Apple Closes Security Loophole, Sets Up Another Fight With Law Enforcement

Photo: Sean Gallup/Getty Images

Back at the start of 2016, it looked like Apple was headed to the Supreme Court. In the wake of a mass shooting in San Bernardino, authorities had recovered the suspected shooter’s phone and were seeking to unlock it with help from Apple. In order to do so, it needed Apple to create a new software program that would allow the FBI to break the security on the phone. While Apple has procedures for helping law enforcement deal with devices in evidence, this request was a step too far.

The case against Apple was eventually dropped — because the FBI found another way into the phone, reportedly using an Israeli forensic-services company, Cellebrite. Another company, Grayshift, sells a device that can unlock iPhones to law enforcement. The device costs thousands of dollars, lowering the possibility of it becoming widely used outside of law enforcement, but police departments are apparently leaning on the devices frequently.

An upcoming update to iOS, however, closes the loophole that allows Grayshift boxes to work. Getting into an iPhone is done by using these devices to test millions of possible passcodes. While iOS has a feature that stalls after repeated incorrect passcodes, and will wipe the phone after enough failed attempts, devices like Grayshift can apparently bypass such restrictions (this bypass was what the FBI was requesting that Apple develop when it took the company to court).

Now, iPhone and iPad users will have the option to disable the Lightning port on their phones in a feature called USB Restricted Mode. If the device has been locked for more than an hour, users will need to input their passcode in order to transfer data over the port. That effectively disables the current strategy for cracking iPhones open, figuratively speaking. The phone will still be able to charge after that period of time, but anything else will need a user’s authorization.

The move could trigger a new legal battle over how closely Apple needs to comply with law-enforcement requests. The FBI argued that Apple’s cooperation was specified by the All Writs Act of 1789 (1789!), while Apple could have contended that code is speech, and thus, being forced by the government to write code violates the First Amendment. Obviously, the political reality of early 2016 has shifted … significantly in the past couple of years, and Congress could be more willing to act on legislation that requires tech companies to break encryption for the purposes of law enforcement.

Or maybe: Who cares? Cops are apparently pretty confident that the mode already has a work-around.

Apple Closes Security Loophole, Frustrating Law Enforcement