Published: Thu, June 14, 2018
IT | By Lester Massey

Apple closes security hole exploited by law enforcement agencies to crack iPhones

Under USB Restricted Mode, an iPhone's Lightning port - where the battery charger, headphones and adapters are plugged - will be disabled in an hour after the iPhone is locked.

"We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs", an Apple spokesperson said over email. A Digitimes report today claims that "Apple is still in its redesign phase" with USB-C technology and will not include it in 2018 iPhones. Ironically, the big victor of this change will be companies like Cellebrite and GrayShift that make the cracking machines.

Back in 2016, the agency famously took Apple to court over a locked iPhone owned by the San Bernardino shooter.

"We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data", Apple spokesman, Fred Sainz, said in an email quoted by the New York Times. Despite suggestions that it could compel Apple to hand over the source code to iOS the bureau ended up using the services of a third party to unlock the smartphone.

Currently, law enforcement and others can plug specialized tools made by cybersecurity experts into the phone's Lightning port to access data. The data on the device is encrypted and can not be pulled off without cooperation from Apple or the phone's owner - or possibly by using a corpse's fingerprint.

On Wednesday, Apple said it was aware of the vulnerability and chose to patch it.

The setting change could also draw criticism from USA law enforcement officials who have been engaged in an on-again, off-again campaign for legislation or other ways to force technology companies to maintain access to users' communications.

The change will mean that after the hour passes, the technique will no longer work.

Apple said that it has a team that responds to law enforcement and national security requests 24 hours a day. That has helped solve a series of cases in recent months, including by getting into an iPhone to find videos of a suspect sexually assaulting a child. Smartphones running Google's Android software have been generally easier to access, partly because many older devices lack encryption. This has allowed law enforcement officials and others to easily gain access to pretty much any iPhone.

Like this: