Apple is closing a security loophole that allowed law enforcement authorities to crack iPhones. The move comes two years after Apple and law enforcement authorities had a major clash over user privacy which saw Apple take the issue to the courts. Although Apple won the privacy battle then, US law enforcement did not take it lying down.
Instead, they chose to employ the services of private phone-hacking firms such as Cellebrite and Grayshift to break into iPhones.
However, Apple’s latest move to tighten security for its users may just put a stop to the authorities’ efforts. The New York Times reported that Apple plans to issues a software update that will disable the iPhone’s charging and data port an hour after the device is locked. Although this won’t stop users from charging their phones, it will require users to enter a password when trying transfer any data either in or out of the device.
This could effectively end the law enforcement authorities’ trend of using a USB-like device that come contained with customised software designed to unlock iPhones.
In the past, police departments in Maryland, Portland and Rochester have admitted to purchasing Grayshift’s $15,000 GrayKey device to break into iPhones.
The GrayKey device has also been purchased by the Drug Enforcement Agency (DEA). Baton Rouge’s district attorney reportedly admitted that his office had engaged the services of Cellebrite in five cases, paying the firm thousands of dollars to unlock iPhones.
Apple’s move has reportedly infuriated many law enforcement officials.
“If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children, told the Times.
The Indiana State Police also purchased the GrayKey device, which helped them unlock 96 iPhones for various cases.
However, Apple defended its decision by pointing out that the same loophole used by the police could also be used by cybercriminals to cause damage to its users.
“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” Apple spokesperson Fred Sainz told the Times.
Privacy advocates have welcomed Apple’s decision to block the security loophole. “This is a really big vulnerability in Apple’s phones,” said Matthew D. Green, a professor of cryptography at Johns Hopkins University. According to Green, such a device sitting on a desk at a police station, “could very easily leak out into the world”.
This is not the first time that Apple has blocked a security loophole.
In 2010, the tech giant disabled the technology which previously allowed law enforcement authorities to brute-force passwords on iPhones to unlock the device. The company’s latest move appears to be part of a long drawn-out battle between tech firms and law enforcement.
“People always expected there would be this back-and-forth — that government would be able to hack into these devices, and then Apple would plug the hole and hackers would find another way in,” said Michelle Richardson, an analyst at the Center for Democracy and Technology.