Tuesday, June 19, 2018
Apple iPhone USB Restricted Mode
An article in the Washington Post (June 13, 2018) stated: "Apple is making it harder for police to collect evidence from iPhones of suspected criminals."
Apple announced Wednesday that it would block access to a port that law enforcement uses to break into iPhones during criminal investigations, a move that could reignite debate over whether tech companies are doing enough to help authorities probing serious crimes.
Apple said the change, which would disable the Lightning port on the bottom of iPhones an hour after users lock their phones, is part of software updates to be rolled out in the fall. Designed to better protect the private information of iPhone users, it will have little obvious effect on most people using the devices but will make it far more difficult for investigators to use extraction tools that attach through the port to collect the contents of seized iPhones.
Privacy advocates have noted that personal data backed up to cloud services, such as Apple's iCloud, has become a popular target for investigators as devices themselves have become better protected. Malicious hackers also have exploited such cloud-based backups to collect user information and photographs.
“It's good that Apple continues to improve the security of the devices it gets against unauthorized access and hacking,” said Peter Eckersley, chief computer scientist for the Electronic Frontier Foundation, a civil liberties group based in San Francisco. “But it remains the case that iCloud backups are a huge loophole in Apple's device security, and most of what people do on their iPhones and iPads is available to law enforcement.”
--
I had previously commented here that Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (like Cellebrite) (June 6, 2018). It is important to understand however that Apple security features are not specifically intended to prevent law enforcement from conducting lawful searches of devices authorized by a proper warrant. While security features may in fact limit the ability of law enforcement to conduct random searches of iPhones, more importantly the feature prevents criminals and rouge governments from accessing iPhone users' private data.
When looking at a cellphone forensic device like GrayKey, we see that the device two strategies to access data on the phone: “Before First Unlock” or BFU, and “After First Unlock” or AFU. BFU is a “slow brute force,” meaning it takes 10 minutes per try. This gives access to “limited data.” That’s likely because the BFU strategy happens when the phone was off when seized. If that’s the case, when turned on, the iPhone has most of its data, including contacts, messages and other personal data still encrypted.
AFU, on the other hand is a “fast brute force” mode that presumably kicks in when the phone is locked but was turned on and unlocked at some point by the owner. In this case, it allows for 300,000 tries and allows “parallel extraction of pre-unlock data.” If AFU works, the slide adds, “95% of the user’s data is available instantly.”
Apple’s new USB Restricted Mode may severely limit that type of attack, because the lighting port used to attack the phone will become largely useless once an hour passes without a phone unlock. The feature has not yet made its way into general iOS releases, but iOS 12 is expected to launch around June 26.
* In any case where there is the potential for your iPhone to be seized (i.e. crossing a border), turn the phone off. You may be asked to turn the phone on, or even to unlock the phone, but at least in this case you have a choice whether to comply with the request.
* Ensure that the passcode you use to protect access to your phone is at least 10 characters long. Short 4 digit passcodes can be broken within hours, and a 6-digit passcode can be broken within two or three days, but longer passcodes significantly delay attempts to break into your phone.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.