The FBI is apparently furious at Apple for new security measures that lock them out of people’s smart phones, even with valid search warrants. But iPhone users should know the vaunted security measures aren’t all they’re cracked up to be.
Last week, Apple CEO Tim Cook announced that devices running Apple’s new operating system iOS 8 and protected by a user’s passcode will be so secure that Apple “cannot bypass your passcode and therefore cannot access (your personal) data,” even, Cook says, “to respond to government (search) warrants.”
But while the media, techies, and privacy advocates praised Apple, Wired reported this month that cops can still pull an iPhone user’s data off a locked phone, even if Apple employees can’t help. All police officers need, according to iOS forensics expert Jonathan Zdziarski, is access to a computer you’ve previously used to move data onto and off of your phone.
If your phone is powered-on (but, really, who ever turns their phone off?), law enforcement can impersonate a trusted computer and siphon data off a device running iOS 8 from third-party application data — like Twitter, Facebook, Instagram, web browsers, and nearly all of your applications — as well as photos and videos. All of this can happen without entering the device’s passcode.
Zdziarski, who previously trained law enforcement in iOS forensic techniques, successfully hacked a device himself. Zdziarski told Wired, “I can do it. I’m sure the guys in suits in the governments can do it.”
The trick that Zdziarski used could apply to police officers who seize all of the electronics from a suspect’s home or by airport security agents who grab a user’s phone and laptop.
So, yes, it is more difficult for law enforcement to enter your devices, but not impossible. And users should not get complacent with their data’s security.
What all of this means is that, in tying their own hands with the iOS 8 and user passcode security measures, Apple has created for themselves plausible deniability in what they will do for law enforcement. Security is improved for the user, but this also lets Apple off the hook in terms of legal obligation.
The improved data protection comes only weeks after celebrity nudes were hacked from Apple’s iCloud, putting Apple into privacy damage control.
It is encouraging the hack at least resulted in positive changes; even Google announced that it plans to make data encryption, the important feature in iOS 8, the default setting for the new Android L operating system, which is due to be released in October.
