Risk
5/14/2013
10:53 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Apple iPhone Decryption Backlog Stymies Police

Apple's waiting list to bypass security controls on latest-generation iPhone and iPad devices means months-long delays for law enforcement investigators.

10 Top Password Managers
10 Top Password Managers
(click image for slideshow)
Apple is overwhelmed by requests from law enforcement agencies to decrypt seized iPhones, and its waiting list is so long that it may take months before new requests get handled.

That revelation, first reported by CNET, was gleaned from a search warrant affidavit for a seized iPhone last summer by a federal agent who was investigating a Kentucky man on crack cocaine distribution charges.

The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) agent, Rob Maynard, said in court documents that he'd "attempted to locate a local, state or federal law enforcement agency with the forensic capabilities to unlock" an iPhone 4S seized during the investigation, but every contacted law enforcement agency said that it "did not have the forensic capability." Apple, meanwhile, told him that the wait time for recovering data from an iPhone -- which the technology firm copied to a USB key then provided to investigators -- was approximately seven weeks, though Maynard ultimately had to wait about four months.

The ATF case highlights that technology companies, including Apple, must comply with court orders to unlock devices they build or sell. But it also revealed that Apple is somehow able to bypass the security controls built into its latest-generation devices. "That is something that I don't think most people realize," Christopher Soghoian, principal technologist with the ACLU's Speech, Privacy and Technology Project, told CNET. "Even if you turn on disk encryption with a password, these firms can and will provide the government with a way to get your data."

[ Who can you trust? Check out Microsoft Tech Support Scams: Why They Thrive. ]

Does court-ordered data retrieval infringe on people's privacy rights? "It's important to note that both cops and legislation tend to trail criminals in the adoption of new technologies," said Nick Selby, a Texas police officer and the CEO of StreetCred Software, which provides fugitive case management software to law enforcement agencies, via email. "It's important to question whether police may be going too far, but it is equally important to consider criminals' use of these technologies to abet, and in some cases actually commit, crimes."

Many judges have granted warrants to law enforcement agencies to retrieve data from -- or that's associated with -- mobile devices or their radio frequency (RF) communications. "Recent rulings encourage law enforcement to better develop their mobile device and RF chops. For example, in U.S. vs. Skinner last August, the U.S. Court of Appeals for the 6th Circuit ruled that police may track the signals emanating from wireless devices like a cellphone owned by a person," Selby said. "The fact that the court found that users do not have a reasonable expectation of privacy in the data given off by a voluntarily procured, pay as-you-go cellphone means that we can expect to see more use cases like these."

Is Apple putting cases at risk by not complying more quickly with court orders? In the ATF investigation, the attorney for the 24-year-old defendant, Mark Edmond Brown, filed a motion to suppress the evidence gathered from the defendant's iPhone, given the delay in retrieving it.

But U.S. district court judge Karen Caldwell wrote in an opinion that the ATF was "placed on a waiting list by the company" -- referring to Apple -- for what had been a court-ordered seizure, meaning it was backed by a warrant. "The court finds nothing in the record to demonstrate any evidence of bad faith or unnecessary delay in procuring assistance from Apple to unlock the phone," she wrote.

In October 2012, Brown -- a convicted felon -- pleaded guilty to possessing firearms, and according to CNET, last month pleaded guilty to a charge of conspiracy to distribute less than five kilograms of crack cocaine.

If Apple didn't unlock iPhones for law enforcement agencies in response to a court order, would police have any other options? Some police forces have been testing smartphone data dump kits to allow investigators to easily retrieve data without having to use an external lab or appeal to a device manufacturer or carrier.

But recent iOS devices appear tough to crack. For example, Russian digital forensics toolmaker Elcomsoft says its iOS Forensic Toolkit -- only sold to law enforcement agencies, intelligence agencies and professional forensic investigators -- can "acquire bit-precise images of Apple iOS devices in real time" from all iPhone, iPad and iPod Touch devices that run iOS 3, iOS 4 and iOS 5. But the iPhone 5, released last year, and which ships with iOS6, doesn't appear to be unlockable with the Elcomsoft tool.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
5/20/2013 | 3:00:13 AM
re: Apple iPhone Decryption Backlog Stymies Police
They're supporting law enforcement activities, but it seems that with the iPhone being such a common device anymore... basically, a lot of people use it, even criminals.

There's a fix for this process - store all of the user's personal data in the carrier's storage cloud instead of on the device itself. Law enforcement wouldn't even need to sieze the phone at that point to get what they need as far as call logs go.

Andrew Hornback
InformationWeek Contributor
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
5/18/2013 | 12:38:41 PM
re: Apple iPhone Decryption Backlog Stymies Police
This is absolutely unbelievable! There is a company that as hundreds of billions of Dollars in offshore accounts and is at the same time too cheap to support law enforcement activities. Apple should be taken to court over this!
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web