Apple has not been immune to the demands made by law enforcement agencies, with a high profile example involving an iPhone belonging to the San Bernardino shooter and the FBI's interest in gaining access to data on the device. Despite suggestions that it could compel Apple to hand over the source code to iOS the bureau ended up using the services of a third party to unlock the smartphone. Since then, tools developed by Cellebrite have been somewhat a thorn in Apple's side, even before they were leaked online early last year.
However, the exploit used by law enforcement and hackers may soon be largely thwarted by the Cupertino giant. In a forthcoming update to iOS, Apple will change how the operating system handles and accepts USB connections via the Lightning port, specifically by refusing such connections if the device has not been unlocked in the prior 60 minutes. This will be a significant reduction from the currently configured period of one week.
Regarding the update, Apple said:
"We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data. We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs."
The change has been mentioned in documentation for the iOS 11.4.1 beta as well as iOS 12. Of course, this won't completely stop nefarious parties from getting into iOS device that incorporate the new default behavior but, with the vulnerability window shrunk to just an hour after the last unlock, they will have to be rather organized to gain access using existing tools. It remains to be seen as to how effective this measure ends up being but security researchers have estimated that it could cut access via such means by as much as 90%.
Source: Reuters via The Next Web
12 Comments - Add comment