With few exceptions, Apple’s iOS encryption is virtually unbreakable, leading to praise from consumers and condemnation from law enforcement. But while the privacy debate rages here in the United States, police in the UK have effectively deployed an alternative strategy: snatching the iPhone right out of the suspect’s hands while they’re using it.
A Digital Fortress
The issue is that Apple now encrypts user data by default in iOS, requiring the use of Touch ID or a passcode to unlock it. Due to the complexity of the encryption and a protection scheme that permanently locks the device if too many incorrect passcodes are entered, the data on an iPhone with a secure password is virtually unobtainable.
This is great for user privacy and protection, but it presents a serious issue for law enforcement, which has the right under certain circumstances to access an individual’s private information. Apple has taken a hard stand against law enforcement in the U.S. and abroad when it comes to incorporating “back doors” into iOS that would allow law enforcement to circumvent a device’s encryption, arguing that the implementation of such a back door would endanger all iOS users when a hacker or nation inevitably compromises it.
This has led to a standoff between Apple and various law enforcement agencies, one which was enflamed by the role of an iPhone in the 2015 San Bernardino terrorist attack. And although the FBI later claimed it was able to successfully hack into the suspect’s iPhone without Apple’s help, the exact nature of that hack has not been clarified, keeping the issue in the spotlight.
Smash & Grab
Despite this apparent conflict between personal liberties and law enforcement powers, it appears that some good old fashioned police work has revealed an alternative. According to a BBC report last week shared by 9to5Mac, Scotland Yard’s cybercrime unit was able to obtain the data needed to bring down an international credit card fraud racket by simply taking the iPhone out of the suspect’s hands.
The suspect, Gabriel Yew, had been under investigation for manufacturing fake credit cards that gangs across Europe were using to purchase luxury goods. The investigators believed that Yew was using an iPhone to communicate with his criminal network, but knew it was unlikely that he would unlock the phone if detained.
Faced with this dilemma, detectives from the UK’s “Operation Falcon” team, which specializes in online organized crime and fraud, devised a plan to surveil Yew and wait for him to unlock and use his iPhone. When the time came, the undercover officers rushed in and seized the device in an apparent mugging. The officer then kept swiping and interacting with the iPhone to prevent it from locking until IT specialists arrived and downloaded the phone’s data.
Detective Chief Inspector Andrew Gould, who led the operation, told the BBC that it was a complete success, with the iPhone yielding evidence that was “crucial to the prosecution” and detailed a “motherlode” of information on Yew’s criminal activities and those of his partners, leading to a five-and-a-half year prison sentence.
While an operation like this wouldn’t have been useful in situations where police uncover an iPhone after the fact, such as in the case of the San Bernardino terrorists, it does provide a route that preserves the integrity of the iOS operating system as well as law enforcement’s right to pursue criminals.