Apple to Block Police iPhone Hacking Tools in Future Update

Law enforcement has frequently complained about the rise of smartphone encryption, which can prevent authorities from gathering vital evidence in criminal investigations. However, companies like Apple and Google maintain that encryption is essential to user privacy. Police around the world have been able to work with security firms to crack devices, but the process isn’t cheap. Soon, even that avenue will be closed to law enforcement agents that find themselves in possession of a locked iPhone. Apple is set to block such unlock methods with a simple tweak to iOS.

For about a year, law enforcement agencies around the world have spent heavily on devices from a company called Grayshift. The so-called “GrayKey” boxes can unlock encrypted iPhones in as little as two hours. The device starts at $15,000 with a limit of 300 uses, and an unlimited version costs $30,000. Anyone who bought the unlimited box might be regretting that right now. An upcoming iOS update will include USB Restricted Mode, shutting off data access on the port and rendering the GrayKey useless.

The last few developer betas have used USB Restricted Mode, but this is the first time Apple has included it in a final build of iOS. You’ll still be able to use the phone’s Lightning port normally when the device is unlocked. However, data access on the port will completely shut off 10 minutes after it has been locked. Power still works, so you can charge the phone while it’s locked. Without data connectivity over USB, the GrayKey can’t worm its way into the system and hack the passcode.

Apple reportedly started looking into the GrayKey exploit after news of the device surfaced last year. Rather than play a cat and mouse game with the company to patch exploits, Apple just opted to restrict data on the USB port. Not only does this hobble Grayshift’s services, but it could protect against any similar attacks in the future. With no way into the device’s memory, there’s no way to exploit anything. Apple describes this as a general security update rather than a response to law enforcement. Still, the police and the FBI are expressing quiet disapproval.

Police will still have an extremely short window of time during which they can connect a phone to a Graykey device after it has been locked. However, that only matters if the phone is awake when it’s confiscated. Otherwise, the USB port will probably already be locked down.

Continue reading