Apple is Making iPhone Hacking A Lot More Difficult for Law Enforcement with iOS 11.4

2 minute read
| Analysis

Apple’s quest to keep the data on our iPhones safe and secure is taking an interesting turn that no doubt won’t please law enforcement. When iOS 11.4 ships it’ll include a security feature that disables the Lightning port if the iPhone hasn’t been unlocked for seven days.

The feature is called USB Restricted Mode. Apple describes it like this:

To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked–or enter your device passcode while connected–at least once a week.

The Lightning port will still work for charging after the seven day window, but won’t sync or pass any data. To regain full Lightning port functionality you need to enter the device passcode.

The iPhone Hacking Time Limit

That’s bad news for law enforcement agencies relying on companies like Celebrite and Grayshift to unlock iPhones. These companies often physically connect a device to the iPhone’s Lightning port to hack in, break the passcode, and access data.

Government agencies typically have a backlog of devices they want to crack. In some cases, that backlog is counted in years. Now Apple is about to limit the government’s window to seven days.

iPhone X with Lightning port to USB blocked

iOS 11.4 can disable USB connections through the Lightning port after seven days

Apple’s new time restriction means law enforcement agencies will have to decide quickly which iPhones they want to hack for evidence. Even still, the odds of forensic specialists being able to keep up with the workload is pretty slim.

That doesn’t, however, mean Apple has found a foolproof way to keep governments and hackers from breaking through iPhone security. They can still desolder chips from the phone’s circuit board and work to hack those, although that requires a lot more skill than simply plugging in a cable and waiting.

Apple’s Fight Against Government iPhone Hacking

Apple’s efforts to lock down our iPhones to protect them from hacking took a very public turn in 2015 when the FBI tried to force the company to create a hackable version of iOS. The FBI wanted the special operating system so it could hack into an iPhone recovered from a mass shooting suspect.

[The Government’s Bad Move: Ordering Apple to Hack iPhone Security]

[FBI Hacks into Syed Farook’s iPhone, will Withdraw Apple’s Unlock Order]

The suspect was killed in a shootout with police and no one else knew the iPhone’s passcode. Apple recovered what data they could from the phone, but didn’t have a way to work around the passcode to access its encrypted data.

The FBI went so far as to get a court order demanding Apple make the hackable iOS version. Apple resisted, saying the FBI and U.S Government were overstepping their authority, and added that the hackable operating system would set a dangerous precedent.

Apple never had to go to court because the FBI dropped its case when a hacking company, presumably Celebrite, gained access to the iPhone’s encrypted content. Fast forward to spring 2018 and Grayshift was making the news with its GrayKey iPhone hacking device for law enforcement.

[GrayKey Underscores Why We Need Strong iPhone Passcodes]

Those hacking devices are about to become far less useful thanks to USB Restricted Mode. Once iPhone and iPad owners can install the update, law enforcement agencies will have to work much faster to unlock iPhones for evidence.

That’s not going to sit well with government agencies looking to hack into encrypted devices. It’s a cat and mouse game where Apple needs to stay ahead, despite government desires for easy hackability, otherwise our data is susceptible to anyone with the right skills and equipment—both good guys and bad guys.

3
Leave a Reply

Please Login to comment
2 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
JustCauseibuckwab95 Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
wab95
Member
wab95

That’s not going to sit well with government agencies looking to hack into encrypted devices. No, Jeff, it’s not. Two things. First, we need to see how governments worldwide will respond to this, including not simply the overt and direct responses from agencies decrying this move, and competitors seeking to curry favour (and contracts) at Apple’s expense and who will attempt to portray this as Apple defending criminals, terrorists, child sexual predators and any other miscreant one cares to add to the list but, in authoritarian and nationalist environments, whether or not we see this portrayed in terms of anti-law… Read more »

ibuck
Member
ibuck

As I’m not a constitutional lawyer, I don’t understand how the 4th and 5th Amendments in the U.S. don’t apply to such searches without a judge-issued warrant. I also don’t understand how law enforcement folks are not subject to criminal charges and loss of job for violating these laws and for their non-performance in upholding them, as they swore they would do.

If you or I did not do a key part of our jobs, and undermined the organization we work for, we would likely lose our jobs.

Why are law enforcement folks not held accountable?

JustCause
Member
JustCause

The justice system is just 10 years behind understanding that these devices are an extension of our brains/memories. It will get really messy when they start doing actual implants that do some of the same things.

Not to mention the next wave of fMRI technologies and the ability to read thoughts without consent…