Apple has confirmed plans to bolt shut a security hole in iPhone devices that law enforcement agencies have been using to gain entrance into locked handsets after seizing them from suspected criminals. As can be imagined, those same agencies are none too pleased with Apple’s decision. As far as Apple is concerned, however, it’s a matter of security and privacy for consumers, both of which are compromised by certain third-party devices.
For example, companies like GrayShift and Cellebrite offer USB devices that enable customers to thwart existing security measures in iOS, and in particular a set number of password guesses before being permanently locked out of an iPhone or the data is erased. Law enforcement agencies in various countries have purchased or rented these devices to break into iPhone handsets, but they will be rendered ineffective with Apple’s new security measures.
What’s at issue is a mechanism in iOS 12 called USB Restricted Mode. What it does is force the use of a passcode whenever an iPhone runniong iOS 12 is connected to a USB accessory and has not been unlocked for an hour or more. After the relatively short time limit expires, iOS blocks communication through the USB port, making it impossible for existing devices to unlock an iPhone using brute force techniques.
“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said in a statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
From Apple’s vantage point, iOS has a security hole that needs patched. It’s also concerned about law enforcement agencies in other countries taking advantage of lax laws to seize and break into iPhone devices, as well as criminals using the same method. Nevertheless, Apple’s decision is causing more tension with the FBI and police departments, which are already at odds with Apple over its stance on encryption and unwillingness to provide a backdoor for law enforcement.
“If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children, told The New York Times.
Hillar Moore, the district attorney in Baton Rouge, Louisiana, took things a step further and told NYT Apple is “blatantly protecting criminal activity, and only under the guise of privacy for their clients.”
Privacy advocates disagree, noting that existing devices made by companies like GrayShift and Cellebrite present a pretty big security risk to iPhone owners. Should they fall into the wrong hands, privacy goes right out the window. Along with Apple, they also point out that government contractors usually find ways of cracking devices anyway, so intentionally weakening encryption only increases the risk of hacking by people who are not involved with law enforcement.
Top Image Source: Pixabay