Great Moto G Stylus deal on Amazon!

FBI boss worried iOS 8 and Android security hinders crime investigators, researcher proves otherwise

By Luis D.
31comments
iOS Apple Android Google
FBI boss worried iOS 8 and Android security hinders crime investigators, researcher proves otherwise
As the words "smartphones", "security", and "encryption" are being tossed in one sentence more often than ever, the FBI worries that all these anti-poking-around-your-phone measures are going to hinder its efforts to protect the world. James Comey, head of the agency, told reporters that the FBI has been discussing the matter with Apple and Google. 

The former implemented a file encryption scheme in iOS 8 which sees nor the company, nor the FBI being able to access user information - at least in a reasonably quick matter of time. Google will introduce similarly tight encryption in the upcoming Android L Version. Both security systems are enabled by default, and they render both companies unable to comply with official requests by the police to provide user data for crime investigation purposes - and getting away with this legally. In the eyes of Comey, these measures "allow people to place themselves beyond the law".

Reflecting on iOS 8 encryption in his blog, forensics researcher Jonathan Zdziarski argues that its existence "does not mean that your data is beyond law enforcement's reach". Instead of being encrypted with hardware-embedded keys as per the norm, the keys are derived from the user's PIN number or their passcode. According to Zdziarski, brute-forcing a PIN code is possible, but "not technically feasible". He says that the system removes Apple's legal obligation to provide file system data to the FBI, although both Apple and Google must give out cloud storage data upon request. Additionally, Apple has cut off services and loopholes in iOS 8 that let law enforcement agent access file system data with software forensics tools while completely bypassing encrypted passwords.

Recommended Stories
Zdziarski says that "this was a great start to better securing iOS 8, but not everything has been completely protected." He claims that services used by iTunes and XCode to exchange information between Apple mobile devices and computers or other handhelds while the Apple device is locked down, are still operational and allow detectives to "dump" users' photos, videos, recordings, iTunes media, and all third-party application data using existing commercial forensics tools. The researcher did this for himself using "private forensics tools" from his locked iPhone running iOS 8. The technique requires a pairing record from your personal computer that you pair with your smartphone.

not everything has been completely protected


If, say, police officers arrest you and confiscate both your iPhone and computer, they will be able to access all aforementioned data stored on the handset. 

Zdziarski explains that the computer pairing records contain a backup copy of the keys which can be used to decrypt the iPhone without a PIN number or passcode. iTunes, for example, relies on this service to communicate with the iPhone while it's locked. However, the "pairing vulnerability" works only if the iPhone was used after the last time it was rebooted. If one shuts their iPhone while going through security, customs and the like, officers won't be able to exploit this loophole. One can also encrypt the computers and keep them shut down so their RAM memory stays empty, as readily available forensics tools are capable of dumping the computer's memory and encryption keys contained within.

Zdziarski suggests that Apple break the loophole by giving users the option to explicitly authorize iTunes to access the iPhone when the device is locked by entering a password, or prevent the phone from being available to iTunes at all while it's locked down. The researcher also makes a point that manufacturers "shouldn't be required to weaken the strength of their products security just to make law enforcement forensics possible", as that could be "amounted to engineering back doors" for both detectives and hackers alike. What's your take on the matter?

Recommended Stories

Loading Comments...

Popular stories

Even longtime T-Mobile customers will have to put up with slow internet speed policy
Even longtime T-Mobile customers will have to put up with slow internet speed policy
Walmart's hot deal on the JBL Xtreme 3 gives you maximum sound at a bargain price
Walmart's hot deal on the JBL Xtreme 3 gives you maximum sound at a bargain price
iPhone users warned to disable iMessage temporarily to avoid getting hacked
iPhone users warned to disable iMessage temporarily to avoid getting hacked
T-Mobile issues unsatisfying statement about employees receiving SIM swap offers
T-Mobile issues unsatisfying statement about employees receiving SIM swap offers
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
The Galaxy Tab S8 Ultra is a dream come true after a hefty $400 discount at Best Buy
The Galaxy Tab S8 Ultra is a dream come true after a hefty $400 discount at Best Buy

Latest News

T-Mobile confirms major 5G network upgrades in Louisiana
T-Mobile confirms major 5G network upgrades in Louisiana
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
AT&T's first kid-friendly tablet is here with a fun design and great price
AT&T's first kid-friendly tablet is here with a fun design and great price
LeBron James may have leaked Apple's next big Beats product
LeBron James may have leaked Apple's next big Beats product
FCC OKs Cingular\'s purchase of AT&T Wireless