iOS 11 becomes a nightmare for US security agencies

iOS 11 becomes a nightmare for US security agencies

From iOS 11, there are more features to protect the iPhone from abuse. The FBI and US border guards do not like this.

Three years ago, Apple has begun to make the iPhone so secure that it is not so easy to crack. Since then, the company has been in a war with the police. Apple and the FBI are in a legal paternity situation. Today, 18 months after the showdown in the courtroom, there are no less but more features to protect the privacy of the iPhone owner – whether in front of a street robber or the police.

iOS 11: With greater Security

Security experts and forensics who have received an early development version of iOS 11 confirm that the new features make it even harder to get the six-digit code of the user to the data. The step towards greater security could also mean a new escalation stage with the American order force. These are still dependent on controlling the crimes of criminals and travelers on the border.

“This is pretty much in the way of government officials,” says Nicholas Weaver, a security researcher at the International Institute of Computer Science at the University of California at Berkeley. According to a blog entry of the Russian forensics company Elcomsoft, Apple has made at least two changes to iOS 11, which create new hurdles.

According to a blog entry of the Russian forensics company Elcomsoft, Apple has made at least two changes to iOS 11, which create new hurdles.

iOS 11: Really security measures are really annoying

If you connect the iPhone to an unknown computer with the current version of iOS, you must confirm that it is familiar with the device. This means that when police officers or border officers have led the owner to unlock the device with the fingerprint, they could simply connect it to their PC, click on “Trust” and load the data into forensics software like Elcomsoft or Cellebrite. According to the American law, you can refuse the reproduction of the password, but the right is not valid for fingerprints.

iOS 11 requires not only one click to trust the computer, but also a confirmation of the PIN code. The device will still require the number code before it releases the data.

The officials could directly examine the data by hand on the smartphone. But if the owner does not issue the code, there is no technical way to get the data elsewhere. “There is simply too much data to analyze them manually,” says Vladimir Katalov, co-founder of Elcomsoft. “On my phone, I have over 100,000 text messages and several thousand conversation logs. It’s impossible to go through this by hand. ”

The databases often contain deleted messages from iMessage

More importantly, the SQLite databases that pull forensic tools from the smartphone. It often contains deleted messages from iMessage, Whatsapp and Viber.

Even when crossing the US border, the PIN code query becomes a problem, Weaver argues. Civil servants and border guards can use a bizarre loophole in the fourth article of the US Constitution, which guarantees the protection against arbitrary searches of persons and property, without a search warrant.

With the old versions of iOS, they were able to copy the data of the smartphone to their PC and browse it at will. Now they can only check the contents manually, while the suspect is still at the border. Otherwise, they would have to take more drastic measures and confiscate the device. “The Customs will hate it,” says Weaver. “But to be honest, I’m not sorry.”

iOS 11: The most innovative system

The beta of Apple’s development platform for iOS 11 reveals the new SOS mode. It is much more direct protection from unwanted searches. Pressing the Home Button five times in succession will open another screen. This allows emergency calls or displays the owner’s medical information. This function could prevent anyone from using it unauthorized.

Apple has refused to comment on the subject before today’s keynote. However, both security functions are probably less concerned with deepening the dispute with law enforcement agencies than with another new feature of the iPhone 8: face recognition. As Facebook’s senior security officer Alex Stamos suggested in a tweet on Friday, it is probably not the safest authentication method to unlock the iPhone with his face. The police could trick it with a simple photo. To disable facial recognition and TouchID, and to use a code again, at least creates a balance between the convenience of facial recognition and its privacy risks. “Apple can increase protection from outside threats without endangering usability,” says Weaver.

In other words, the iPhone with the face or finger unlocks, may be pleasant. But when the phone gets into strange hands, there are fortunately other functions to protect your own data.