Apple has confirmed that it is closing a technological loophole that allows law enforcement officials to hack into iPhones through USB-based hardware solutions like the GrayKey box, reports The New York Times.
Apple said it was planning an iPhone software update that would effectively disable the phone's charging and data port -- the opening where users plug in headphones, power cables and adapters -- an hour after the phone is locked. In order to transfer data to or from the iPhone using the port, a person would first need to enter the phone's password.
As we shared last week, the feature that prevents USB accessories from connecting to an iPhone or iPad if it's been more than an hour since the device was last unlocked is included in iOS 12. This setting is enabled by default and it will not allow USB-based accessories like the GrayKey box to connect to an iOS device until a passcode is entered. Charging, however, is still possible as it does not require a data connection.
Apple's new setting effectively disables the techniques that law enforcement officials have been using to access locked iPhones over the past couple of years. A current popular iPhone unlocking option, for example, is the GrayKey box, which has been sold to hundreds of law enforcement agencies across the United States.
The GrayKey box is designed to plug into the Lightning port of an iPhone where it uses a data connection to brute force a passcode in as little as a few hours. With the change, the GrayKey box will not work on an iPhone unless it has been less than an hour since the device was last unlocked. The short time period available for access via USB essentially renders the GrayKey box useless.
Located under Touch ID & Passcode, the USB access setting can be disabled, but most users will have no reason to turn it off as there's no real benefit to doing so. All iOS devices will have this setting turned on by default after upgrading to iOS 12, which means law enforcement officials will have a much more difficult time accessing devices running iOS 12 and beyond.
As The New York Times points out, law enforcement officials have become aware of the changes Apple is planning to implement in iOS 12 and they're not happy. Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children, told The New York Times that the Indiana State Police had unlocked 96 iPhones using the GrayKey box in 2017.
"If we go back to the situation where we again don't have access, now we know directly all the evidence we've lost and all the kids we can't put into a position of safety," said Cohen.
iPhone unlocking devices like the GrayKey box, however, are often not only used by law enforcement officials and can be used by hackers and other nefarious individuals, making it crucial for Apple to patch the security flaw that allows the devices to work.
Apple is not aiming to thwart law enforcement efforts with its on-device security changes. The company regularly complies with requests for the data that it stores on its servers, and has a dedicated team of professionals to respond to these requests. Since 2013, Apple has responded to more than 55,000 U.S. government requests seeking information relating to over 208,000 devices, accounts, or financial identifiers.
Apple also has a team for responding to national security requests, and in 2017 alone, Apple received 29,250-29,748 National Security Requests from the U.S. government. Specific numbers are not available because of U.S. law.
An Apple spokesperson told MacRumors that Apple is always working on strengthening security protections and addressing iPhone vulnerabilities as quickly as possible to defend customers against hackers.
"At Apple, we put the customer at the center of everything we design. We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
