iPhone Had a Security Hole But Police Doesn’t Want Apple to Fix It

At a time when most of the tech titans including Facebook and Google are under scrutiny for alleged malpractices in data privacy and sharing, Apple stands as the white knight for the cause. If you recall, it even fought a lawsuit and indulged in a public spat against FBI in 2016 over giving access to one of their user’s data. And while Apple makes some of the most secure devices in the industry, the law enforcement agencies are no fools either. Even in the mentioned case against FBI, the agency eventually dropped the case because a contractor offered to hack the phone anyway.

That might not be so easy anymore. Though there might be many security vulnerabilities in iPhone- some known, some unknown, and maybe some kept secret (there are rumors of zero-day exploits), one of the most popular among law enforcement agencies (and hackers) is using the Lightning port. They connect the device through the port to inject codes that bypass the number of attempts before the phone wipes out all the user data. There are even forensic companies selling such machines to agencies and offering ad-hoc services for each phone.

As Apple puts it, after these techniques came to its attention, it reviewed the code and is now simply tweaking some settings to make the process ineffective- or at least less effective. It is bringing in a USB restrictive mode that blocks the connection through port if the device hasn’t been unlocked in the last one hour. That is, even if law enforcement agencies (or criminals) get their hands on an iPhone, they would have just one hour to inject the code- which seems very unlikely in most cases. The update was first spotted in iOS 11.3 beta but wasn’t present in the public release. The company says all future updates will have this security measure.

Check-out: What’s new in iOS 11.4

The consumers now can, naturally, be more relaxed knowing their data won’t be accessed without their consent but will pose a major hurdle for being sniffed for clues and evidence on criminals by police with iPhone. As per estimates, sealing this security loophole will block around 90% of such instances except if police also come into offensive. As mentioned before, there are forensic companies marketing such iPhone cracking machines. So, if police were to deploy them at all search and seizure locations, one hour would still be enough. Then, of course, we can expect Apple to pull off some another trick to throw others off balance.