Apple Will Make Sure FBI can’t crack It
Apple’s effort to protect its devices is about to tick off the FBI again. The company is closing off an unintended security hole in iOS that law enforcement has been using to hack into iPhones.
The security hole has to do with the Lightning port, which can offer USB access to an Apple product. That same access can be exploited by special police-purchased tools to break into fully-locked iPhones.
On Wednesday, Apple said it was aware of the vulnerability and decided to patch it. An upcoming iOS update will disable electronic access to the Lightning port an hour after the iPhone has been locked. (When the one hour is up, only battery charging through the port will be allowed.)
The change may not sound like much, but it probably throws a serious roadblock in law enforcement attempts to break into iPhones. The FBI claims it has at least hundreds of electronics devices connected to investigations that it can’t access due to encryption.
Back in 2016, the agency famously took Apple to court over a locked iPhone owned by the San Bernardino shooter. Apple refused an FBI demand to hack the device, claiming that doing so would introduce a backdoor into iOS and weaken the software’s security for all.
To break into the devices, the FBI and local police have resorted to employing third-parties. At least two firms, Cellebrite and Grayshift, have been selling special unlocking tools to law enforcement. In Grayshift’s case, the company has been offering a box-like device called GrayKey that can hook up to an iPhone and hack it within a few hours to several days. Prices for the gadget start at $15,000.
However, in late March, Grayshift began to warn customers that Apple was tightening access to the Lightning port, according to Motherboard. Initially, a beta version for iOS 11.3 disabled the access to a week after an iPhone had been locked. But then Apple decided to cut the time span to a mere hour with the upcoming iOS 12.
On Wednesday, Apple told PCMag the change to the Lightning port wasn’t meant to thwart the FBI. The company routinely works with investigators on lawful requests for data. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” the company said in a statement.
But it also noted that vulnerabilities don’t merely fall into the hands of the police. Any security flaw can be exploited by a bad actor as well.
“At Apple, we put the customer at the center of everything we design. We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” the company added.
The FBI didn’t immediately respond to a request for comment.