Apple and the law enforcement community have been stuck in a back-and-forth over encryption for the last few years, and it’s heated up considerably in the USA this month since Apple announced a feature that would thwart a popular iPhone cracking method used by police. Now, the companies that work with law enforcement have responded, and they’re pretty sure they already have a workaround.
Motherboard reported the makers of hacking tools designed to bypass Apple’s encryption and allow unauthorised persons to view the content of an iPhone are already pitching their technology as a way to defeat Apple’s yet-to-be-publicly-released security features.
In an email obtained by Motherboard, a forensic expert meeting with digital forensic firm Grayshift said the company “stated that they have already defeated this security feature in the beta build.” The expert said Grayshift has “gone to great lengths to future proof their technology” and have “built in future capabilities that will begin to be leveraged as time goes on.”
Another person on the email thread reportedly responded to the first message to say Grayshift addressed Apple’s new security protections in a webinar several weeks ago, suggesting the company has already created a workaround to continue cracking open iPhones for law enforcement.
Grayshift is the maker of GrayKey, a $US15,000 iPhone hacking device that has been marketed to police and government agencies. First revealed by security researchers at MalwareBytes, GrayKey can supposedly crack an iPhone’s security code in anywhere from two hours to three days. Defeating the combination allows law enforcement to view the contents of the device without consent from the iPhone owner.
Apple planned to counter Grayshift and the tools of other competitors like Israel-based Cellebrite by introducing USB Restricted Mode. Available in early beta versions of iOS and planned to be included in the public release of iOS 12, the feature locks USB access on iOS devices after the iPhone or iPad has been locked for one hour. In theory, it means if cops don’t get to the device almost immediately and keep it on and active, the iPhone becomes a black box they can’t peer into.
The promised feature managed to piss off basically the entirety of the law enforcement community, which expressed its frustration earlier this week. Chuck Cohen, the head of an Indiana State Police task force on internet crimes against children, told The New York Times, “If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety.” (The Indiana State Police are one of several states that purchased a GrayKey device, and per NYT have used it to unlock 96 iPhones in the last year.)
Forensic companies are well aware of the panic caused by Apple’s decision and clearly see a market for developing new methods to break the company’s encryption. Shahar Tal, the vice president of research at Cellebrite, tweeted, “[That moment when] 10 of the last 12 threads in my inbox have ‘USB Restricted Mode’ in the subject line, and you realise it’s just the beginning.”
If Grayshift, Cellebrite, and others do truly have methods to defeat Apple’s USB Restricted Mode, the company will no doubt search for another way to protect user data — and the companies will look for ways to crack that protection. It’s a cycle that has no end in sight.