Apple to Block Police iPhone Hacking Tools in Future Update
Law enforcement has frequently complained about the rise of smartphone encryption, which can prevent authorities from gathering vital evidence in criminal investigations. However, companies like Apple and Google maintain that encryption is essential to user privacy. Police around the world have been able to work with security firms to crack devices, but the process isn’t cheap. Soon, even that avenue will be closed to law enforcement agents that find themselves in possession of a locked iPhone. Apple is set to block such unlock methods with a simple tweak to iOS.
For about a year, law enforcement agencies around the world have spent heavily on devices from a company called Grayshift. The so-called “GrayKey” boxes can unlock encrypted iPhones in as little as two hours. The device starts at $15,000 with a limit of 300 uses, and an unlimited version costs $30,000. Anyone who bought the unlimited box might be regretting that right now. An upcoming iOS update will include USB Restricted Mode, shutting off data access on the port and rendering the GrayKey useless.
The last few developer betas have used USB Restricted Mode, but this is the first time Apple has included it in a final build of iOS. You’ll still be able to use the phone’s Lightning port normally when the device is unlocked. However, data access on the port will completely shut off 10 minutes after it has been locked. Power still works, so you can charge the phone while it’s locked. Without data connectivity over USB, the GrayKey can’t worm its way into the system and hack the passcode.
Apple reportedly started looking into the GrayKey exploit after news of the device surfaced last year. Rather than play a cat and mouse game with the company to patch exploits, Apple just opted to restrict data on the USB port. Not only does this hobble Grayshift’s services, but it could protect against any similar attacks in the future. With no way into the device’s memory, there’s no way to exploit anything. Apple describes this as a general security update rather than a response to law enforcement. Still, the police and the FBI are expressing quiet disapproval.
Police will still have an extremely short window of time during which they can connect a phone to a Graykey device after it has been locked. However, that only matters if the phone is awake when it’s confiscated. Otherwise, the USB port will probably already be locked down.
Continue reading
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.
Apple Urges Immediate iPhone Update to Block Active Online Hacks
There's a new version of Apple's iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging for iOS 14.4 comes with a little more urgency.
Samsung Promises to Update Its Android Phones Even Longer Than Google
Smartphone updates have been a mess for as long as the modern smartphone has existed, but Samsung just took a big step in the right direction: The company has decided to extend security update support to a full four years.