Government agencies can still break into Apple iPhones regardless of security updates
Apple is widely known for its security and privacy features on iPhones, iPads, Macs, and other devices. In the past, we’ve seen the company fight against government agencies to preserve private information on iPhones as well. However, a group of crypto experts have now come up with a theory on how these law enforcement agencies might still be able to break into iPhones, even though Apple regularly sends out iOS patches and layers of security.
Matthew Green, associate professor at the Johns Hopkins Information Security Institute, recently proposed a theory on Twitter, based on the research of his students Maximilian Zinkus and Tushar M. Jois.
According to Green (via Apple Insider), law enforcement no longer needs to break Apple’s strong encryption on an iPhone. This is because not all types of user data are protected by it. He says the team has made a detailed report, which will be released after the holidays.
It has been said that iPhone can only be in one of two states – Before First Unlock (BFU) and After First Unlock (AFU). When you configure the device and enter your password for the first time, it goes into FAU state.
So when a user enters the passcode, the iPhone uses it to derive different sets of cryptographic keys that remain in memory and are used to encrypt files. However, when the user locks the iPhone, they enter BFU but remain in AFU state. According to Green, only one of the cryptographic keys is purged from memory. This set stays gone until the user unlocks the iPhone again.
And these sets of keys are used to decrypt a subset of iPhone files that fall under a specific protection class.
Other keys that remain in memory are used to decrypt other files. So all a law enforcement agency needs to do is use the software that exploits it to bypass iOS lock screen and decrypt most files. Most codes executed with normal privileges can be used to access data.
However, according to Green, the important part is knowing what types of files are still protected by those key rings.
And according to Apple, it seems the strongest protection clause only applies to messaging and app launch data.
This means that the strongest data encryption does not protect as many types of data as it once did. And the types of data that don’t have strong protection include photos, text notes, and other location-based data. According to Green, Apple may have lost maximum security to enable specific app or system features such as location-based reminders.
It is also mentioned that some apps might not work properly if Apple uses the strongest encryption clause for data.