Apple's USB "Lightning Port" is a favored means of breaking into phones, and one the compnay seeks to prevent. Image via Chris Ratcliffe—Bloomberg via Getty Images

Apple Stands up for Privacy with iPhone Fix

Apple told Reuters last week that the company plans to introduce new security features in the forthcoming iOS 12 update to patch a security vulnerability commonly employed to gain access to password-protected iPhones.

In wide use by law enforcement agencies around the world and an unknown number of private and criminal hackers, the avenue of attack entails accessing the phones’ data through the Lightning port, Apple’s proprietary USB connection.

iOS’ new USB Restricted Mode would disable data transfer on the Lightning port after an iPhone has been locked for an hour, requiring a correct password to re-enable the port’s communications, a feature the company has already trialed in previous iOS betas. By implementing this feature, the window of time for a successful breach to be carried out on a iPhone would be limited to, at best, only 60 minutes, meaning that even if the phone was stolen or confiscated immediately, a would-be attacker armed with the even best cyber-sleuthing tools would have a dismal chance to crack into a phone, especially if the device had a long, complex passcode resistant to brute force attacks.

According to a Forbes article citing cybersecurity expert Ryan Duff, the iPhone’s first line of defense is the Secure Enclave Processor, a partitioned chip within Apple’s mobile devices that generates cryptographic keys and stores sensitive data such as Touch ID fingerprint information. The Secure Enclave Processor is designed to prevent brute force attacks on iPhone passwords by progressively increasing the amount of time required between attempts, however it appears that exploits designed to shortcut this feature have been developed, allowing for brute force as a viable method to eventually unlock any iPhone.

At least two major firms, including Israel’s Cellebrite and the US-based Grayshift, likely take advantage of this weakness in their legal hacking services, sold for top-dollar to law enforcement agencies and other customers needing access to a locked iPhone’s data. While Cellebrite requires that customers send in phones for laboratory analysis, Grayshift sells its flagship GrayKey device, which allows users—including a host of state, local, and federal law enforcement customers—on-site access to a locked iPhone—though at a steep price, with a $30,000 fee for unlimited use of a GrayKey.

One of Grayshift’s GrayKey devices. Image via MalwareBytes.

Apple’s move reaffirms its position as the privacy leader among competing tech giants in Silicon Valley, though not without controversy.

If Apple succeeds in blocking attack vectors used by law enforcement, the company may face public scrutiny or even court challenges, such as it did in the wake of 2015’s San Bernadino shooting. In a months-long public row with impassioned support on both sides, the FBI took Apple to federal court demanding the company develop an exploit to aid the agency in hacking into an iPhone 5C belonging to one of the shooters, a request Apple refused. The FBI retracted its request a day before the hearing, however, revealing that it had found a third party able to break into the iPhone (at a cost of more than $1 million). If another high-profile case involving an iPhone emerges, the courts may have to decide between rights to privacy one hand—both of software companies and the more than 220 million Americans who own smartphones—and  the ostensible greater good of public safety or security on the other.

In prepared statements to Reuters and other media outlets, Apple says that it has “the greatest respect for law enforcement” and doesn’t “design our security improvements to frustrate their efforts to do their jobs,” stating instead that the company’s security updates are focused on “strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data.”

However, in the cat-and-mouse game between hackers and cybersecurity experts, solutions rarely last, and police agencies will certainly resort to whatever means they can legally access to defeat Apple’s new security measures. Citing anonymous sources near the issue, Vice’s Motherboard reports that Grayshift has already found a workaround for Apple’s planned updates restricting the Lightning port access, revealing that the company claims it defeated the feature in beta testing and can still access locked iPhones using its GrayKey devices. Other groups are also seeking ways to bypass the new features, potentially by increasing the hour-long window for data access.