Apple Blocks Hack That Feds and Police Use to Crack iPhones
Apple confirmed on Wednesday that the next version of its iPhone and iPad operating system will close a security hole that law enforcement has used to crack into otherwise secure devices that belong to criminal suspects and targets of security operations worldwide.
The software change highlights Apple’s sometimes fraught relationship with law enforcement in the U.S. and elsewhere. The company has increasingly designed its computers and mobile devices to be impervious to decryption, even by Apple itself.
Following the massacre of 14 by a couple in San Bernardino, Calif. in 2015, the FBI asked Apple for help in creating a custom version of its iOS software that would allow the FBI to bypass protections against rapidly and automatically trying every possible passcode—so-called “brute force”—until the correct one unlocked the device. After Apple declined, the FBI obtained a court order that Apple resisted until the FBI dropped its efforts, announcing it had found an alternative way to break into the phone.
Apple said in a statement on Wednesday about the new protections, “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”
The firm, which noted that it’s in constant communication with law-enforcement agencies and personnel, said it received 14,098 requests for information from the U.S. government in 2017 alone related to over 62,460 devices. Apple also noted that it received about 29,000 national security requests from the U.S. government in 2017, which are issued by the Foreign Intelligence Surveillance Act (FISA), and typically prevent a company or other party from disclosing any details, even to the customer whose data is affected.
Apple’s software tweak was part of the beta-testing version of iOS 11.4, but didn’t make it into that small update to the operating system that runs iPads and iPhones that appeared days ago. It also appears in a beta version of iOS 12. But Apple confirmed that an upcoming release will add USB Restricted Mode, an option that disables the USB port for any kind of data transfer or interactions if a device hasn’t been unlocked in the previous hour.
Any party attempting to break into the phone would need to plug it into a hardware-cracking device very quickly. In most cases, law enforcement would be unable to react fast enough.
The new option added by Apple is labeled USB Accessories within its passcode/ID settings, which Apple turns on by default. (Users can disable it if they want.) The port can still be used to charge the device.
In its statement, Apple said, “We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data.”
Apple says that once it learned of vulnerabilities involving its USB, it examined its code that handles data interactions using this standard, and improved security in a number of areas. However, given the severity of the threat, the company decided to offer what is effectively an off switch for USB.
Google has taken more measures over time for its Android operating system as well. It recently updated its Pixel 2 phones to prevent itself from creating custom firmware updates that could be installed on a phone without the device’s password.
Technology news sites previously reported about Apple’s latest anti-hacking feature, which has appeared in test versions of the operating system. But Apple didn’t confirm that it would appear in a general release until today.
In a previous iteration, the feature locked out USB devices connected to iPad and iPhone Lightning ports after seven days instead of one hour in the upcoming release.
While the details of the exploit in Apple’s software are unknown, it appears to allow a hardware device to cycle through an endless series of passcodes relatively quickly without triggering features that prevent rapid successive entries of incorrect codes. iOS also offers an option that erases a device after 10 incorrect attempts, but this exploit apparently bypasses that as well.
Two companies, Cellebrite and GrayShift, reportedly offer cracking services and hardware to what they describe as qualified law-enforcement, military, and other government representatives. However, because these cracks rely on an exploit, not a feature enabled by Apple for law-enforcement or other purposes, it could be used for criminal purposes as well. The exploit may exist on hundreds of millions of active Apple mobile devices.
The FBI is widely believed to have turned to Cellebrite for help with breaking into Apple devices. The technique it employed was unknown.
But more recently, Forbes uncovered another company, GrayShift, that advertised iPhone-cracking capability. GrayShift sells a USB-connected hardware device with a preset or unlimited number of unlocks varying by price.