Since Apple locked down its iPhones three years ago with encryption that even the company itself can’t break, it has been in a cold war with the cops—one that has occasionally turned hot. Exhibit A: its legal standoff with the FBIover the seized iPhone of San Bernadino killer Syed Rizwan Farook. Now, 18 months after that showdown, Apple is adding yet more features that are designed to guard your digital privacy from anyone who nabs your iPhone—whether it’s a mugger on the street or the policeman who just threw you in jail.
Security researchers and forensic analysts who’ve seen early developer versions of iOS 11, expected to be announced at Apple’s launch event tomorrow, say its new features include tweaks designed to make extracting the data from a seized phone far more difficult without the phone’s six-digit passcode. And while those changes seem aimed at protecting iPhone users’ data from run-of-the-mill thieves and snooping boyfriends, it could also mark another escalation in Apple’s tensions with law enforcement officials and customs agents who want the ability to extract data wholesale from the phones of criminal suspects and travelers at the border.
From the perspective of those government agents, “this will be a major pain in the ass,” says Nicholas Weaver, a security researcher at the International Computer Science Institute at the University of California at Berkeley. “Apple wants to live in a world where the phone in your hands is super valuable, but in anyone else’s hands is a brick…If that messes up police’s and customs’ forensic dumps? So what. The benefits outweigh the harm.”
A Less Promiscuous Port
According to a blog post from Russian forensics software firm Elcomsoft on Thursday, Apple has made at least two significant changes to iOS 11 that will create new hurdles for those trying to access the innards of a seized iPhone. First, they’ve added a crucial step to the process of moving a phone’s contents to a forensic analyst’s desktop computer, a change that could significantly reduce the amount of data police can access on seized phones—even if they manage to confiscate them in an unlocked state.
In recent versions of iOS, any iPhone plugged into an unfamiliar computer would ask the user if he or she was willing to trust that new machine before exchanging any data with it. That meant if cops or border agents were able to seize an unlocked iPhone or compel its owner to unlock a locked one with a finger on its TouchID sensor, they could simply plug it into a desktop via a cable in its lightning port, choose to trust the new machine with a tap, and upload its contents using forensic software like Elcomsoft or Cellebrite. (That’s particularly important because courts have found criminal suspects can’t plead the Fifth Amendment and refuse to offer their fingerprints, as they sometimes can with a password or passcode.)
But in iOS 11, iPhones will not only require a tap to trust a new computer, but the phone’s passcode, too. That means even if forensic analysts do seize a phone while it’s unlocked or use its owner’s finger to unlock it, they still need a passcode to offload its data to a program where it can be analyzed wholesale. They can still flip through the data on the phone itself. But if the owner refuses to divulge the passcode, they can’t use forensic tools to access its data in the far more digestible format for analysis known as SQLite. “There’s a huge amount of data that can’t be effectively analyzed if you have to look at it manually,” says Vladimir Katalov, Elcomsoft’s co-founder. “On my phone, I have more than 100,000 messages and several thousand call logs. The manual review of that data is not possible.”