Police point out that you can easily break into the iPhone without breaking the iPhone passcode

Associate Professor Matthew Green , a cryptographer at the Johns Hopkins University Information Security Institute, has posted on Twitter his research on 'how law enforcement agencies break into the iPhone.' This revealed that law enforcement agencies could easily access the inside of the iPhone without unlocking the iPhone password.

Researchers detail how the iPhone gets hacked by law enforcement --Knapsack

This might be how law enforcement agency break into iPhone | AppleInsider

The American Civil Liberties Union announced on December 22, 2020 that it has indicted the FBI for 'the FBI has the ability to secretly break through the cryptography of iPhones and other smartphones.'

In response to this news, Mr. Green summarized the results of a thorough scrutiny of legal documents, public documents and investigation records by law enforcement authorities by university students Max Zinkus and Tushar Jois on Twitter. released. In a series of tweets, Mr. Green said, 'In conclusion, the police do not guess the iPhone passcode. The police are using the fact that the owner entered it, not the iPhone passcode. and the thing is, ' he says .

According to Mr. Green, the state of the iPhone can be roughly divided into 'after turning on the power, before unlocking for the first time' and 'after unlocking'. When the user unlocks the iPhone, the iPhone uses the passcode to create multiple sets of encryption keys. This encryption key is stored in the iPhone's internal memory and is used to encrypt the file system.

Then, if the user leaves the iPhone or presses the power button to lock the device, some of the encryption keysets will be removed from memory, but some will remain undeleted. With this undeleted key and an exploit that can bypass OS security measures, you can freely access most of the files on your iPhone. Mr. Green's view is that this is the true identity of the 'FBI's ability to secretly break through smartphone encryption.'

Apple's documents obtained by Mr. Green et al. List email data including attachments and Safari bookmarks as data that is strictly protected by the passcode even after unlocking. In other words, Green points out that other than this data, no special protection is available and the above mechanism makes it easily accessible by police.

As an example of data that police can access, Mr. Green cites photos stored on terminals, text files stored in notebooks, and some location information data. Moreover, Apple's document stating that email data etc. are protected is from 2012, and as of 2020, there is a possibility that only 'application startup data' is protected. Mr Green, as a reason why Apple is not strictly protect the data, that it order to realize a convenient and flashy features such as 'location-based reminder function' guess it is.

'Android is a similar situation,' Green said, but especially for the iPhone, 'basically, even if you encrypt your smartphone, it's no guard against aggressive intruders.' I concluded.

Based on the results of this research, IT news site Knapsack said, 'If you want to protect your smartphone's data, use a 10-digit passcode. If your smartphone may be seized by a law enforcement agency, , You should turn off the power, and as a workaround, you should also consider disabling the USB port, such as in emergency SOS mode. '

in Mobile,   Security, Posted by log1l_ks