Law Enforcement Agencies Have Cracked Apple iPhone

iphone_security_problem

Apple will try to make its customers happy by fixing up the security flaws with its iPhone devices.

But don’t worry.

Apple says it will not close that security hole in its iPhone device that various US law enforcement agencies have used in order to crack the devices.

Of course, the media will have something to say about Apple’s claim the iPhone is the most secure of all smartphone devices.

The company has made billions in revenue by positioning its iPhone device as nothing but a really secure smartphone device.

Apple has also consistently boasted that only the owner of the iPhone actually has the capability to open it.

Such statements have pushed the company into some tough battles between itself and law enforcement agencies around the country.

But what do law enforcement agencies want?

Everyone knows that they want.

They want information.

And the only way they can get off that from iPhone devices is to take advantage of its security flaws.

Apple had a fairly well-publicized encounter with the Federal Bureau of Investigation just recently in 2016.

The FBI had to take action on its own after it emerged that Apple, as a company, refused to assist the agency to take a mass killer’s locked smartphone device and then open it.

Eventually, after Apple made its intentions clear, the FBI paid off a third-party entity in order to hack the smartphone device.

In other words, the FBI managed to circumvent any need for the company’s assistance rather easily.

Since that showdown, US law enforcement agencies have consistently and increasingly employed the same strategy.

All across the country, law enforcement agencies are unlocking iPhone device that they feel will hold valuable and potentially key pieces of information that would help them crack open hard cases.

However, now that Apple has taken notice of it, it intends to close the security and technological loophole which allowed authorities and third-party hackers to crack the company’s iPhone devices.

This, as is understandable, has angered police officials and law enforcement agents.

The development has also reignited the old debate over whether any federal government has a legitimate right to go ahead and access the personal smartphone devices of people in modern life where a person’s smartphone is his/her center of everything.

Apple recently came out with a statement and said that it had made plans to roll out an iPhone-specific software update.

The software update would help the country to effectively block and disable the iPhone device’s data port as well as charging port.

Basically, the company wants to suspend all the openings that users utilize in order to plug in their headphones, adapters and/or power cables.

The new software update will make sure that the iPhone device disables all the previously-mentioned ports as soon as one hour has passed after the user has locked the device.

Of course, users still have the ability to charge the smartphone device.

iphone_security_flaws

But if the user wants to transfer data either from or to the iPhone device via the port, then the user will first have to enter his/her iPhone device password.

Reports say that even a change as small as that would prove enough to hinder various efforts of law enforcement officials to crack open personal devices.

Recently, law enforcement agencies have used techniques where they connect another random device running some kind of special software to the locked iPhone via the port in order to open the iPhone.

Sometimes, they are able to do so within days.

Other times the user may have unlocked his/her phone months ago but law enforcement agencies would still find a way to glean data off it.

Perhaps that is the reason why the news regarding the company’s upcoming software update has already managed to spread throughout law enforcement circles as well as security blogs on the internet.

As mentioned before, the planned update has also infuriated many investigative agencies.

Chuck Cohen, who currently leads as Indian State Police special task force in order to combat internet/online crimes against vulnerable children recently said that if they went back to the old situation where they did not have any kind of access, they would know first-hand all the related evidence that they would have lost and all the children that they could not put into better and safer positions.  

From previous reports, we know that the Indian State Police managed to unlock around 96 iPhone devices this year alone.

The department did that for a variety of reasons.

Moreover, on each occasion, the Indiana State Police had a warrant for unlocking the device.

The Police department had bought a device that cost $15000 last March from Grayshift, a company that provides safety-related equipment.

What About Privacy Advocates?

What are they saying about the whole situation?

Well, for now, they think Apple has every right to fix up a significant security flaw which had become cheaper and easier for anyone to exploit.

A cryptography professor at John Hopkins University, Matthew D.Green recently said that there indeed was a huge security vulnerability in Apple iPhone devices.

He also said that a given Grayshift device that is just sitting there on a desk at a given police station, could leak out to the wider world very easily.

Fred Sainz, a spokesman for Apple, stated via email that the company had absorbed itself in constantly strengthening the already existing iPhone security protections.

He also said that the company engineers fixed any found security vulnerability in its iPhone devices very quickly.

Part of the reason why the company keeps closing security vulnerabilities is that according to the company criminals could make use of the same security exploits that US law enforcement agencies do in order to crack open iPhone devices.

Fred also mentioned that the company had the greatest amount of respect for all members of law enforcement agencies.

Moreover, he said, the company did not design its security improvements in order to frustrate law enforcement agencies and their efforts to best carry out their jobs.

Google and Apple are the two companies which develop software that nearly all smartphone devices on earth make use of.

Both of them started to encrypt their smartphone software by default about four years ago in 2014.

What does encryption do?

It scrambles user data in order to turn it into something that is totally unreadable until someone accesses it with the help of a special key.

This special key usually comes in the form of a password.

iphone_police

Such security measures frustrated prosecutors and police departments because they could not complete their investigations via pulled data from these smartphone devices.

They couldn’t even do so even if they had a valid warrant.

This friction between Apple and the FBI came directly into the public view after it emerged that the FBI did not find success in accessing a gunman’s iPhone device who (with assistance from his wife) murdered a total of 14 people in San Bernardino, California.

That incident took place in the year 2015.

It was also around this time that a federal US judge ordered the technology giant to figure out a way to open its iPhone devices.

Apple’s chief executive, Timothy D. Cook, responded to the comment with an 1100 word blistering letter.

In the letter, Timothy Cook mentioned that Apple refused all requests to compromise the privacy of its users.

He also wrote that the implications of the US government’s demands were chilling.

In any case, both Apple and the government legally fought each other in the court for about a month.

After that, the FBI came out and abruptly made the announcement that it had managed to find an undisclosed group which would help the agency to crack into the iPhone device.

Reportedly, the FBI paid around $1.3 million for the group’s services.

Why did FBI have to pay so much?

Because the hacking tools and techniques involved with cracking the iPhone were not really common back then.

However, a report from the inspector general which came out earlier this year made the suggestion that the FBI could have and should have exhausted further options before the agency decided to take Apple directly to court.

Since the court battler, law enforcement agencies have sought the help of two other companies to crack open the iPhone.

Both companies have actually successfully helped law enforcement agencies achieve their goals.

The first of those companies is Cellebrite.

It was a forensics firm based in Israel until Sun Corporation (from Japan) bought it back in 2006.

The second company is Grayshift.

The company was founded in 2016 by a former Apple employee.

Recently, law enforcement agencies have admitted that they usually send iPhone devices to Cellebrite in order for them to crack it for the agency.

The company charges the agency several thousand dollars to open each iPhone device.

Back in March, Grayshift came out with a product of its own.

Instead of cracking phones on its own, the company developed and then started to sell $15000 device that it called GrayKey.

Using the device, law enforcement agencies could unlock iPhone devices on their own without needing any help from the user.

This isn’t the first time Apple has clamped down on various security vulnerabilities in its devices.

The company has closed many security loopholes in the past as well.

Of course, the method of gaining access to devices have changed a lot in the past year alone.

For many years, law enforcement agencies made use of software to try and break into smartphone devices.

The software that these law enforcement agencies used tried to break into phones by simply inputting every possible password combination.

However in 2010, Apple, in order to block such techniques, decided to bring a new feature to its iPhone devices.

The new feature simply disabled the iPhone device after the user had made a specific number of attempts, inputting an incorrect passcode.

With that said, companies such as Cellebrite and Grayshift have developed software that appears to have the ability to disable Apple’s technology of disabling iPhone devices.

According to Mr. Green, the software allowed law enforcement agencies to test iPhone devices with thousands of passwords.

When reporters contacted Grayshift for a comment on the issue, the company did not respond.

Similarly, Cellebrite also declined to give reporters a response on the issue.

iphone_man

According to one law enforcement official, there is little doubt about the fact that opening locked iPhone devices via such methods has actually become more and more common with each passing year.

Local and large state police departments along with federal authorities now, typically have easy access to such tools.

Law enforcement officials also said that smaller local police departments and agencies enlisted the help of federal or state authorities in order to solve some high-profile cases.

In other words, there are many law enforcement agencies that have successfully purchased one of Grayshift’s GrayKey device.

Those law enforcement agencies include the Drug Enforcement Administration.

According to public records, the DEA bought a GrayKey device just this year and paid around $30000 for an advanced model of the device.

The Maryland state police department also has one of its own.

According to more records, police departments in Rochester, Minn. and Portland all have one in their arsenal.

The district attorney in Baton Rouge, La., Hillar Moore, recently said that his office had actually paid companies like Cellebrite money that ran into thousands of dollars in order to crack open iPhone devices in about five of their cases in the last two years alone.

One of the cases involved an investigation into a Louisiana State University fraternity pledge that resulted in a hazing-related death.

Hillar also mentioned that the iPhone devices related to the case had provided his firm with crucial information.

Moreover, he said, he felt a bit upset that Apple had arranged plans to fix an avenue that had proved very useful in his investigative work.

He also said that the company was blatantly giving protection to criminal activity and only under the guise of privacy for its clients.

Another assistant district attorney based in Manhattan, Michael Sachs told reporters that his office had actually used workarounds in order to access various locked iPhone devices multiple times every week.

Michael did not specify the methods his office used.

He also mentioned that such techniques have helped his office solve many cases in the last couple of months alone.

One of the cases involved his office cracking an iPhone device in order to find videos where a suspect sexually assaulted a minor.

After his office had found the videos, the man involved with the sexual assault allegation was finally convicted earlier this year.

The Manhattan district attorney’s office also mentioned that in just the first 10 months of last year, the office had managed to recover and obtain warrants and/or consent to search around 700 locked smartphone devices.

The office pointed out that around 66 percent of those smartphones were actually iPhone devices.

Law enforcement agencies and third-party unlockers have generally found it easier to access smartphone devices that are running Google’s Android operating system software.

Part of the reason why they have had an easier time is that a lot of older devices that run on Android doing have features such as encryption.

Readers should understand that the encryption technology companies offer on their operating systems only apply to data that users have stored on their smartphone devices.

Technology companies such as Google and Apple regularly provide law enforcement agencies full access to the user data that consumers have actually backed up on the company’s servers.

Apple users usually back up their data with services such as Apple iCloud.

Recently Apple came out with a statement that said the company had responded to over 55000 data access requests from the US government in the past five years alone.

The company also mentioned that the government sought information regarding more than 200,000 of its,

  • Accounts
  • Devices
  • Financial identifiers

Needless to say, this tussle over iPhone encryption and law enforcement agencies seeking help to open iPhone devices is very unlikely to simmer down any time soon.

In fact, federal officials actually renewed their push for a legislation which would require Apple and other technology companies to make sure that the police department has access to a backdoor in their device smartphone devices.

It is also true that some reports have found that federal officials have overstated the number of smartphone devices they said they did not have a way to access.

Then there is the fact that Apple would probably try it best to make it hard for law enforcement agencies to have access to its devices if the Congress does not force the company to do so.

And Apple has a good reason for doing so.

The company has sold millions of its iPhone devices.

And the central selling point of these iPhone devices involves user security and privacy.

However, recent reports have revealed that the company has, in reality, complied with several local laws which should cause a conflict with the company’s push for more privacy and security.

To take an example, in China, Apple recently initiated programs to store the customer data belonging to Chinese people on Chinese-run servers.

Why?

Because it made the decision of complying with a new law in China that required the company to do so.

Of course, the latest move from Apple is nothing but a small part of a longer and more complex cat-and-mouse game between law enforcement agencies and technology companies.

This is what Michelle Richardson believes.

Michelle works as an analyst at the Center for Democracy and Technology.

The Center for Democracy and Technology is a not for profit organization that supports a free and open internet.

In other words, it advocates protections for more online privacy for users.

She recently told reporters that people in the United States always expected such kind of a back-and-forth situation where the government would find new ways to hack into smartphone devices and then companies such as Apple would come in and plug the related holes but only to find that hackers found new ways to crack open its devices.

 

 

 

Zohair

Zohair

Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Zohair

COMMENTS

WORDPRESS: 0

Law Enforcement Agencies Have Cracked Apple iPhone

by Zohair time to read: 11 min
0