Reality Check: Despite Apple’s Privacy Pledge, Cops Can Still Pull Data Off a Locked iPhonePosted: September 19, 2014
A reminder to iPhone owners cheering Apple’s latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.
“I am quite impressed, Mr. Cook! That took courage. But it does not mean that your data is beyond law enforcement’s reach.”
— iOS forensics expert Jonathan Zdziarski
On Wednesday evening Apple made news with a strongly-worded statement about how it protects users’ data from government requests. And the page noted at least one serious change in that privacy stance: No longer will Apple aid law enforcement or intelligence agencies in cracking its users’ passcodes to access their email, photos, or other mobile data. That’s a 180-degree flip from its previous offer to cops, which demanded only that they provide the device to Apple with a warrantto have its secrets extracted.
In fact, Apple claims that the new scheme now makes Apple not only unwilling, but unable to open users’ locked phones for law enforcement. “Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access [your personal] data,” reads the new policy. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
“I can do it. I’m sure the guys in suits in the governments can do it. And I’m sure that there are at least three or four commercial tools that can still do this, too.”
But as the media and privacy activists congratulated Apple on that new resistance to government snooping, iOS forensics expert Jonathan Zdziarski offered a word of caution for the millions of users clamoring to pre-order the iPhone 6 and upgrade to iOS 8. In many cases, he points out, the cops can still grab and offload sensitive data from your locked iPhone without Apple’s help, even in iOS 8. All they need, he says, is your powered-on phone and access to a computer you’ve previously used to move data onto and off of it.
“I am quite impressed, Mr. Cook! That took courage,” Zdziarski wrote in a blog post. “But it does not mean that your data is beyond law enforcement’s reach.”
Just after Apple’s announcement, Zdziarski confirmed with his own forensics software that he was still able to pull from a device running iOS 8 practically all of its third-party application data—that means sensitive content from Twitter, Facebook, Instagram, web browsers, and more—as well as photos and video. The attack he used impersonates a trusted computer to which a user has previously connected the phone; it takes advantage of the same mechanisms that allow users to siphon data off a device with programs like iTunes and iPhoto without entering the gadget’s passcode…(read more)
- Police Can Still Get Data Off Your iOS 8 Device Without Apple’s Help (gizmodo.com)
- Despite Apple’s Privacy Pledge, Cops Can Still Pull Data Off a Locked iPhone (blacklistednews.com)
- iOS 8 Encrypts More Data With Passcode (mjtsai.com)
- iOS 8 also comes with bucket of security fixes (cnet.com)
- Apple’s new privacy campaign – and dig at Google (siliconbeat.com)
- Apple: iOS 8 Prevents Cooperation With Police Unlocking Requests (wnyc.org)