Local and regional police departments and federal agencies are lining up to buy technology from two companies whose products can bypass iPhone security mechanisms.
Law enforcement interest in iPhone encryption-cracking hardware from two new companies is a strong indication that Apple no longer claims the mobile security high ground.
"What this means, if it's true, is that people who thought all of their communications were totally secure shouldn't feel so confident going forward," said Jack Gold, principal analyst with
J. Gold Associates. "But, then security has always been a tug of war between the ones implementing it and the ones trying to break it."
In February,
reports surfaced that an Israel-based technology vendor, Cellebrite, had discovered a way to unlock encrypted iPhones running iOS 11 and were marketing the product to law enforcement and private forensics firms around the world. According to
a police warrant obtained by Forbes, the U.S. Department of Homeland Security had been testing the technology.
Shortly thereafter,
Grayshift emerged as a different company that had
developed an inexpensive black box that could unlock any iPhone; this week
Motherboard reported that local and regional U.S. police departments and the federal government have been purchasing the technology.
Grayshift reportedly hired a former Apple security engineer.
Motherboard confirmed the use of Grayshift's GrayKey de-encrypting device – a 4-in. x 4-in. box with two iPhone-compatible lightening cables – by reviewing police department interest via public records requests and emails obtained from federal agencies that revealed purchases of the device. The GrayKey box can apparently unlock an iPhone in about two hours if the owner used a four-digit passcode and three days or longer if a six-digit passcode was used.
Apple may be taking its own steps to further limit unauthorized access to locked iOS devices. In its
beta release of iOS 11.3, Apple introduced a feature known as USB Restricted Mode.
Security software vendor
Elcomsoft first discovered the new feature, which was buried deep within the beta release documentation. The feature was apparently cut from iOS 11.3 before it was released publicly.
The documentation described the new feature as a way "to improve security."
"For a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked — or enter your device passcode while connected — at least once a week."
If an iOS device is not unlocked after seven days, an iPhone's or iPad's lightning port turns into nothing more than a charging port, locking out any data connection at the USB-interface level, according to Elcomsoft's description.
"Its effect on passcode unlocking techniques developed by Cellerbrite and GreyShift is yet to be seen," Elcomsoft explained in its blog post.
Apple did not immediately respond to a request for comment.
It's unclear if the feature will be included in iOS 11.4, which has not yet been rolled out publicly.
