Apple’s iOS Backdoor to the Rescue for Law Enforcement … But Be Prepared to Wait

If you’re in law enforcement and want to decrypt an iPhone for a case, get a warrant and be prepared to wait.

We’ve covered the ability for Apple to decrypt your iDevice before based on a talk at BSidesDE this past year. A recent article on CNET by Declan McCullagh once again focuses the spotlight on Apple’s ability to decrypt iPhones and iPads when requested by law enforcement. So much so that there’s actually a waiting list that can span up to seven weeks. Yeah, they will still need a warrant but it’s worth repeating here, especially for those sensitive to privacy issues.

Although Declan can’t confirm whether Apple really has a backdoor, faster decryption capabilities, or simply more advanced techniques, it’s this security pros educated guess that Apple has a backdoor.

The basic lesson learned from this article for those concerned about privacy is to configure your iDevices to lock after a few minutes and always use a long complex password to unlock it. And note that we said “password,” which includes upper/lowercase letters and special characters, and not digit-only “passcodes.” ElcomSoft sells software that can break simple 4-digit passcodes in less than 40 minutes (also 6-digits in 22 hours, 9-digits in 2.5 years, and 10-digits in 25 years).

But the main takeaway for this article is that even if you pick a strong password, don’t depend on Apple’ encryption to completely protect your privacy. Here are some relevant sections of the CNET article.

First, there was the case that started this whole incident, then the mention of the waiting list, and the inability for several police agencies to decrypt the suspect’s iPhone.

Court documents show that federal agents were so stymied by the encrypted iPhone 4S of a Kentucky man accused of distributing crack cocaine that they turned to Apple for decryption help last year.

An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms and Explosives, “contacted Apple to obtain assistance in unlocking the device,” U.S. District Judge Karen Caldwell wrote in a recent opinion. But, she wrote, the ATF was “placed on a waiting list by the company.”

A search warrant affidavit prepared by ATF agent Rob Maynard says that, for nearly three months last summer, he “attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock” an iPhone 4S. But after each police agency responded by saying they “did not have the forensic capability,” Maynard resorted to asking Cupertino.

Next comes testimony of the ATF agent from the case above mentioning Apple’s ability to bypass the security software and provide the iPhone’s content to law enforcement on an external drive. Of course no one really knows if Apple has a true backdoor or are just better at cracking the keys. We’re thinking the former.

The ATF’s Maynard said in an affidavit for the Kentucky case that Apple “has the capabilities to bypass the security software” and “download the contents of the phone to an external memory device.” Chang, the Apple legal specialist, told him that “once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive” and delivered to the ATF.

It’s not clear whether that means Apple has created a backdoor for police — which has been the topic of speculation in the past — whether the company has custom hardware that’s faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET.

Finally, the story mentions the expert opinion of some really smart MIT guy saying that Apple’s protection is impossible to bypass. Of course he adds the caveat that this statement depends on the length of the passphrase or code followed by some example cracking times.

An August 2012 article in MIT Technology Review by Simson Garfinkel, an associate professor at the U.S. military’s Naval Postgraduate School, says “Apple customers’ content” is so well-protected that often “it’s impossible for law enforcement to perform forensic examinations of devices seized from criminals.”

That depends largely, however, on the length of the passphrase or password that someone selects to protect a modern iOS device. (Because the original iPhone and iPhone 3G did not use hardware encryption, they were protected only by a passcode that could be easily bypassed.)

Elcomsoft claims its iOS Forensic Toolkit can perform a brute-force cryptographic attack on a four-digit iOS 4 or iOS 5 passcode in 20 to 40 minutes. “Complex passcodes can be recovered, but require more time,” the company’s marketing literature says. But the iPhone 5 doesn’t appear in Elcomsoft’s list of devices that can be targeted.

See the full article here.


Do you think Apple has a backdoor, faster decryption capabilities, or simply more advanced techniques. Let us know in the comments below. Today’s post pic is from See ya!

4 comments for “Apple’s iOS Backdoor to the Rescue for Law Enforcement … But Be Prepared to Wait

  1. May 13, 2013 at 9:50 am

    Apple’s iOS Backdoor to the Rescue for Law Enforcement … But Be Prepared to Wait

  2. May 13, 2013 at 11:26 am

    Apple’s iOS Backdoor to the Rescue for Law Enforcement … But Be Prepared to Wait via @zite

  3. RH
    October 1, 2013 at 9:07 pm

    Apple applies for 3 patents which are designed to retrieve private keys using a built-in backdoor…

    From (2010) (2005) (2003)

  4. October 1, 2013 at 10:34 pm

    RH: Some nice finds there… Coincidence?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.