Apple slaps a passcode lock on iOS 8 devices, but cops can still inhale your iCloud

Don't congratulate yourselves too soon, Apple – securobod


Improved security features in iOS 8 prevent Apple from unlocking phones – even when requested to by law enforcement. But search warrant-holding cops can still get almost everything through iCloud backups, according to ElcomSoft.

The consumer device manufacturer's attempts at upgrading iOS encryption to "defeat lawful search warrants" earned criticism from former DoJ prosecutor turned law professor Orin Kerr and praise from the ACLU, which credited Apple for laying down a marker on the road to improved privacy.

However, Vladimir Katalov, chief exec of computer forensics software firm ElcomSoft, told El Reg that although Apple will not help with physical device forensics anymore (for passcode-protected iOS 8 devices, at least) it will still be able to "provide everything stored in its data centres (including device backups, which contain almost the same amount of information as devices themselves)."

To understand the changes, it's helpful to review Apple’s "law enforcement process" document, which explains the type of data Apple was able to turn over in response to a valid search warrant.

Upon receipt of a valid search warrant, Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple's native apps and for which the data is not encrypted using the passcode ("user generated active files"), can be extracted and provided to law enforcement on external media.

Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.

Katalov explained: "Apple had the *technical* ability to extract most data from all devices, even passcode-locked ones. In iOS 7 and older, passcode protects only the device keychain, that stores passwords and tokens to different accounts (mail, social networks, VPN etc), Wi-Fi access points, passwords saved in Safari etc."

With iOS 8, everything has changed, according to Katalov, who points us towards Apple's low-down on iOS 8.

On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

Katalov said that the iOS 8 security enhancements will render one of the computer forensics products the Russian firm sells to law enforcement ineffective.

"That will affect only one of our products – ElcomSoft iOS Forensic Toolkit, designed for physical device acquisition (and anyway, for iPhone 4S+, it supported jailbroken devices only without jailbreak, physical acquisition was available only to Apple itself)," Katalov told El Reg

However, a browse through Apple's document on government information requests reveals links to Apple's guidelines for law enforcement requests that paint a different picture (see links to guidelines for the US, EMEA and APAC – warning: all PDFs).

The "Information Available From Apple" section reveals all sorts of information is potentially accessible from the manufacturer through this route, for example:

  • device registration information,
  • customer service records,
  • iTunes information,
  • Apple retail store transactions,
  • Apple online store purchases,
  • iCloud: subscriber information, mail logs, email content, photo stream, documents, contacts, calendar, bookmarks and iOS device backups and
  • location information

The iCloud Terms and Conditions state "Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate".

The T&Cs leave plenty of wiggle room for Apple to hand over data for reasons ranging from "comply[ing] with legal process or request" to "detect, prevent or otherwise address security, fraud or technical issues", among other reasons.

"Apple will not help with physical device forensics anymore (as far as they technically will not be able to do that for iOS 8, if device is passcode-protected), but still provide everything stored in their data centers (including device backups, which contain almost the same amount of information as devices themselves)," Katalov concluded. "Some of that work could be done with our ElcomSoft Phone Password Breaker product (but if one has proper credentials: ID and password, of course)."

Security guru Bruce Schneier recently blogged: "Apple claims that they can no longer unlock iPhones, even if the police show up with a warrant... "Of course they still have access to everything in iCloud, but it's a start." ®

Similar topics


Other stories you might like

  • It's primed and full of fuel, the James Webb Space Telescope is ready to be packed up prior to launch

    Fingers crossed the telescope will finally take to space on 22 December

    Engineers have finished pumping the James Webb Space Telescope with fuel, and are now preparing to carefully place the folded instrument inside the top of a rocket, expected to blast off later this month.

    “Propellant tanks were filled separately with 79.5 [liters] of dinitrogen tetroxide oxidiser and 159 [liters of] hydrazine,” the European Space Agency confirmed on Monday. “Oxidiser improves the burn efficiency of the hydrazine fuel.” The fuelling process took ten days and finished on 3 December.

    All eyes are on the JWST as it enters the last leg of its journey to space; astronomers have been waiting for this moment since development for the world’s largest space telescope began in 1996.

    Continue reading
  • China to upgrade mainstream RISC-V chips every six months

    Home-baked silicon is the way forward

    China is gut punching Moore's Law and the roughly one-year cadence for major chip releases adopted by the Intel, AMD, Nvidia and others.

    The government-backed Chinese Academy of Sciences, which is developing open-source RISC-V performance processor, says it will release major design upgrades every six months. CAS is hoping that the accelerated release of chip designs will build up momentum and support for its open-source project.

    RISC-V is based on an open-source instruction architecture, and is royalty free, meaning companies can adopt designs without paying licensing fees.

    Continue reading
  • The SEC is investigating whistleblower claims that Tesla was reckless as its solar panels go up in smoke

    Tens of thousands of homeowners and hundreds of businesses were at risk, lawsuit claims

    The Securities and Exchange Commission has launched an investigation into whether Tesla failed to tell investors and customers about the fire risks of its faulty solar panels.

    Whistleblower and ex-employee, Steven Henkes, accused the company of flouting safety issues in a complaint with the SEC in 2019. He filed a freedom of information request to regulators and asked to see records relating to the case in September, earlier this year. An SEC official declined to hand over documents, and confirmed its probe into the company is still in progress.

    “We have confirmed with Division of Enforcement staff that the investigation from which you seek records is still active and ongoing," a letter from the SEC said in a reply to Henkes’ request, according to Reuters. Active SEC complaints and investigations are typically confidential. “The SEC does not comment on the existence or nonexistence of a possible investigation,” a spokesperson from the regulatory agency told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2021