iOS 11 Will Make It Even Harder for Cops to Extract Your Data

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Russian forensics software firm ElcomSoft has shown how it’s about to get tougher for police to get at your iPhone’s data: they dove into iOS 11’s new security measures and found that a passcode is now required even after a handset is connected to an unfamiliar computer. That means even if forensic analysts do seize a phone while it's unlocked or use its owner's finger to unlock it, they still need a passcode to offload its data to a program where it can be analyzed wholesale (suspects may plead the Fifth and refuse to offer a password or passcode in some situations).

Prior to iOS 11, it was possible to perform logical acquisition of an iOS device by unlocking the device with Touch ID. The new pairing procedure requires the use of device passcode in order to establish trust between the device and the computer, thus making logical acquisition possible only if you know the passcode. This change is very important from the legal standpoint. While in certain cases the user may be compelled to unlock their device using their fingerprint, obtaining the passcode from the user may be challenging and, in many jurisdictions, not legally possible.
 
While in certain cases the user may be compelled to unlock their device using their fingerprint, obtaining the passcode from the user may be challenging and, in many jurisdictions, not legally possible.
Click to expand...


So basically we should all just stick to passcodes and never use biometrics to lock/unlock our devices.
 
cyclone3d said:
So basically we should all just stick to passcodes and never use biometrics to lock/unlock our devices.
Click to expand...

I think a key component is that it now prevents offloading of the data. It gives the users that extra protection to stop and say "hey, do you have a warrant?"

It's kinda like an officer asks you to let them see your phone to verify you weren't texting and driving (may be mandatory depending the DMV). You can do so without them downloading an image of the device. That officer isn't going to have the time to go through all your photos and back texts without the help of his snooper device.
 
While in certain cases the user may be compelled to unlock their device using their fingerprint, obtaining the passcode from the user may be challenging and, in many jurisdictions, not legally possible.
Considering the preferred method regarding encrypted devices these days, they will just lock the user up till they give in.
 
cyclone3d said:

So basically we should all just stick to passcodes and never use biometrics to lock/unlock our devices.
Click to expand...

This has been true for a long time now. They can compell you to unlock with a fingerprint (or unlock it while you are unconcious), but they can't do the same with a password. I stopped using biometric scanners to replace passwords years ago.
 
I beg to differ with the title... all they have to do is point the phone at your face now. After watching the presentation I loaded up the simulator and I can't find any means of setting a timed lock out (i.e. after 10-20 minutes of not using it, you must enter a pin). So it would appear all cops have to do is point the phone at your face, which they would probably argue is not protected information.
 
Sure, until they strap you down, shove your phone at your face, and Face ID unlocks it for them.
 
cyclone3d said:

So basically we should all just stick to passcodes and never use biometrics to lock/unlock our devices.
Click to expand...

What about that guy still sitting in jail for refusing to surrender a passcode
 
^^^

If you are going to be doing dodgy stuff get a burner phone and keep your personal phone clean simple yet effective.
 
You must log in or register to reply here.
Back
Top