Apple Pulls Plug On Phone-Cracking Tech Vendors, Will Prevent Data Transfer From Locked Phones

from the law-enforcement's-access-hole-is-everyone-else's-security-problem dept

The FBI lost control of the "going dark" narrative. Part of it unraveled thanks to outside vendors. Two vendors -- Cellebrite and Grayshift -- announced they could crack any iPhone made. This shot holes in the FBI's theory that locked phones stayed locked forever and thereafter were only useful for hammering legislators over the head with until they cranked out an anti-encryption law.

The second unraveling was the FBI's own unforced error. Supposedly it couldn't count phones without software and the software it had couldn't count phones. What the FBI and others claimed was 8,000 uncrackable threats to the safety of the American public was actually a little over 1,000 phones. As for the latent threat posed by these locked devices, that's still pure speculation until the FBI starts handing over some info on what criminal acts these phones are tied to.

The FBI will probably be looking to restart its "going dark" campaign, thanks to Apple's latest effort, which will render Cellebrite and Grayshift's phone cracking boxes obsolete.

Apple is closing the technological loophole that let authorities hack into iPhones, angering police and other officials and reigniting a debate over whether the government has a right to get into the personal devices that are at the center of modern life.

Apple said it was planning an iPhone software update that would effectively disable the phone’s charging and data port — the opening where users plug in headphones, power cables and adapters — an hour after the phone is locked. While a phone can still be charged, a person would first need to enter the phone’s password to transfer data to or from the device using the port.

Law enforcement may be angered by this but private companies are not obligated to make law enforcement's job easier. Apple's official statement on the software update is probably meant to be placating, but is unlikely to change the mind of any law enforcement official who sees this reaction to phone cracking devices as another extended middle finger from tech companies. According to Apple spokesman Fred Sainz, this fix is being issued to fix a security hole, not "frustrate" law enforcement efforts.

But law enforcement efforts will be frustrated. The same goes for criminal efforts. Any device that can crack any iPhone exploits a flaw in the software or hardware. There's no such thing as a security hole that can only be exploited for good. Grayshift's GrayBox could end up in the hands of criminals and it may well be that both vendors have already sold tech to law enforcement agencies in countries where civil liberties aren't as valued as they are in the United States.

The article quotes several law enforcement officials complaining about being locked out of iPhones again. And while the frustration is understandable, the fact is plenty of data and communications are stored in the cloud, untouched by device encryption. Generally speaking, companies like Apple and Google have been cooperative when approached directly by law enforcement, as long as the request doesn't involve breaking device encryption.

This isn't the end of the discussion. Nor should it touch off another skirmish in the Encryption War 2.0. This setback should be viewed as temporary. Holes with be found and exploits deployed and these will be met with patches and firmware upgrades by the tech companies affected. This all can be traced back to the earlier days when it was only criminals looking for ways to defeat personal security measures. Law enforcement was late to the game, but its arrival shouldn't mean companies forgo protecting their customers to avoid inconveniencing the government.

Filed Under: doj, encryption, fbi, going dark, phone cracking
Companies: apple

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Uriel-238 (profile), 14 Jun 2018 @ 5:36pm

    Isn't that the One Ring rule?

    We had so many talks of unicorn keys that only worked for good-guys (or against bad-guys) but it started to smack of the Texas Marksman fallacy where the easiest way to make bullets that only kill bad-guys is to define a bad-guy (as one subset of many within the set of bad-guys) as someone who is hit by those bullets.

    The thing is, anytime we make a super weapon like a universal backdoor key or the NSA mass surveillance program, or a nuclear arsenal, someone malicious will sooner or later get control of it and use it for personal gain.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.