Tasken
Advanced
- Joined
- 22.09.20
- Messages
- 127
- Reaction score
- 947
- Points
- 63
After 2012, Apple loosened the protection of devices and began to apply strong encryption to less data.
A group of cryptography experts has offered a theory about why law enforcement is still able to hack the iPhone, despite the constant iOS fixes and security levels of the mobile device.
According to Matthew Green, a researcher in the field of cybersecurity and a lecturer in cryptography at Johns Hopkins University, hackers and intelligence agencies do not need to hack the hardware component of Apple's Secure Enclave, which is responsible for secure data storage, because it is too difficult. Instead, they use not just a vulnerability, but a system feature of iOS that does not protect all types of user data on the device.
the iPhone can be in one of two States — before the "first unlock" (before first unlock, BFU) and "after the first unlock" (after first unlock, AFU). When the user first turns on their device and enters the password, it enters the AFU state. When a user enters their code, the iPhone uses it to obtain various sets of cryptographic keys that remain in memory and are used to encrypt files.
When the user locks their device again, it does not go to BFU, but remains in the AFU state and stays in it for about 95% of the time. Green notes that only one set of cryptographic keys is retrieved from memory. This set is saved until the user unlocks their iPhone again, and is used to decrypt many iPhone files that fall under a certain security class. Other sets of keys that remain in memory are used to decrypt all other files.
To crack a single set of encryption keys, intelligence agencies and hackers can resort to using relatively simple software exploits that allow them to bypass the lock screen and decrypt most of the files.
According to Apple's documentation, the highest security class in the AFU state applies only to mail and app launch data. It is noteworthy that before 2012, encryption covered much more data. It remains unknown why Apple has loosened the protection, but green believes that the company has abandoned maximum security to ensure the operation of certain applications and system functions related to geolocation and other technologies.
A group of cryptography experts has offered a theory about why law enforcement is still able to hack the iPhone, despite the constant iOS fixes and security levels of the mobile device.
According to Matthew Green, a researcher in the field of cybersecurity and a lecturer in cryptography at Johns Hopkins University, hackers and intelligence agencies do not need to hack the hardware component of Apple's Secure Enclave, which is responsible for secure data storage, because it is too difficult. Instead, they use not just a vulnerability, but a system feature of iOS that does not protect all types of user data on the device.
the iPhone can be in one of two States — before the "first unlock" (before first unlock, BFU) and "after the first unlock" (after first unlock, AFU). When the user first turns on their device and enters the password, it enters the AFU state. When a user enters their code, the iPhone uses it to obtain various sets of cryptographic keys that remain in memory and are used to encrypt files.
When the user locks their device again, it does not go to BFU, but remains in the AFU state and stays in it for about 95% of the time. Green notes that only one set of cryptographic keys is retrieved from memory. This set is saved until the user unlocks their iPhone again, and is used to decrypt many iPhone files that fall under a certain security class. Other sets of keys that remain in memory are used to decrypt all other files.
To crack a single set of encryption keys, intelligence agencies and hackers can resort to using relatively simple software exploits that allow them to bypass the lock screen and decrypt most of the files.
According to Apple's documentation, the highest security class in the AFU state applies only to mail and app launch data. It is noteworthy that before 2012, encryption covered much more data. It remains unknown why Apple has loosened the protection, but green believes that the company has abandoned maximum security to ensure the operation of certain applications and system functions related to geolocation and other technologies.