Advertisements

Reality Check: Despite Apple’s Privacy Pledge, Cops Can Still Pull Data Off a Locked iPhone

apple-glass_1950645b

A reminder to iPhone owners cheering Apple’s latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.

“I am quite impressed, Mr. Cook! That took courage. But it does not mean that your data is beyond law enforcement’s reach.”

—  iOS forensics expert Jonathan Zdziarski

On Wednesday evening Apple made news with a strongly-worded statement about how it protects users’ data from government requests. And the page noted at least one serious change in that privacy stance: No longer will Apple aid law enforcement or intelligence agencies in cracking its users’ passcodes to access their email, photos, or other mobile data. That’s a 180-degree flip from its previous offer to cops, which demanded only that they provide the device to Apple with a warrantto have its secrets extracted.

apple-event-0909-2-660x440

In fact, Apple claims that the new scheme now makes Apple not only unwilling, but unable to open users’ locked phones for law enforcement. “Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access [your personal] data,” reads the new policy. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

“I can do it. I’m sure the guys in suits in the governments can do it. And I’m sure that there are at least three or four commercial tools that can still do this, too.”

But as the media and privacy activists congratulated Apple on that new resistance to government snooping, iOS forensics expert Jonathan Zdziarski offered a word of caution for the millions of users clamoring to pre-order the iPhone 6 and upgrade to iOS 8. In many cases, he points out, the cops can still grab and offload sensitive data from your locked iPhone without Apple’s help, even in iOS 8. All they need, he says, is your powered-on phone and access to a computer you’ve previously used to move data onto and off of it.

“I am quite impressed, Mr. Cook! That took courage,” Zdziarski wrote in a blog post. “But it does not mean that your data is beyond law enforcement’s reach.”

Just after Apple’s announcement, Zdziarski confirmed with his own forensics software that he was still able to pull from a device running iOS 8 practically all of its third-party application data—that means sensitive content from Twitter, Facebook, Instagram, web browsers, and more—as well as photos and video. The attack he used impersonates a trusted computer to which a user has previously connected the phone; it takes advantage of the same mechanisms that allow users to siphon data off a device with programs like iTunes and iPhoto without entering the gadget’s passcode…(read more)

WIRED

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.