth—that government would be able to hack into these devices, and then Apple would plug the hole and hackers would find another way in,” she said.

Follow Jack Nicas on Twitter: @jacknicas.

Related Articles

Leave a Reply

Back to top button