This might be how law enforcement agencies break into the iPhone
Credit: Blocks/Unsplash
Matthew Green, an associate professor at Johns Hopkins Information Security Institute, proposed the theory in a Twitter thread on Wednesday in response to news of the ACLU suing for information about iPhone unlocking methods. The theory is based on research from two of his students, Maximilian Zinkus and Tushar M. Jois.
My students @maxzks and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were "breaking phone encryption". 1/ https://t.co/KqkmQ1QrEy
-- Matthew Green (@matthew_d_green)
Green contends that law enforcement agencies no longer need to break the strongest encryption on an iPhone because not all types of user data are protected by it.
The research was prompted by the fact that forensic companies reportedly no longer have the ability to break Apple's Secure Enclave Processor. That means it's very difficult to crack a iPhone's password. Given that law enforcement agencies continue to break into locked devices, Green and his students began researching how that could be possible.
They came up with a possible answer, which Green said would be fully detailed in a report after the holidays. Although it's conjecture, it could explain how government and police entities are still able to extract data from locked iPhones.
It boils down to the fact that an iPhone can be in one of two states: Before First Unlock (BFU) and After First Unlock (AFU). When you first power up your device and enter your passcode, it goes into the AFU state. When a user types in their code, the iPhone uses it to derive different sets of cryptographic keys that stay in memory and are used to encrypt files.
When a user locks their device again, it doesn't go into BFU, but remains in the AFU state. Green notes that only one set of cryptographic keys gets purged from memory. That set stays gone until a user unlocks their iPhone again.
The purged set of keys is the one used to decrypt a subset of an iPhone's files that fall under a specific protection class. The other key sets, which stay in memory, are used to decrypt all other files.
From here, all a law enforcement entity needs to do is use known software exploits to bypass the iOS lock screen and decrypt most of the files. Using code that runs with normal privileges, they could access data like a legitimate app. As Green points out, the important part appears to be which files are protected by the purged set of keys.
Based on Apple's documentation, it appears that the strongest protection class only applies to mail and app launch data.
Apple *sort of* vaguely offers a list of the apps whose files get this special protection even in the AFU state. But notice how vague this language is. I have to actually decode it. 14/ pic.twitter.com/OMIy297605
-- Matthew Green (@matthew_d_green)
Comparing that to the same text from 2012, it seems that the strongest encryption doesn't safeguard as many data types as it once did.
The data types that don't get the strong protection include Photos, Texts, Notes, and possibly certain types of location data. Those are all typically of particular interest to law enforcement agencies.
So this answers the great mystery of "how are police breaking Apple's encryption in 2020". The answer is they probably aren't. They're seizing unlocked phones and using jailbreaks to dump the filesystem, most of which can be accessed easily since keys are in memory. 20/
-- Matthew Green (@matthew_d_green)
Third-party apps, however, are able to opt-in to protect user data with the strongest protection class.
As far as why Apple seems to have weakened the protections, Green theorizes that the company forfeited maximum security to enable specific app or system features like location-based reminders. Similarly, some apps wouldn't be able to function properly if the strongest encryption class was used for most data.
Green notes that the situation is "similar" on Android. But, for Apple, the cryptography professor says that "phone encryption is basically a no-op against motivated attackers."
If I could tell Apple to do one thing, I would tell them to figure this problem out. Because without protection for the AFU state, phone encryption is basically a no-op against motivated attackers.
Maybe Apple's lawyers prefer it this way, but it's courting disaster. 25/-- Matthew Green (@matthew_d_green)
The findings, as well as other details and possible solutions are outlined in a research paper penned by Green, Zinkus, and Jois.
Comments
Most apps like to do things in the background, while your phone is locked. They read from files and generally do boring software things. When you protect files using the strongest protection class and the phone locks, the app can’t do this stuff.
Why do all roads increasingly seem to lead to iCloud ?
Has Apple acknowledged they have YOUR key?
arstechnica.com/tech-policy/2020/01/apple-reportedly-nixed-plan-for-end-to-end-encryption-in-iphone-backups/
www.reuters.com/article/us-china-apple-icloud-insight-idUSKCN1G8060
How does the Patriot Act affect those beyond the US border, for what borders and rights might be worth these days...?
Why was Photos auto tagging upon intro with no off user switch ?
Do onboard storage and T2 offer a way to verify user data, 'anonymized' or not ?
Does every update seed further potential 'roots' into personal information to 'improve the user experience' ?
If there may seem little cost now, more importantly what might such cost be in an unknown future...?
Is Apple increasingly 'anything for a buck'?
en.wikipedia.org/wiki/Surveillance_capitalism
Let the flames begin...
advance other features. I, for one, wish Apple would, at the very least, restore the level of encryption provided in the 2012 iPhone.
- Apple execs have long claimed that they comply with the law in every country where they operate. (Kind of a ‘no duh’ — they have to do that)
- But they have also said they are an American company that values privacy/security and they use the freedoms in the us to argue for the rights of their users.
- They want to provide ML-enabled features, with as much work done on-device as possible to safeguard privacy
The big question is whether #1 is in play here or not. If it’s not, them this issue involves trade offs between 2 and 3, and that’s in apples control. They can choose to strike a different balance between privacy and other features.About 95% of the FBI's claimed outrage about device encryption is performative. They are attempting to portray themselves as the good guys to win sympathy from the general public and distract from the creepy things they actually care about. The value of an unlocked phone is mostly that it can be used to correlate the message endpoints which belong to one person.
Some data stored locally on the device can be useful in certain criminal proceedings (like access to the photos can prove possession of CSAM). Individuals' crimes only rarely catch the attention of the FBI and NSA. They mostly care about groups: terrorist cells, people distributing CSAM, that sort of thing. The photos, notes, messages, and so on stored on a phone are far less useful for that than the communication metadata.
I’d be curious if doing this operation would work around this as well. It would also be nice to know if we disable the convenience of the background app refresh, if the phone could be better protected. Given the above details, it would make logical sense, but I also suppose there are Siri requests that require access to encrypted data. I would much prefer to get a notification in my Lock Screen saying something along the lines of: process x needs you to unlock your phone to complete.
@zimmie suggested the data they can capture isn’t of much value to law enforcement. So maybe the professor can tackle that next (if he has any forensic law background). If Joe decides to send a text to someone to sell some coke, how valuable is that information if a) it’s not explicit, b) no names are mentioned. My guess is that LEO’s job is that much harder. The most he can alleges it that Joe talked about “snow” to someone. There’s no implication there, just inference. And that’s not enough for the court to convict.