Story image

Apple reportedly taking steps to crack down on iPhone unlockers

15 Jun 18

Apple is reportedly taking a stand against those who use phone unlockers to access data on iPhones.

A report from Reuters this week claims that Apple vows to protect all customers and their devices by changing default iPhone settings to stop USB port communication when the device has been unlocked within the last 60 minutes.

The smaller time window could potentially cut access by as much as 90%, Reuters says.

The change has reportedly been documented in beta versions of iOS 11.4.1 and iOS 12, and Apple says it will eventually be rolled out in a general release.

The move to stop device unlockers comes after pressure from US authorities including the United States FBI to allow full access to the devices.

In 2015 Apple refused to help the FBI unlock an iPhone after a US shooting. The FBI recruited digital forensics company Cellebrite to unlock the device for them, however the conflict and ethics between data privacy and data access has been ongoing.

Hackers and commercial organisations have also seen the potential in iPhone unlockers. Earlier this year researchers from Malwarebytes Labs discovered a US-based firm called GrayShift that produced iPhone unlocking devices, dubbed GrayKey. 

The GrayKey devices, which can sell for up to US$30,000, are essentially boxes that connect two iPhones.  

“An iPhone typically contains all manner of sensitive information: account credentials, names and phone numbers, email messages, text messages, banking account information, even credit card numbers or social security numbers. All of this information, even the most seemingly innocuous, has value on the black market, and can be used to steal your identity, access your online accounts, and steal your money,” explains Malwarebytes researcher Thomas Reed in a blog post from March 2018.

After two minutes the devices disconnect. Within a matter of hours or days, the phones will then display a screen with the passcode and other device information.

Reed warned that such devices would be useful to law enforcement, which in theory could seize innocent people’s devices, access them and search them without consent. In those cases, authorities could be liable for that data’s security, Reed warns.

The unlockers could also be goldmines to criminals wanting to sell them on the black market. The potential for data theft, harvesting and resale is a possible outcome.

“A jailbreak involves using a vulnerability to unlock a phone, giving access to the system that is not normally allowed. What happens to the device once it is released back to its owner? Is it still jailbroken in a non-obvious way? Is it open to remote access that would not normally be possible? Will it be damaged to the point that it really can’t be used as intended anymore, and will need to be replaced? It’s unknown, but any of these are possibilities,” Reed ponders.

“It’s highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from GrayShift or indirectly through the black market,” Reed concludes.

We have contacted an Apple spokesperson for comment.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.