The security features built into Apple’s iOS software are so good that the police are unable to gain access to defendant’s iPhones when they need to. Apple itself is able to bypass the security software and decrypt locked devices — and it do so when the police request it. But the company has so many requests that it has to add police to a lengthy waiting list.
CNET learned of this waiting list through court documents that describe how federal agents were unable to decrypt an iPhone 4S owned by a Kentucky man accused of distributing crack cocaine, and so they turned to Apple for help.
An agent from the Federal Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) “contacted Apple to obtain assistant in unlocking the device,” wrote U.S. District Judge Karen Caldwell, but the request was “placed on a waiting list by the company.”
CNET reports that ATF agent Rob Maynard spent three months trying to “locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock” an iPhone 4S. After every one said that they did not have the capabilities, Maynard turned to Apple.
Apple’s waiting list was so long at the time that Maynard was told he would have to wait at least 7 weeks for the device to be decrypted. In the end, it was more like four months.
Of course, some iPhone users may be concerned that Apple is happy to unlock devices at all. But the company has little choice in the matter.
According to a training manual from the Sacramento sheriff’s office, Apple is required to “assist law enforcement agents” with “bypassing the cell phone user’s passcode so that the agents may search the iPhone.”
Once that passcode is bypassed, Apple downloads the contents of the device to “an external memory device,” which is then handed back to the police.
It’s unclear whether Apple has purposely built a “backdoor” into its iOS software for access in these situations, or whether it uses custom tools to gain access. As you might expect, the company declined to discuss its secrets with CNET.
Whatever the case may be, this should certainly be a warning to smartphone users. No matter how complex your passcode may be, there’s a good chance your smartphone manufacturer is able to bypass it, and the police will force it to do so if it’s necessary.
And Apple isn’t the only company that works with the police. Google will also reset passwords on Android-powered devices, then hand that reset password to the police so that they can gain access to the device.
“That is something that I don’t think most people realize,” says Christopher Soghoian, principal technologist with the ACLU’s Speech, Privacy and Technology Project. “Even if you turn on disk encryption with a password, these firms can and will provide the government with a way to get your data.”
Sometimes law enforcement agencies don’t need to contact your smartphone manufacturer for help. If you’re smartphones security software isn’t as good, then there’s a chance they are able to decrypt it themselves. There are also third-party companies that specialize in this kind of thing.
A company called Elcomsoft has an “iOS Forensic Toolkit” that performs a brute-force cryptographic attack on a four-digit iOS 4 or iOS 5 passcode in 20 to 40 minutes. “Complex passcodes can be recovered, but require more time,” the company says.
Modern iOS devices running iOS 6 are harder to hack, because they use hardware encryption. The iPhone 5, for example, isn’t listed in Elcomsoft’s list of devices compatible with its toolkit.