Apple May Stop Police from Cracking iPhones

If cops want to access criminals' texts and photos, they may have to find another way. According to a New York Times report, Apple may be closing a loophole with iOS 11.4.1 that law enforcement has allegedly used in the past to gain access to locked iPhones.

Credit: Billion Photos/ShutterstockCredit: Billion Photos/Shutterstock

Until now, it's been possible to plug an iPhone into another device and transfer data through its charging port. It's believed that some forensic devices take advantage of this.

Apple told the Times that with its next iOS update, your iPhone's data port will be disabled an hour after the phone is locked. This means if you leave your phone off for an hour, you'll have to enter your passcode before you can plug it into a PC or other device to access the phone's innard. (The phone will still be able to charge its battery without a passcode.)

This won't entirely stop law-enforcement examiners from getting access to locked iPhones, but may severely limits the time they have to complete a process that can sometimes take days or months.

This issue came to light in 2015, when the Justice Department asked Apple for help accessing an iPhone used by a mass killer in San Bernardino, California who was thought to have had terrorist ties. Because of the way the operating system was written, Apple would have had to create custom code and install it on the device in question so that FBI examiners could bypass limits on how often they could guess the passcode. 

MORE: The Best iOS Apps You're Not Using (But Should Be)

Apple refused to write the custom code, arguing that the company would be undermining its own security. (Apple still lets law-enforcement officials access iCloud accounts with a warrant.)

The FBI was finally able to get into the iPhone with help from an Israeli digital-forensics firm that was reportedly paid $1,000,000. Several companies provide similar services to unlock iPhones.

One of the most widespead is a device called GrayKey, sold by a company called Grayshift, that appears to bypass the screen-locking timeout by plugging into the Lightning ports of two iPhones side-by-side. Law-enforcement agencies can pay $15,000 to $30,000 for a Graykey box, depending on the features.

It's not clear whether Apple's updates to iOS will render Graykey useless.

"We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs," Apple's director of corporate communications, Fred Sainz, told the Times.

Rumors first appeared about Apple disabling data transfers without a passcode back in early May, when the Russian digital-forensics firm Elcomsoft noticed the feature in beta builds of iOS 11.3. Back then, the lockout happened only after a week of inactivity. The feature didn't make it into iOS 11.3 or 11.4, but is expected in iOS 11.4.1.

While this update will certainly frustrate law-enforcement agencies, it could be seen as a win for consumers. Privacy experts warn that crooks who obtain your phone could also take advantage of this vulnerability.

Create a new thread in the iPhone forum about this subject
5 comments
Comment from the forums
    Your comment
  • hamio48
    The choice of criminals concerned about their individual privacy rights? Apple.
  • petersylvester52
    Iphones nowadays has become everything to the masses by way of accessing most services, it literally contains you life's activity the more secure it can be the better, whether for law enforcement or thieves and other intruders. We can never be safe enough when come to putting security measures in place, for this world are full of what we may think do not exist.
  • Stobrawa
    Better headline: "Apple May Close Privacy Vulnerability in iPhones".

    I don't like Apple. I actually think that Apple is evil, but this is the Right Thing To Do (TM).

    The fact that it makes cop's jobs more difficult is the SIDE-EFFECT of producing a better, more secure, and more private product. If 90% of all iPhone users were criminals that were using iPhone security as their primary means to avoid prosecution I might have a different opinion, but as it turns out most iPhone users are good people who deserve world-class privacy and security and if that means that it makes things a little more difficult for cops then Boo Hoo, cry me a river. If this stops even one slimy lazy jackboot cop from violating someone's rights on a digital fishing expedition then it's worth every ounce, even if it also means that a savvy criminal has to get caught via some other means.