Apple closing tech loophole police use to crack iPhones

Apple Inc.saidWednesday it will change its iPhone settings to undercut themost popular means for law enforcement to break into thedevices.

The company told Reuters it was aiming to protect allcustomers, especially in countries where phones are readily obtained by police or by criminals with extensive resources.

The privacy standard-bearer of the tech industry said itwill change default settings in the iPhone operating system to cut off communication through the USB port when the phone hasnot been unlocked in the past hour.

We have the greatest respect forlaw enforcement.- Apple Inc.

That port is how machines made by forensic companiesGrayShift, Cellebrite and others connect and get around the security provisions that limit how many password guesses can bemade before the device freezes them out or erases data. Now theywill be unable to run code on the devices after the hour is up.

These companies have marketed their machines to lawenforcement in multiple countries this year, offering the machines themselves for thousands of dollars but also per-phonepricing as low as $50.

Apple representatives said the change in settings willprotect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than underU.S. law. They also noted that criminals, spies and unscrupulouspeople often use the same techniques. Even some of the methodsmost prized by intelligence agencies have been leaked on theinternet.

"We're constantly strengthening the security protections inevery Apple product to help customers defend against hackers,identity thieves and intrusions into their personal data," Applesaid in a prepared statement. "We have the greatest respect forlaw enforcement, and we don't design our security improvementsto frustrate their efforts to do their jobs."

Closing the window

Apple began working on the USB issue before learning it wasa favourite of law enforcement.

The setting switch had been documented in beta versions ofiOS 11.4.1 and iOS 12, and Apple told Reuters it will be madepermanent in a forthcoming general release.

Apple said that after it learned of the techniques, itreviewed the iPhone operating system code and improved security. It decided to simply alter the setting, a cruder way ofpreventing most of the potential access by unfriendly parties.

With the changes, police or hackers will typically have anhour or less to get a phone to a cracking machine. That could cut access by as much as 90 per cent, security researchersestimated.

This also could spur sales of cracking devices, as lawenforcement looks to get more forensic machines closer to where seizures occur. Undoubtedly, researchers and police vendors willfind new ways to break into phones, and Apple will then look topatch those vulnerabilities.

The setting change could also draw criticism from U.S. lawenforcement officials who have been engaged in an on-again,off-again campaign for legislation or other ways to forcetechnology companies to maintain access to users' communications.

Apple has been the most prominent opponent of those demands.

In 2016, it went to court to fight an order that it break intoan iPhone 5c used by a killer in San Bernardino.

Then FBI director James Comey told the U.S. Congress that withoutcompelling Apple to write new software to facilitate the digitalbreak-in, there would be no way to learn if the shooter's devicecontained evidence of a conspiracy. The FBI ultimately found acontractor that broke into the phone without Apple'sco-operation.

Apple and most private security experts argue thatgovernment contractors and others can usually find means of cracking devices. They also say that weakening encryption bydesign would lead to more hacking by those outside of government.