Apple to Block Police iPhone Hacking Tools in Future Update

Apple to Block Police iPhone Hacking Tools in Future Update

Law enforcement has frequently complained about the rise of smartphone encryption, which can prevent authorities from gathering vital evidence in criminal investigations. However, companies like Apple and Google maintain that encryption is essential to user privacy. Police around the world have been able to work with security firms to crack devices, but the process isn’t cheap. Soon, even that avenue will be closed to law enforcement agents that find themselves in possession of a locked iPhone. Apple is set to block such unlock methods with a simple tweak to iOS.

For about a year, law enforcement agencies around the world have spent heavily on devices from a company called Grayshift. The so-called “GrayKey” boxes can unlock encrypted iPhones in as little as two hours. The device starts at $15,000 with a limit of 300 uses, and an unlimited version costs $30,000. Anyone who bought the unlimited box might be regretting that right now. An upcoming iOS update will include USB Restricted Mode, shutting off data access on the port and rendering the GrayKey useless.

The last few developer betas have used USB Restricted Mode, but this is the first time Apple has included it in a final build of iOS. You’ll still be able to use the phone’s Lightning port normally when the device is unlocked. However, data access on the port will completely shut off 10 minutes after it has been locked. Power still works, so you can charge the phone while it’s locked. Without data connectivity over USB, the GrayKey can’t worm its way into the system and hack the passcode.

A GrayKey box.
A GrayKey box.

Apple reportedly started looking into the GrayKey exploit after news of the device surfaced last year. Rather than play a cat and mouse game with the company to patch exploits, Apple just opted to restrict data on the USB port. Not only does this hobble Grayshift’s services, but it could protect against any similar attacks in the future. With no way into the device’s memory, there’s no way to exploit anything. Apple describes this as a general security update rather than a response to law enforcement. Still, the police and the FBI are expressing quiet disapproval.

Police will still have an extremely short window of time during which they can connect a phone to a Graykey device after it has been locked. However, that only matters if the phone is awake when it’s confiscated. Otherwise, the USB port will probably already be locked down.

Continue reading

Signal Founder Hacks Cellebrite’s Phone Hacking Tools
Signal Founder Hacks Cellebrite’s Phone Hacking Tools

The Israeli firm recently bragged that it has helped law enforcement retrieve data from the encrypted Signal chat app. Well, Signal founder Moxie Marlinspike had something to say about that.

Owners Resort to Hacking Smart Treadmills After NordicTrack Locks Them Out
Owners Resort to Hacking Smart Treadmills After NordicTrack Locks Them Out

After customers started installing their own apps on the company's $4,000 X32i smart treadmill, NordicTrack released a software update that locked them out. Owners aren't happy.

Wyze Left Security Cameras Open to Hacking for Three Years
Wyze Left Security Cameras Open to Hacking for Three Years

A new disclosure from security firm Bitdefender reveals that the original Wyze Cam has a major security vulnerability that could allow an attacker to remotely access your video, and Wyze has known about it for three years.

Apple Denies Bloomberg Chinese Hacking Story to Congress
Apple Denies Bloomberg Chinese Hacking Story to Congress

Apple continues to deny its own involvement in any Chinese hack, this time to Congress. Meanwhile, Bloomberg isn't budging.