Apple, having long since vowed to create the iPhone as a device that only its owners can open and mired in controversies as to whether to allow law enforcement in, has stated that it is planning an iPhone software update that would effectively disable the phone’s charging and data port hour after the phone is locked. While a phone can still be charged, a person would first need to enter the phone’s password to transfer data to or from the device using the port.
Such a change would hinder law enforcement officials, who have typically been opening locked iPhones by connecting another device running special software to the port, often days or even months after the smartphone was last unlocked. News of Apple’s planned software update has begun spreading through security blogs and law enforcement circles — and many in investigative agencies are infuriated.
In an email, an Apple spokesman, Fred Sainz, said the company is constantly strengthening security protections and fixes any vulnerability it finds in its phones, partly because criminals could also exploit the same flaws that law enforcement agencies use. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” he said.
Both Apple and Google began encrypting their mobile software by default in 2014. This, in turn, frustrated police and prosecutors who could not pull data from smartphones, even with a warrant.
Since the San Bernardino shooting and the controversy in which the Department of Justice wound up decrypting the shooter’s iPhone via a third party, both Apple and Google have helped law enforcement hack into iPhones. Law enforcement officials said they generally send iPhones to Israeli firm Cellebrite to unlock, with each phone costing several thousand dollars to open. In March, Grayshift began selling a $15,000 GrayKey device that the police can use to unlock iPhones themselves.
Apple has closed loopholes in the past. For years, the police used software to break into phones by simply trying every possible passcode. Apple blocked that technique in 2010 by disabling iPhones after a certain number of incorrect attempts. But the Grayshift and Cellebrite software appear to be able to disable that Apple technology, allowing their devices to test thousands of passcodes.
The tussle over encrypted iPhones and opening them to help law enforcement is unlikely to simmer down. Federal officials have renewed a push for legislation that would require tech companies like Apple to provide the police with a backdoor into phones, though they were recently found to be overstating the number of devices they could not access.
Apple probably won’t make it any easier for the police if not forced by Congress, given that it has made the privacy and security of iPhones a central selling point. But the company has complied with local laws that conflict with its privacy push. In China, for instance, Apple recently began storing its Chinese customers’ data on Chinese-run servers because of a new law there.
The privacy wars continue.
Stay tuned for additional details as they become available.