Apple Update Will Hamper Police Device Crackers
Apple has confirmed that a forthcoming update will fix a security vulnerability known to be used by police to crack seized devices.
The tech giant’s update will ensure that third parties can’t access and transfer a handset’s data by connecting via the Lightning port, if the phone has been locked for more than an hour.
Controversial smartphone cracking companies like Grayshift and Cellebrite are thought to exploit the flaw in order to circumvent device security which locks users out and/or erases data once the limit is reached on passcode entry attempts.
Their services are often sought by police in the US and elsewhere looking to crack devices for use in investigations.
Once the update is applied, law enforcers will only have an hour to get into a device after it was last locked, using these same techniques.
"At Apple, we put the customer at the center of everything we design," the firm said in a statement. "We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."
Despite its reassurances, the move is likely to reopen the war of words between the Cupertino giant and the FBI, which has tried and failed to force it to engineer a de facto backdoor into its software so investigators can access specific devices.
It’s thought the FBI eventually turned to Cellebrite two years ago after failing in a legal challenge to Apple.
Alex Rice, CTO of HackerOne, argued that Apple is right to fix known vulnerabilities, even if they are used by police.
"Back in 2016, when the FBI revealed it utilized third parties to help break into iPhones, a new issue presented itself — there was a known vulnerability being exploited that wasn't shared with the only organization in the world that could fix it,” he explained.
“There are over 700 million iPhones in the hands of consumers. Patching any and all vulnerabilities as quickly as possible is necessary for a mature security posture and the only responsible path to protect the public."
Source: Information Security Magazine