Apple To Close Security Loophole Exploited By Police In Getting Personal Or Private Data From Locked iPhones

Devices such as GrayKey will no longer be able to push past the lock screen lockout – both criminals and those that catch them will be left looking for clues the old fashioned way.

iphone security block
South_Agency / iStock

Devices such as GrayKey will no longer be able to push past the lock screen lockout – both criminals and those that catch them will be left looking for clues the old fashioned way.

Law enforcement officers employing questionable methods to attain private and personal data from suspects face a new obstacle in the near future, the Chicago Tribune reports. Apple has announced their plans to close a security loophole that allows unauthorized access of data despite facing a locked iPhone.

Currently, consumer options offered up by companies such as Cellebrite and GrayShift allow for any user who purchased the USB device to bypass several vital security features common to most iPhone models. When opposed by a lock screen – and one that generally will disable the smartphone upon too many failed guesses at the unlock key – persons in possession of a GrayKey would be able to enter unlimited entries, essentially brute forcing their way in. The process was very commonly employed by law enforcement, and even worked on the newest model of the iPhone sold by Apple, the iPhone X.

The average passkey could take between two hours and a few days to defeat, according to HotHardware. Regardless, no iPhone was immune to the intrusion, whether conducted by unauthorized police investigators or unscrupulous private citizens.

  Wachiwit / iStock

The change prompted an even deeper debate about the growing use of encryption and information being held beyond public purview. The debate broke along fairly predictable lines with libertarians and privacy advocates cheering the decision and those involved with law enforcement and investigations being more skeptical.

The FBI is reportedly increasingly concerned with the issue of “going dark” online, using encryption protocols and other shielding methods to obscure potentially damning evidence before, during, or after a crime. The Chicago Tribune shared the comments of Ronald Hosko, former assistant director of the FBI, and currently president of the Law Enforcement Legal Defense Fund.

“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations. Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”

Sacrificing liberty for security is not a core philosophy of critics opposed to the stripping of privacy when it comes to their personal communications and possessions. On the other side of the philosophical fence is Julian Sanchez, a senior fellow at American libertarian think tank, the Cato Institute. He reiterates that, to his view, it is foolish to believe that such inexpensive and commonly purchased devices will ever be simply restricted to legal usage by authorized police investigators.

“This could be painted as fundamentally about denying law enforcement access, but this is a security vulnerability. There is a method by which the security of the [iPhone] can be compromised by devices law enforcement can purchase. There’s not really any reason to think only law enforcement will ever have those devices.”

Regardless of which side one takes, the issue of increased scrutiny of personal communications – files, photos, songs, browsing history, or even what we say out loud in homes equipped with Amazon’s Alexa or Google Home – is quickly becoming a reality amongst citizens of industrialized nations.

For their part, Apple has made it clear that the software update is not targeting the use of the bug by police particularly, but is part of a generalized security update to prevent the method from working entirely, no matter who is attempting to bypass the user’s security set-up.