The new discovery feature within Apple’s upcoming mobile OS could make user data more secure, but also create difficulties for law enforcement.
We saw this issue play out last year, as the FBI and Apple battled it out over the locked iPhone of one of the deceased San Bernardino shooters in California. In this case, the FBI dropped the hearing, stating that the iPhone had been unlocked by a third party.
Not as simple as a fingerprint
Online security firm ElcomSoft has pointed out the beefed-up security measures in the upcoming iOS 11. Currently, thieves and the authorities rely on triggering an automatic backup from a computer that has been registered as a trusted device.
Once the phone and computer are paired, data can be gleaned from the handset without logging in again in future.
According to ElcomSoft, establishing a trusted device will no longer be just a simple case of using a fingerprint, which can be duped or even 3D printed – you’ll need the full passcode, too. The issue here for law enforcement is an obvious one: they can legally source fingerprints, but not passcodes, making it difficult to search devices of criminal suspects.
ElcomSoft explained the forensic implications of this new feature: “Prior to iOS 11, it was possible to perform logical acquisition of an iOS device by unlocking the device with Touch ID. The new pairing procedure requires the use of device passcode in order to establish trust between the device and the computer, thus making logical acquisition possible only if you know the passcode.
“This change is very important from the legal standpoint. While in certain cases, the user may be compelled to unlock their device using their fingerprint, obtaining the passcode from the user may be challenging and, in many jurisdictions, not legally possible.”
The extra step added in iOS 11 will mean that the established data forensics method of offloading phone data to a computer for more granular analysis will be much more difficult to accomplish.
Apple’s new SOS mode
Another feature that will be present in iOS 11 is SOS mode. This is an emergency feature that allows users to call emergency services by quickly pressing the power button five times in a row.
This feature will also disable Touch ID temporarily, making a passcode necessary to use the device. A discreet way to disable Touch ID such as this could be used “in situations where the user might be compelled to unlock their phone with a fingerprint”.