Get attacked by identity thieves

Apple wants to protect iPhones from unauthorized access

Vulnerability 06/15/2018, 10:35 a.m.
Apple wants to make intrusion into iPhones even more difficult. To this end, a security gap is to be closed that authorities have so far exploited to crack locked devices.
Apple wants to make cracking its iPhones even more difficult - with a function that deactivates the device's Lightning connector for data connections after an hour in the inactive state. However, the batteries can still be charged via the connection, as the company explained on Thursday. With this, Apple risks a new confrontation with security authorities. Because iPhones are basically encrypted and can only be unlocked by entering the correct passcode, fingerprint or facial scan of the owner. Nevertheless, there are currently at least two providers who exploit a public, unspecified vulnerability to unlock the phones via a cable connection to the Lightning connector.
By deactivating the socket, Apple would drastically shorten the period in which this is even possible. According to the Wall Street Journal, it is still unclear whether the function could be introduced in the next iPhone operating system, iOS 12, which will be announced this fall.

Protection against hackers and identity thieves

Apple emphasized that the group is about to better protect its devices against attacks by hackers and identity thieves as well as against the interception of personal data. "We have the greatest respect for security authorities and do not develop our security improvements to make their work more difficult."
Security authorities have long criticized the encryption of iPhones and smartphones with the Google Android operating system because it makes the devices inaccessible to them and hinders investigations. In the US, Apple was sued by the US Department of Justice in early 2016, demanding that a dead assassin's iPhone be unlocked. The company refused and warned that writing software for it would end up worsening security for everyone. In the end, the US authorities withdrew their lawsuit after they said they had access to the data in the iPhone with the help of an external service provider.

Box unlocks iPhones

For around 15,000 US dollars, the company GrayShift is selling a small box called “GrayKey” in the USA, which investigators can use to crack the phones themselves. Apparently, this can take anywhere from two hours to three days for a six-digit number sequence. With the box, authorities should not only be able to decrypt outdated devices, but also the new iPhones 8 and X, which run on the iOS10 and 11 operating systems.
This is what the GrayKey box looks like
The Israeli company Cellebrite has a similar device on offer to unlock suspects' iPhones. This approach has been criticized by experts because of concerns that the devices could get into the hands of criminals. Apple makes unencrypted information from users available to security authorities by court order.



You might also be interested in