Apple Confirms Plans to Disable Law Enforcement Access to iPhone via Tools Like GrayKey Box

[MacRumors]

Apple has confirmed that it is closing a technological loophole that allows law enforcement officials to hack into iPhones through USB-based hardware solutions like the GrayKey box, reports The New York Times.

Apple said it was planning an iPhone software update that would effectively disable the phone's charging and data port -- the opening where users plug in headphones, power cables and adapters -- an hour after the phone is locked. In order to transfer data to or from the iPhone using the port, a person would first need to enter the phone's password.

As we shared last week, the feature that prevents USB accessories from connecting to an iPhone or iPad if it's been more than an hour since the device was last unlocked is included in iOS 12. This setting is enabled by default and it will not allow USB-based accessories like the GrayKey box to connect to an iOS device until a passcode is entered. Charging, however, is still possible as it does not require a data connection.

Apple's new setting effectively disables the techniques that law enforcement officials have been using to access locked iPhones over the past couple of years. A current popular iPhone unlocking option, for example, is the GrayKey box, which has been sold to hundreds of law enforcement agencies across the United States.

The GrayKey box is designed to plug into the Lightning port of an iPhone where it uses a data connection to brute force a passcode in as little as a few hours. With the change, the GrayKey box will not work on an iPhone unless it has been less than an hour since the device was last unlocked. The short time period available for access via USB essentially renders the GrayKey box useless.

Located under Touch ID & Passcode, the USB access setting can be disabled, but most users will have no reason to turn it off as there's no real benefit to doing so. All iOS devices will have this setting turned on by default after upgrading to iOS 12, which means law enforcement officials will have a much more difficult time accessing devices running iOS 12 and beyond.

As The New York Times points out, law enforcement officials have become aware of the changes Apple is planning to implement in iOS 12 and they're not happy. Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children, told The New York Times that the Indiana State Police had unlocked 96 iPhones using the GrayKey box in 2017.

"If we go back to the situation where we again don't have access, now we know directly all the evidence we've lost and all the kids we can't put into a position of safety," said Cohen.

iPhone unlocking devices like the GrayKey box, however, are often not only used by law enforcement officials and can be used by hackers and other nefarious individuals, making it crucial for Apple to patch the security flaw that allows the devices to work.

Apple is not aiming to thwart law enforcement efforts with its on-device security changes. The company regularly complies with requests for the data that it stores on its servers, and has a dedicated team of professionals to respond to these requests. Since 2013, Apple has responded to more than 55,000 U.S. government requests seeking information relating to over 208,000 devices, accounts, or financial identifiers.

Apple also has a team for responding to national security requests, and in 2017 alone, Apple received 29,250-29,748 National Security Requests from the U.S. government. Specific numbers are not available because of U.S. law.

An Apple spokesperson told MacRumors that Apple is always working on strengthening security protections and addressing iPhone vulnerabilities as quickly as possible to defend customers against hackers.

"At Apple, we put the customer at the center of everything we design. We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Confirms Plans to Disable Law Enforcement Access to iPhone via Tools Like GrayKey Box

 

[KPandian1]

Now, wait for the knee-jerk reaction from the extreme nuts. They don't understand the concept of privacy for one means privacy for all.

Hope Google, Microsoft, Amazon and other big boys come out with support and similar methods.

 

[cycomiko]

So they went straight to the old trope of "won't somebody think o the children"

 

[bperrella]

Wow that quote from the police is literally a meme. Bbbut think of the children.

 

[dk001]

So continues the giant game of "TAG".

Try
Again
Government

 

[dwman]

Given the current nature of our banana republic and the slow creep towards 24hr surveillance of law-abiding citizens, this is a prudent move by Apple. Glad they have the guts to stand up for their users rights.

 

[Saturnine]

I’m glad the New York Times decided in their quote to clarify what the charging and data port is. I’d never have known otherwise.

 

[Ca$hflow]

LOL, protect the children. How lame to use children as a way to thwart personal privacy. You can save a million percent more children by NOT giving kids an iPhone at too young of an age.

 

[Manzzle]

The more you guys broadcast this, they will work harder to find a way to break through.

 

[nt5672]

Mr. Chuck Cohen did not bother to indicate how many of these 96 phones had information that actually made a difference in the investigation and I know why. This is not about the children, but about making the police's job easier. How about the police getting off their duff and doing some police work instead of just sitting around demanding free access to any phone they want.

 

[KPandian1]

The more you guys broadcast this, they will work harder to find a way to break through.

Will they move at the pace of a sloth if "we Guys" don't broadcast this?

Anything to suppress!

You underestimate the hacking community.

 

[-BigMac-]

Epic. Super exciting time to be an Apple user in the era of constant surveillance and giant privacy leaks.

Although this doesnt patch the whole picture, its another step forward. Well done!

 

[Peepo]

I wonder if Apple and other companies charge a fee for national security requests. I would have to presume that they do and it is probably a lucrative business for Apple.

 

[PaulRustad007]

It is always about the.....

and it almost the worst excuse ever......

 

[macduke]

The reason we haven't heard much about them trying to get access is that they've been using this to get access for the past year or two. Once that goes away we'll either hear more complaints or silence. If we hear silence then we should be worried because they've got a backup plan.

 

[DocMultimedia]

Give. Take. Give. Take....

 

[Swift]

It's not a cure-all, but that's good. Another part of this that I really love is the amount of anonymization there will be in Safari in iOS 12 and Mojave. I hate those ads that want to know who you are for two reasons: in the end, they collect a hell of a lot of information about you ... right, Google...? And they can sell this stuff to, like Cambridge Analytics -- now deceased and renamed -- and they can merge what Google has, what Facebook has, and what your voter registration has, and all other public or cheap info, and they've got a portrait of you for any number of reasons, from blackmail to political ads. I would strongly back a regulation of the Internet that made that kind of mass collection illegal. For one thing, look at Facebook in 2016. For another, think of what's to come. Big Brother we don't need.

And for another, all that javascript junks up webpages so they jiggle and jitter for 25 seconds, when a plain page loads in 5 seconds. And it's a place for viruses to hide. Show us an ad based on what you know about what kind of people read this, or watch this. Guess. It made TV a s--tton of money. But the TV couldn't take pictures of you, and nobody thought that it could or that it should.

 

[jerwin]

I’m glad the New York Times decided in their quote to clarify what the charging and data port is. I’d never have known otherwise.

it's possible that an earlier draft said "lightning port", and the copy editors nixed that, without deleting the now somewhat superfluous clarification.

 

[surf2snow1]

Given the current nature of our banana republic and the slow creep towards 24hr surveillance of law-abiding citizens, this is a prudent move by Apple. Glad they have the guts to stand up for their users rights.

This started under the last administration. To be fair, it started at the local (not federal) level.

 

[JimmyHook]

Good. Because military contractors like Google don’t believe in privacy (or security really).
[doublepost=1528930511][/doublepost]

This started under the last administration. To be fair, it started at the local (not federal) level.

Don’t play those games. Trump is as Orwellian as it gets. It technically started a LONG time ago, but Agent Orange is making it way worse

 

[djlythium]

THANK YOU, APPLE!

It’s actions like these that keep me buying Apple products, and recommending them to others for their focus on privacy.

 

[rafark]

Please this is just a show.

 

[KPandian1]

Don’t play those games. Trump is as Orwellian as it gets. It technically started a LONG time ago, but Agent Orange is making it way worse

Yes, please don't trivialize this issue.

Add Republicans to the Big Brother brood. In fact they have always been so for almost a century!

 

[Robert.Walter]

This feature needs to kick in when one uses the click the power button for sos feature.

If this has been overlooked then that’s a design flaw.

 

[cmwade77]

Please this is just a show.

I think you may be right, otherwise they would have an option to securely erase the phone after X number of unsuccessful password attempts and perhaps even provide a way to have a password that would immediately erase the phone.
[doublepost=1528931432][/doublepost]

This started under the last administration. To be fair, it started at the local (not federal) level.

Honestly, it started well before that, well before 9/11 even, it dates all the way back to the founding of the country. There are reasons that the constitution has protections against unlawful searches after all. Various events throughout history, such as 9/11 have given the government excuses to slowly chip away at this and we, the people have forgotten that WE have the power to stop them. We have also collectively decided that we would rather have "security" rather than privacy, even though the "security" really isn't security at all, instead it is security theater and in the name of making security easier rather than insisting the government do its job properly.


I don't think the feature goes far enough and I don't think there should be the ability to disable it either, as some clever person will find a way to disable the feature without unlocking the phone.