FBI boss worried iOS 8 and Android security hinders crime investigators, researcher proves otherwise
Reflecting on iOS 8 encryption in his blog, forensics researcher Jonathan Zdziarski argues that its existence "does not mean that your data is beyond law enforcement's reach". Instead of being encrypted with hardware-embedded keys as per the norm, the keys are derived from the user's PIN number or their passcode. According to Zdziarski, brute-forcing a PIN code is possible, but "not technically feasible". He says that the system removes Apple's legal obligation to provide file system data to the FBI, although both Apple and Google must give out cloud storage data upon request. Additionally, Apple has cut off services and loopholes in iOS 8 that let law enforcement agent access file system data with software forensics tools while completely bypassing encrypted passwords.
Zdziarski says that "this was a great start to better securing iOS 8, but not everything has been completely protected." He claims that services used by iTunes and XCode to exchange information between Apple mobile devices and computers or other handhelds while the Apple device is locked down, are still operational and allow detectives to "dump" users' photos, videos, recordings, iTunes media, and all third-party application data using existing commercial forensics tools. The researcher did this for himself using "private forensics tools" from his locked iPhone running iOS 8. The technique requires a pairing record from your personal computer that you pair with your smartphone.
not everything has been completely protected
If, say, police officers arrest you and confiscate both your iPhone and computer, they will be able to access all aforementioned data stored on the handset.
Zdziarski suggests that Apple break the loophole by giving users the option to explicitly authorize iTunes to access the iPhone when the device is locked by entering a password, or prevent the phone from being available to iTunes at all while it's locked down. The researcher also makes a point that manufacturers "shouldn't be required to weaken the strength of their products security just to make law enforcement forensics possible", as that could be "amounted to engineering back doors" for both detectives and hackers alike. What's your take on the matter?