Apple May Stop Police from Cracking iPhones

Updated

If cops want to access criminals' texts and photos, they may have to find another way. According to a New York Times report, Apple may be closing a loophole with iOS 11.4.1 that law enforcement has allegedly used in the past to gain access to locked iPhones.

Credit: Billion Photos/ShutterstockCredit: Billion Photos/Shutterstock

Until now, it's been possible to plug an iPhone into another device and transfer data through its charging port. It's believed that some forensic devices take advantage of this.

Apple told the Times that with its next iOS update, your iPhone's data port will be disabled an hour after the phone is locked. This means if you leave your phone off for an hour, you'll have to enter your passcode before you can plug it into a PC or other device to access the phone's innard. (The phone will still be able to charge its battery without a passcode.)

This won't entirely stop law-enforcement examiners from getting access to locked iPhones, but may severely limits the time they have to complete a process that can sometimes take days or months.

This issue came to light in 2015, when the Justice Department asked Apple for help accessing an iPhone used by a mass killer in San Bernardino, California who was thought to have had terrorist ties. Because of the way the operating system was written, Apple would have had to create custom code and install it on the device in question so that FBI examiners could bypass limits on how often they could guess the passcode. 

MORE: The Best iOS Apps You're Not Using (But Should Be)

Apple refused to write the custom code, arguing that the company would be undermining its own security. (Apple still lets law-enforcement officials access iCloud accounts with a warrant.)

The FBI was finally able to get into the iPhone with help from an Israeli digital-forensics firm that was reportedly paid $1,000,000. Several companies provide similar services to unlock iPhones.

One of the most widespead is a device called GrayKey, sold by a company called Grayshift, that appears to bypass the screen-locking timeout by plugging into the Lightning ports of two iPhones side-by-side. Law-enforcement agencies can pay $15,000 to $30,000 for a Graykey box, depending on the features.

It's not clear whether Apple's updates to iOS will render Graykey useless.

"We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs," Apple's director of corporate communications, Fred Sainz, told the Times.

Rumors first appeared about Apple disabling data transfers without a passcode back in early May, when the Russian digital-forensics firm Elcomsoft noticed the feature in beta builds of iOS 11.3. Back then, the lockout happened only after a week of inactivity. The feature didn't make it into iOS 11.3 or 11.4, but is expected in iOS 11.4.1.

While this update will certainly frustrate law-enforcement agencies, it could be seen as a win for consumers. Privacy experts warn that crooks who obtain your phone could also take advantage of this vulnerability.