Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Can Extract Texts, Photos, Contacts From Locked iPhones

Posted by timothy on from the as-a-public-service dept.

Trailrunner7 (1100399) writes "If law enforcement gets hold of your locked iPhone and has some interest in its contents, Apple can pull all kinds of content from the device, including texts, contacts, photos and videos, call history and audio recordings. The company said in a new document that provides guidance for law enforcement agencies on the kinds of information Apple can provide and what methods can be used to obtain it that if served with a search warrant, officials will help law enforcement agents extract specific application-specific data from a locked iOS device. However, that data appears to be limited to information related to Apple apps, such as iMessage, the contacts and the camera. Email contents and calendar data can't be extracted, the company said in the guidelines."

3 of 202 comments (clear)

  1. So... cloud access? by Kenja · · Score: 5, Insightful

    All the things listed, are synced to the iCloud. Sounds to me like they are not accessing the phone, but the contents of the cloud server, which have push/pull access to selected apps. Wonder if this is true if you disable cloud access or simply don't sign into it.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. Another "threat post" blog entry. by Bill_the_Engineer · · Score: 5, Insightful

    How much is threat post paying timothy to drive up their traffic with these half ass stories?

    The summary fails to mention that the phone must be in their possession and the both the phone and the search warrant must be delivered to Apple's headquarters which is the only place Apple will perform the extraction.

    If anything I applaud Apple for both publicly disclosing their policy for dealing with law enforcement and requiring a search warrant with more detail than "suspect's phone". They require the model number, phone number, serial of IEMI number and FCC ID number.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
  3. The actual article by rabtech · · Score: 5, Informative

    Hey, let's link to the actual document in question! What a novel concept!

    http://www.apple.com/legal/mor...

    Good news:

    - Apple cannot track a phone via GPS, nor forcibly enable Find My Friends/Find my iPhone

    - Apple cannot monitor FaceTime or iMessage conversations since they are end-to-end encrypted

    - Apple cannot provide third-party app data that is encrypted since the files are encrypted with the user's passcode.

    - It appears if the user does a remote wipe before law enforcement can get a warrant and ship the phone to Apple (or fly it there), then there is nothing that can be done. I wonder if they power up the device in an anechoic chamber so it can't receive the remote wipe signal? I would guess no because most people aren't smart enough to do an immediate wipe.

    - We already knew the only trick they have as far as encrypted files goes is a custom firmware that bypasses the max attempt auto-erase and rate limit feature, so it can attempt to brute-force passcodes quickly. However it requires the attempt be made on-device, since the keys are stored in the secure storage with no facility to get them off-device. So even a moderately complex passcode is effectively unbreakable, let alone a good strong password.

    Questionable:

    - user generated active files (this is what SMS/call logs/photos/etc are listed under). Normally if a device is powered off and rebooted, I was under the impression that these things were not available because the files are encrypted. It seems that iMessage is at least encrypted here, but I would be curious to find out what the situation is. Everything except photos, videos, and recordings is a moot point because you can get stuff like SMS history and call logs from the carrier anyway so those are the only ones I'd be concerned about.

    There are some definite good points here - Apple has chosen not to build themselves backdoors or workarounds, presumably because they can't be ordered to disclose information they don't have access to... same reason they built iMessage the way they did. A court would have to order them to refactor their software before it could order them to intercept messages, and at least in the US there is no precedent or law that can compel them to do so.

    However I would expect the âoeuser generated active filesâ to be encrypted after a device reboot until the passcode is entered. If that is not the case, Apple should fix it pronto.

    I would also expect Apple to refactor the storage of those things to be segmented, given the NSA revelations and increasingly authoritarian behavior of law enforcement; for example, photos pending background upload could be kept unencrypted, but once uploaded they should be rewritten as encrypted so they require the passcode to access. They already have the ephemeral key tech and per-file key support so you can generate a key for the unencrypted file while the device is unlocked, then toss the passcode key when the device locks and only hold onto the file key until the upload is finished, then toss it. Thus no risk to the main key but you can still encrypt the file in the background.

    I won't bother discussing Android phones - they are almost all trivial to break and access all the user's data, when people like Samsung aren't coding back doors directly into the firmware.

    --
    Natural != (nontoxic || beneficial)