Apple decrypts seized iPhones for law enforcement

Apple can “bypass the security software” if it chooses, accoring ATF no law enforcement agency could unlock a defendant’s iPhone except Apple that has created a police waiting list because of high demand.

Apple is considered an impregnable fortress, the main functions provided by the iOS operating system and related data are inaccessible to ill-intentioned but also to the law enforcement in case of investigations.

Several times we discussed on the privacy issues related the use of mobile devices, Smartphone and tables manage a huge quantity of the user’s information, have the history of his movements and of his contact.

Let’s consider also that the rapid diffusion of mobile app has increased the type and the quantity of information collected, today many applications manage any kind of data from social network contacts and communication to user’s health data.

One of principal problem during investigation made by law enforcement is to access data managed by Apple’s IOS, but the problem is not limited to Apple, in the past US police and intelligence agencies requested to principal companies such as Google to support investigation allowing the access to defendant’s mobile.

The request was to design a backdoor for governments to use in case of investigation, the argument is subject to a great debate ….  security or privacy? This is the question.

Officially the company contacted by law enforced always denied to give the access to their device security features, also for investigation by law enforcement, but something is changing. To respond to numerous requests police demands to decrypt seized iPhones Apple created a waiting list to handle the deluge of requests and this represent an historical change, because the waiting list had grown so long there would be at least a 7-week delay to have a response from Apple.

In a documented case reported by court documents, an agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms and Explosives “contacted Apple to obtain assistance in unlocking the device,” U.S. District Judge Karen Caldwell wrote in a recent opinion. She also wrote, that the ATF was “placed on a waiting list by the company.”

ATF agent Rob Maynard declared that, for nearly three months last summer, he “attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock” an iPhone 4S, the mobile is a property of a man in Kentucky who was charged for supplying crack cocaine.

The problem is that according the agent each police agency responded by saying they “did not have the forensic capability,”, that’s why the agent decided to contact directly Apple requesting support.

Apple is the unique entity able to bypass the security lock to extract data from iPhone despite there are a few software packages that claim to be able to extract some or all information stored on encrypted iOS devices such as  like Elcomsoft’s iOS Forensic Toolkit and Oxygen Forensics Suite 2013.

Another case has been reported, in Nevada agents weren’t able to bypass the encryption mechanisms of the iPhone and iPad for investigation, also The Drug enforcement Administration has also faced a similar problem to decrypt message sent with iMessage chat service as per an internal document.

In all these cases Apple seems to have provided a meaningful contribute despite it isn’t clear if the company used a specific built in backdoor or has access to encrypted data using custom tools.

Apple specifically states in its privacy policy that it may disclose personal information “by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence“.

A CNET post revealed law enforcement can count on the support provided by companies such as Google and Apple, following a part of the interesting article:

“Last year, leaked training materials prepared by the Sacramento sheriff’s office included a form that would require Apple to “assist law enforcement agents” with “bypassing the cell phone user’s passcode so that the agents may search the iPhone.” Google takes a more privacy-protective approach: it “resets the password and further provides the reset password to law enforcement,” the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised.”

The reality is that companies such as Google and Apple, but also other manufacturer are able to access to user’s data on mobile device even if they are on an encrypted device, at least in some circumstances.

Christopher Soghoian, principal technologist with the ACLU’s Speech, Privacy and Technology Project declared:

“That is something that I don’t think most people realize,” “Even if you turn on disk encryption with a password, these firms can and will provide the government with a way to get your data.”

Privacy probably is the biggest utopia of our time.

Pierluigi Paganini

(Security Affairs – Cybercrime)