You are here

Apple to close iPhone security hole that police use to crack devices

Apple has long positioned the iPhone as a secure device that only its owner can open.

[SAN FRANCISCO] Apple has long positioned the iPhone as a secure device that only its owner can open. That has led to battles with law enforcement officials who want to get information off them, including a well-publicised showdown with the FBI in 2016 after Apple refused to help open the locked iPhone of a mass shooter.

The FBI eventually paid a third party to get into the phone, circumventing the need for Apple's help. Since then, law enforcement agencies across the country have increasingly employed that strategy to get into locked iPhones they hope will hold the key to cracking cases.

But now Apple is closing the technological loophole that let authorities hack into iPhones, angering police and other officials and reigniting a debate over whether the government has a right to get into the personal devices that are at the centre of modern life.

Apple said it was planning an iPhone software update that would effectively disable the phone's charging and data port — the opening where users plug in headphones, power cables and adapters — an hour after the phone is locked. To transfer data to or from the iPhone using the port, a person would first need to enter the phone's password.

Market voices on:

News of Apple's planned software update has begun spreading through security blogs and law enforcement circles — and many in investigatory agencies are infuriated.

But privacy advocates said Apple would be right to fix a security flaw that has become easier and cheaper to exploit.

"This is a really big vulnerability in Apple's phones," said Matthew D Green, a professor of cryptography at Johns Hopkins University. A Grayshift device sitting on a desk at a police station, he said, "could very easily leak out into the world".

Encryption scrambles data to make it unreadable until accessed with a special key, often a password. That frustrated police and prosecutors who could not pull data from smartphones, even with a warrant.

The friction came into public view after the FBI could not access the iPhone of a shooter who killed 14 people in San Bernardino, California, in late 2015.

The two sides fought in court for a month. Then the FBI abruptly announced it had found an undisclosed group to hack into the phone, for which it paid at least US$1.3 million.