To position itself again as the champion of security, Apple announced Wednesday that it will improve the encryption of data on its iPhone to better counter hackers or police too zealous. These new measures come at a time when a new tool called GrayKey, which is said to be able to unlock the iPhone, is starting to make a name for itself in tech circles.
"We put the customer at the center of everything," Apple said in a statement on Wednesday. "We are steadily strengthening our security protections in every Apple product to help our customers defend themselves against hackers"
The manufacturer has confirmed to Reuters the presence of a function that prohibits a device connected to the lightning port of the iPhone or iPad to access its content if the user has not identified in the last hour.
Of course, the functionality was not applauded by the police, because access to mobile phones would become more difficult. "If we go back to the situation where we no longer have access, then we will have lost access to so much evidence and there will be so many children that we will no longer be able to put ourselves in a safe position," he said. said Chuck Cohen, who runs an Indiana State Police Task Force on Internet Crimes Against Children. Indiana State Police said they have released 96 iPhones for various cases this year, each time with a warrant, using a $ 15,000 device it bought in March from a company called Grayshift .
Hillar Moore, prosecutor of Baton Rouge (capital of Louisiana), said his office has paid Cellebrite thousands of dollars to unlock iPhones in five cases since 2017, including an investigation into the death of a fraternity commitment to Louisiana State University. He said the phones had provided crucial information, and he was upset that Apple planned to close such a useful avenue of investigation.
"They blatantly protect criminal activity, and only under the guise of privacy for their clients," he said.
The game is far from over.
Experts in cybersecurity have suggested that Grayshift, the society behind the technology used by law enforcement, has not said its last word.
"Grayshift has gone to great lengths to test its future technology and has said that it has already overcome this security feature in the beta. In addition, GrayKey has other capabilities that will be exploited over time, "said a security expert even though MB, who conveyed the message, does not know if this is true or if it is just about a marketing bluff.
"They seem very confident about their ability to stay," added the expert.
A second expert said that Grayshift approached USB restricted mode in a webinar several weeks ago. Nevertheless, the new feature of Apple is still alarming for law enforcement.
The GrayKey itself is a small box that has cables to connect two iPhones at a time. Although the technical details on how GrayKey manages to bypass the security mechanisms of the iPhone are not available, the GrayKey uses brute force techniques.
According to the company's slides, the device has two strategies for accessing data on the phone: "Before First Unlock" or BFU, and "After First Unlock" or AFU.
BFU is a "slow brute force" attack, which means it takes 10 minutes per test. This gives access to "limited data". This is probably due to the fact that the BFU strategy occurs when the phone is turned off at the seizure. If this is the case, when it is turned on, the iPhone has most of its data, including contacts, messages and other personal data still encrypted.
AFU, on the other hand, is a "quick brute force" attack, which is likely to occur when the phone is locked but has been turned on and unlocked by the owner at least once. In this case, it allows 300 000 tests and allows "parallel extraction of pre-unlocking data". If the AFU works, GrayKey allows you to get your hands on "95% of the user's data" which is then "instantly available".
But the new USB restricted mode of Apple can severely limit this type of attack, because the Lightning port used to attack the phone will become largely useless once an hour will be passed without there having been an unlocking of the phone. phone.
The option, which appeared in the first beta of iOS 11.4.1 and is also present in the iOS 12 preview, is in the Face ID and Code settings at the bottom of the panel.