Published: Fri, June 15, 2018
Tech | By Dwayne Harmon

Apple to close iPhone security loophole used by law enforcement

Apple to close iPhone security loophole used by law enforcement

Apple and most private security experts argue that government contractors and others can usually find means of cracking devices. They will to some extent get away with it.

These firms typically use methods that involve connecting to an iPhone's charging port and then using software to unlock the device.

The feature disables data transfer through the Lightning port one hour after a phone was last locked, preventing popular third-party hacking tools used by law enforcement from accessing the device.

Apple began working on the USB issue before learning it was a favorite of law enforcement. The so-called "GrayKey" boxes can unlock encrypted iPhones in as little as two hours.

Grayshift, founded by a former Apple engineer, markets a $15,000 (£11,000) device created to help police exploit the security hole in the iPhone's current software. A Grayshift device sitting on a desk at a police station, he said, "could very easily leak out into the world".

The tech company said the change is aimed at blocking hackers, not at hindering law enforcement agencies from doing their jobs, Reuters reported.

Apple didn't end up building that software. Encryption scrambles data to make it unreadable until accessed with a special key, often a password.

The current flaw has provided a point of entry for authorities across the USA since the Federal Bureau of Investigation paid an unidentified third party in 2016 to unlock an iPhone used by a mass killer in the San Bernardino shooting a few months earlier.

An internet privacy advocate said Apple's move was a win for the security of all iPhone users. "The implications of the government's demands are chilling", he wrote.

Cyber-security expert Alan Woodward, who is a visiting professor at the University of Surrey, is sceptical of the idea that GrayKey devices could be used for mass surveillance by police.

Apple's adoption of Type-C in its iPhones will accelerate other smartphone companies' adoption of the interface in their products, the sources indicated.

Apple has closed loopholes in the past.

Cellebrite declined to comment. Given that the devices cost between $15,000 and $30,000, that could work out much more costly for law enforcement. The man was convicted this year.

The encryption on smartphones only applies to data stored exclusively on the phone.

Like this: