Apple to close iPhone hacking loophole, making life a little harder for police

Apple to close iPhone hacking loophole, making life a little harder for police

An Apple software update aims to close a loophole exploited by smartphone "cracking" technology used by some Australian government agencies and police.

It's been reported that the change, which will be rolled out as part of its new operating system, will cut off access through a device's charging and data port when the phone has not been unlocked for one hour.

A number of security companies sell software that can reportedly extract text messages, images and other data from a locked smartphone using this port, even months after the phone was seized.

Systems made by the Israeli company Cellebrite have been taken up locally by Centrelink, the Australian Taxation Office and the Australian Securities and Investment Commission.

Add

It was recently revealed that the Australian Sports Anti-Doping Authority also has a 12-month licence for Cellebrite's Universal Forensic Extraction Device "to enhance its investigative capabilities".

While US law enforcement decried Apple's move in The New York Times, Detective Inspector Glen Ball with the Tasmania Police said the force's Digital Evidence Unit were aware of the change, but it is not expected to impact their current capabilities.

Tasmania Police has access to restricted tools to enable the examination of devices, he added, including those made by Cellebrite.

"Tasmania Police does not intend to contact Apple directly at this stage," Detective Inspector Ball said.

South Australia Police said it was also aware of Apple's update, but declined to comment about its current investigative technologies, as did the New South Wales and Victoria Police.

In response to questions about Apple's move, Minister for Law Enforcement and Cyber Security Angus Taylor commented that the government supports companies seeking to improve built-in security features, as well as strong encryption.

Protecting users

The change will fix a security weakness in Apple's system, said Monash University software engineering lecturer Robert Merkel.

He suggested the software update is likely aimed directly at shutting off iPhone access to tools like the ones made by Cellebrite and other companies.

"Apple have not been keen to leave known weaknesses in their devices that can be used by law enforcement to get access," he said.

The company has clashed with authorities over technology vulnerabilities before.

In 2016, it refused to help the FBI access the iPhone 5C of the San Bernardino shooter Syed Rizwan Farook, claiming it could not break its own software without compromising safety across all devices.

The agency later got access with the help of a "third party".

Apple said its latest security change is aimed at protecting customers.

"We're constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data," a statement from the company said.

"We have the greatest respect for law enforcement, and we don't design our security improvements to frustrate their efforts to do their jobs."

Apple currently responds to customer data and account requests from law enforcement, including for content stored in its iCloud, where the request has a valid legal basis.

In the first half of 2017, it received 2,578 device requests in Australia and granted access to data in 87 per cent of cases.

Add

Encryption laws on the horizon

The technology giant's software announcement comes as the Federal Government seeks to introduce new laws forcing companies to help Australian law enforcement access encrypted messages from suspected criminals.

The government has repeatedly denied that it wants "back doors" to be built into encrypted messaging platforms such as Facebook's WhatsApp.

However, it has so far declined to discuss how the new powers will work. Draft legislation is expected to be presented this year.

Having the capability to read a message at the point it is received, on a smartphone, for example, is one way law enforcement could attempt to circumvent the protection provided by encrypted messaging.

Apple, along with Google, Facebook and Australian telecommunication companies, are expected to be affected by the new regulations.

"The Government's Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 will provide a clear framework for law enforcement to work with companies, such as Apple," Mr Taylor said.

The Minister recently returned from a trip to the United States, where he met with the company.

Cellebrite declined to comment.