Unlock this iPhone, I need access it for the investigation. It is probably one of the most common requests US law enforcement makes to Apple, but it seems that the IT giant is trying to explain that it is technically not possible.
Last case occurred in a court filing on Monday, when, according to Apple, the company provided a negative response to the U.S. Federal magistrate judge. The Justice Department tried to force the company to provide the necessary support to allow investigators extract data from a seized Apple iPhone.
Apple confirmed to be able to unlock only iPhone running older iOS versions, nearly 90 percent of iOS devices are running newer versions that make impossible the operation.
“In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform. For devices running iOS 8 or higher, [the company] wouldn’t have the technical ability to do what the government requests – take possession of a password protected device from the government and extract unencrypted user data from that device for the government. Among the security features in iOS 8 is a feature that prevents anyone without the device’s passcode from accessing the device’s encrypted data. This includes Apple.” Apple has said.
Next Friday there will be a hearing regarding this specific case, it will be established is Apple is obligated by law to provide the required support to access the data on the locked iPhone on a search warrant.
The Zdziarski conducted different studies on the architecture of iOS discovering that different services are unnecessary for users and could be used to bypass security defenses. The expert has designed many of the initial methods for acquiring forensic data from Apple iOS mobile devices.
Once year ago Zdziarski presented his discoveries in a speech at the HOPE X conference, the scientist highlighted the presence of the mobile file_relay (com.apple.mobile.file_relay) services on iOS that can be accessed remotely or via USB to bypass the backup encryption, exploiting the feature an attacker can access all of the data encrypted via the data protection if the device has not been rebooted since the last time the user entered the PIN.
The file_relay tool can be used to steal user’s information from iOS device, including email, location, social media accounts, the address book and the user cache folder, all the necessary to conduct an investigation.
“Between this tool and other services, you can get almost the same information you could get from a complete backup,” “What concerns me the most is that this all bypasses the consumer backup encryption. When you click that button to encrypt the backup, Apple has made a promise that the data that comes off the device will be encrypted.” Zdziarski said in an interview.
Zdziarski explained that different hidden services running on the iPhone bypass the encrypted backup protection and don’t require the use of developer mode, he also confirmed the presence on the mobile iOS of a packet capture tool which could be used to dump all of the inbound and outbound HTTP data and runs in stealthy mode.
The fact that some versions of Apple iOS included such functionalities is not surprising, in one of the document leaked by Edward Snowden it is described DROPOUTJEEP as a spyware developed by ANT (Advanced or Access Network Technology) division of the NSA that is used to gain backdoor access to the mobile.
Zdziarski has always highòighted that his study hasn’t the purpose to demonstrate that the above features were designed for surveillance purposes, but he believes that Intelligence agencies are exploiting them.
Apple has always denied any support to the US surveillance program, as explained by the CEO Tim Cook, the company respect and protect the privacy of its users
“We have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.” stated Cook.
Security Affairs – (iOs, iPhone)