Insights For Success

Strategy, Innovation, Leadership and Security

IOS 8 means Apple can't unlock your device for law enforcement

technologyEdward KiledjianComment

The slow and consistent Snowden leaks about how everything we do is monitored, recorded and analysed is freaking some people out. And this extra customer push may be what was needed to finally improve on-device security for our most personal devices (aka smartphones).

Apple announced (link) that IOS 8 is a big move for IOS device security because it is now "technologically impossible" to access data stored on a passcode or TouchID locked device. Apple says they can no longer bypass device security. It is important to note that this only applies for on device information (contact, pictures, recordings, etc), anything stored in the cloud is fair game and can be handed over to authorities with a warrant or NSL.

Obviously law enforcement isn't too thrilled about this new hurdle because it (they claim) makes it easier for criminals to perform their nefarious activities and hide.

Why did Apple do this? Because if they can't technically provide the information, then they can  no longer be compelled to do so by a court. It reduces workload for them and improves customer perception. 

Now for the bad news. Renown security analyst Jonathan Zdziarski discussed these new measures on his blog (link) but threw in an important caveat :

What’s left are services that iTunes (and Xcode) talk to in order to exchange information with third party applications, or access your media folder. Apple wants you to be able access your photos and other information from your desktop while the phone is locked – for ease of use. This, unfortunately, also opens up the capability for law enforcement to also use this mechanism to dump:

- Your camera reel, videos, and recordings
- Podcasts, Books, and other iTunes media
- All third party application data

Existing commercial forensics tools can still acquire these artifacts from your device, even running iOS 8. I have tested with my own private forensics tools, as well, and confirmed this. I dumped all of my third party application data (including caches, databases, screenshots, etc), as well as my camera reel and other media… all within a few minutes and from my locked iPhone running iOS 8 GM.

There is one big caveat though, but it’s not a big problem for law enforcement. This technique requires access to a trusted pairing record on a desktop / laptop machine that is paired with your phone, and as of iOS 8 requires physical access to the phone. What does this mean? This means that if your’e arrested, the police will seize both your iPhone and all desktop / laptop machines you own, and use files on the desktop to dump and access all of the above data on your iPhone. This can also be done at an airport, if you are detained.
— Jonathan Zdziaski

I don't want to undersell what Apple has done. Apple has helped make IOS users much safer by fixing many of the security issues present in IOS7. The above note by Jonathan is something to keep in mind. If you want to maintain the highest level of security protection, never connect your iPhone to a PC.