Story image

Apple reportedly taking steps to crack down on iPhone unlockers

15 Jun 2018

Apple is reportedly taking a stand against those who use phone unlockers to access data on iPhones.

A report from Reuters this week claims that Apple vows to protect all customers and their devices by changing default iPhone settings to stop USB port communication when the device has been unlocked within the last 60 minutes.

The smaller time window could potentially cut access by as much as 90%, Reuters says.

The change has reportedly been documented in beta versions of iOS 11.4.1 and iOS 12, and Apple says it will eventually be rolled out in a general release.

The move to stop device unlockers comes after pressure from US authorities including the United States FBI to allow full access to the devices.

In 2015 Apple refused to help the FBI unlock an iPhone after a US shooting. The FBI recruited digital forensics company Cellebrite to unlock the device for them, however the conflict and ethics between data privacy and data access has been ongoing.

Hackers and commercial organisations have also seen the potential in iPhone unlockers. Earlier this year researchers from Malwarebytes Labs discovered a US-based firm called GrayShift that produced iPhone unlocking devices, dubbed GrayKey. 

The GrayKey devices, which can sell for up to US$30,000, are essentially boxes that connect two iPhones.  

“An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money,” explains Malwarebytes researcher Thomas Reed in a blog post from March 2018.

After two minutes the devices disconnect. Within a matter of hours or days, the phones will then display a screen with the passcode and other device information.

Reed warned that such devices would be useful to law enforcement, which in theory could seize innocent people’s devices, access them and search them without consent. In those cases, authorities could be liable for that data’s security, Reed warns.

The unlockers could also be goldmines to criminals wanting to sell them on the black market. The potential for data theft, harvesting and resale is a possible outcome.

“A jailbreak involves using a vulnerability to unlock a phone, giving access to the system that is not normally allowed. What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way? Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can’t be used as intended anymore, and will need to be replaced? It’s unknown, but any of these are possibilities,” Reed ponders.

“It’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from GrayShift or indirectly through the black market,” Reed concludes.

We have contacted an Apple spokesperson for comment.

SUSE completes move to independence
“Current IT trends make it clear that open source has become more important in the enterprise than ever before."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
SAS announces US$1 billion investment in AI
"At SAS, we remain dedicated to our customers and their success, and this investment is another example of that commitment."
Two Ministers’ thoughts on blockchain in Oz
Minister Karen Andrews, and Minister Simon Birmingham have released a joint statement on the national blockchain roadmap and extra $100,000 funding.
IntegrationWorks continues expansion with new Brisbane office
The company’s new office space at the Riverside Centre overlooks the Brisbane River and Storey Bridge.
DXC subsidiary takes SAP energy industry partner award
Winners of the awards were selected from SAP’s A/NZpartner ecosystem and announced at the recent SAP A/NZ Partner Kick-Off Meeting held in Sydney.
NetApp and allegro.ai showcase an integrated solution for deep learning
Unlike traditional software, in deep learning, the data rather than the code is of the utmost importance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.