And it’s not that it doesn’t want to anymore, it’s that now Apple says it can no longer do it â€” even if it wanted to.
Many, including privacy advocates, rejoiced at the news â€” but some police officers are not that happy. And although there are still other ways cops can get their hands on your iPhone data, authorities are still complaining.
“It’s definitely going to impact investigations, there’s no doubt about that,” Dennis Dragos, a former New York Police Department detective who worked for 11 years in the computer crimes squad, told Mashable.
“This is now a dead end. You’re closing a door that was available before.”
“This is now a dead end. You’re closing a door that was available before.”
Dragos is not the only one who thinks that way.
On Thursday, FBI Director James Comey himself said that he was “very concerned” about Apple’s decision.
John Escalante, the chief of detectives for Chicagoâ€™s police department, said that because of this change, “Apple will become the phone of choice for the pedophile.”
For some law enforcement officials, this could even become a matter of life and death. In a Washington Post op-ed, Ronald T. Hosko, the former assistant director at the FBI Criminal Investigative Division, complained that Apple’s new privacy stance, later followed by Android, will “protect many thousands of criminals who seek to do us great harm, physically or financially.”
“[Criminals’] phones contain contacts, texts, and geo-tagged data that can help police track down accomplices,” Hosko wrote. “These new rules will make it impossible for us to access that information. They will create needless delays that could cost victims their lives.”
But privacy advocates and security researchers are skeptical.
“I think there’s a lot of kicking and screaming over this but cops have been able to do their job just fine for the past 200 years in this country, without having access to people’s personal iPhone,” Jonathan Zdiarski, a forensic and security researcher who has worked as a consultant to police agencies, told Mashable. “Criminals are just as stupid today as they always have been and they’re going to leave traces and evidence in a number of places.”
Moreover, despite all the controversy, there are actually still a few ways for the police to get at least some data from an iPhone with iOS 8 and protected by a passcode. Below, we’ve broken down some of the ways cops can still put their hands on your digital belongings.
Getting your iCloud backup
If police officers can’t get the data that’s locally stored on an iPhone, they might still be able to get it from the cloud.
Apple prompts users to back up their iDevices to iCloud, and the data there can be obtained by law enforcement agents with a search warrant. Yes, iCloud backups are encrypted, but they’re encrypted with a key in Apple’s possession, so Apple can be legally required to turn the backups over if served with a valid legal request, as Micah Lee, First Look‘s technologist and security expert, explained.
With iCloud, police can potentially get any data from your phone, unless you turn off the automatic backup, or you only backup certain data.
Using forensic tools
Forensic tools are still a great way to get some data out of your iPhone. If the police arrests you and gets both your phone and a computer that you used to connect with your phone using iTunes â€” a “paired device” â€” they can dump some data out of it bypassing your passcode using existing forensic tools, as Zdiarski noted in a recent blog post.
In this case, the passcode doesn’t protect you, because Apple has designed this system to allow you to access some data on your phone using iTunes or Xcode without unlocking your device.
The caveat here is that only some data is available in this scenario. In particular, any data from third party applications such as Facebook, Twitter and Evernote; photos, videos and recordings; and iTunes media such as books and podcasts. But data from native iOS applications like iMessages, emails or calls is out of reach.
To prevent this from happening, as Zdiarski notes, then you can “pair lock” your iPhone so that it doesn’t pair with any new computer, preventing police computers from “pairing” with your iPhone.
Without the ability to impersonate a trusted computer, and with a locked phone protected with the passcode, “law enforcement at this point doesn’t seem to really have any options,” Zdiarski said.
Getting your iTunes backup
Another target for police officers is the iTunes backup on your computer. If you back up your iPhone to your computer with iTunes, a police officer that gets his hands on your computer can get all the data that you have last backed up.
Data is still available, as long as iTunes and iCloud reign
Data is still available, as long as iTunes and iCloud reign,” Lee Reiber, the vice president for mobile solutions at forensic firm AccessData, told Mashable.
In this scenario, only a backup password can stop the police, and in that case, it better be a good password or it might be vulnerable to brute forcing â€” the automated process of guessing all possible passwords until you get the right one. Or, they might just force you to give it up.
Forcing you to give up your passcode
Having a passcode protect your phone is great â€” unless someone else knows that passcode. And here’s a legal caveat many might not be aware of: the police might be able to compel you to give up your passcode, which renders any sophisticated technological protections you might have on your phone completely moot.
But in some cases someone who refuses to give up her password can be held in contempt of court
But in some cases someone who refuses to give up her password can be held in contempt of court, which can even lead to jail, as reported by Wired.
According to U.S. law, a defendant can plead the fifth and refuse to testify against himself and self-incriminate. Some think that handing out a password to authorities amounts to self-incrimination and should not be accepted, but others disagree.
Where there seems to be more consensus that “pleading the Fifth” won’t get you anywhere is if the cops ask for your fingerprint.
Fingerprints, and other physical objects like actual keys, have traditionally not been considered protected by the Fifth Amendment. So if you lock your iPhone with TouchID, the cops can legally compel you to unlock it, as Internet and privacy lawyer Marcia Hoffman explained last year.
And if you refuse, police officers might be able to lift your fingerprint from a surface â€” say your computer screen â€” and unlock it themselves.
As the video below shows, it’s possible to break into an iPhone 6 with a dummy fingerprint just as it was with the 5S.
Outside of these scenarios, options for law enforcement, at this point, are limited. A good old brute force attack, where you guess every possible passcode combination is technically possible, but there are no forensic tools that can make this automated, both Zdiarski and Reiber said.
Technically, Apple could brute force a four digit passcode if the police asked the company to do it, but it seems unlikely that Apple would do something like that after trumpeting that they wouldn’t help police unlock phones anymore.
Doing it manually is obviously a daunting task, as there are 10,000 combinations of 4 digit passcodes, and iPhones disable after six wrong attempts.
And if police are simply looking for call records, they can always request them from phone carriers, or perhaps plant malware on your phone.
As for the iPhone, it might be harder now, but forensic firms and law enforcement hackers will now look for new places and holes to get data.
“As secure as the device can be, there’s always going to be some vulnerability that can be located and exploited,” Reiber said. “That’s what it really is, cat and mouse.”