Apple to close hole police use to crack iPhones
SAN FRANCISCO — Apple has long positioned the iPhone as a secure device that only its owner can open. That has led to battles with law enforcement officials who want to get information off them, including a well-publicized showdown with the FBI in 2016 after Apple refused to help open the locked iPhone of a mass shooter.
The FBI eventually paid a third party to get into the phone, circumventing the need for Apple’s help. Since then, law enforcement agencies across the country have increasingly employed that strategy to get into locked iPhones they hope will hold the key to cracking cases.
But now Apple is closing the technological loophole that let authorities hack into iPhones, angering police and other officials and reigniting a debate over whether the government has a right to get into the personal devices that are at the center of modern life.
Apple said it was planning an iPhone software update that would effectively disable the phone’s charging and data port — the opening where users plug in headphones, power cables and adapters — an hour after the phone is locked. To transfer data to or from the iPhone using the port, a person would first need to enter the phone’s password. (Phones could still be charged without a password.)
Such a change would hinder law enforcement officials, who have typically been opening locked iPhones by connecting another device running special software to the port, often days or even months after the smartphone was last unlocked. News of Apple’s planned software update has begun spreading through security blogs and law enforcement circles — and many in investigatory agencies are infuriated.
“If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” said Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children. The Indiana State Police said it unlocked 96 iPhones for various cases this year, each time with a warrant, using a $15,000 device it bought in March from a company called Grayshift.
But privacy advocates said Apple would be right to fix a security flaw that has become easier and cheaper to exploit. “This is a really big vulnerability in Apple’s phones,” said Matthew D. Green, a professor of cryptography at Johns Hopkins University. A Grayshift device sitting on a desk at a police station, he said, “could very easily leak out into the world.”
In an email, an Apple spokesman, Fred Sainz, said the company is constantly strengthening security protections and fixes any vulnerability it finds in its phones, partly because criminals could also exploit the same flaws that law enforcement agencies use. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” he said.
Apple has closed loopholes in the past. For years, police used software to break into phones by simply trying every possible pass code. Apple blocked that technique by disabling iPhones after a certain number of wrong pass codes, but Grayshift and other software can disable that technology, allowing their devices to test thousands of pass codes, Green said.
Opening locked iPhones through such methods has become more common, law enforcement officials said. Federal authorities, as well as large state and local police departments, typically have access to the tools, while smaller local agencies enlist the state or federal authorities to help on highprofile cases, they said.
The tussle over encrypted iPhones and opening them to help law enforcement is unlikely to simmer down. Federal officials have renewed a push for legislation that would require tech companies like Apple to provide the police with a backdoor into phones, though they were recently found to be overstating the number of devices they could not access.