Apple to close security flaw used by law enforcement to crack iPhones

14 Jun 2018

White iPhone SE. Image: karanik yimpat/Shutterstock

Tech giant Apple is closing a security loophole that had been widely used by police forces to gain access to devices.

A security gap that allowed individuals to gain access to personal information from locked iPhones without the need for a password is to be closed by Apple.

The loophole will be eliminated in a forthcoming iOS update from the company.

Wrangling with the FBI

Apple has often butted heads with law enforcement when it comes to the issue of individual privacy versus the need to gather evidence related to criminal activity. This is perfectly exemplified by the legal battle with the FBI regarding the company’s refusal to help open the locked iPhone of a deceased mass-shooter in California in 2016.

The government agency was able to eventually unlock the device without the assistance of Apple. Following this, other law enforcement agencies copied the procedure, paying third parties or buying devices from manufacturers such as Grayshift and Cellebrite to crack the phones.

The loophole allowed firms such as these to run special software to the iPhone’s charging and data port in order to unlock the device, sometimes days or months after the device was last unlocked. The company is now planning an update that will essentially disable the port an hour after the phone is locked. Charging will still be possible without a password.

Apple said: “We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data.

“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.” The company also noted that the method is not just used by law enforcement, as criminals, spies and other individuals have been known to employ the strategy.

Two sides

The conflict has continued between law enforcement officials, who say that unlocking devices has been invaluable to their investigations; and security advocates, who say the practice presents a major risk and is an invasion of privacy.

This is not the first time Apple has closed off a security loophole used by law enforcement. Police used to try every possible passcode on iPhones for many years until the method was thwarted by the company’s decision to block the devices after a certain amount of input attempts.

White iPhone SE. Image: karanik yimpat/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects