It would have been hard to miss the news earlier this year that the FBI was trying to get access to data on an iPhone owned by a terrorist. While I abhor use of technology for criminal purposes, serious concerns are raised when a technology company is asked to circumvent security that could affect the public as a whole. Apple didn’t capitulate to demands and we saw that necessity was the mother of invention.
The FBI was able to find and hire an outside consultant, paying over a million dollars, to get access to the data. This was possible due to the older iPhone 5c device lacking a “Security Enclave” chip which keeps encryption, keychains, and other security elements tied to your Touch ID. Something newer iPhones (5s and newer) have now which would have complicated their task. Now the FBI holds the ability to unlock other iPhone 5c devices.
Discussions are being made as to how to make this technology available to other law enforcement agencies in the US. There are cases across the US that have evidence including iPhone 5c devices which are encrypted and inaccessible. As prior court precedence has indicated a person cannot be compelled to give up a passcode, decryption through this method appears the only option. It’s my hope that they are careful and that access is rigorously controlled to avoid this decryption method being leaked, copied, and used for criminal purposes.
This new tool also has rallied technology companies to institute or strengthen their own encryption mechanisms moving forward. Apple for example just recently returned Jon Callas to their team, likely to help further bolster security across their devices. Android devices have the ability to apply full encryption, but some hardware models run slowly due to overhead related to encryption. Microsoft won’t likely be making any changes to phone encryption methods considering they’ve recently released over a thousand more employees from their smartphone division.
With any aging technology, the odds that a defense can be bypassed rises every year. This is especially true of hardware and algorithms as people have more time to learn and test methods of attack. That’s why all the major software companies offer free updates to their operating systems and software, but you can’t always out-patch a problem. SHA-1 is another example of this as technology and knowledge of function has caught up to this now 20+ year old cryptographic method forcing upgrades across the internet.
So, if you’re feeling insecure about your phone’s ability to protect you from prying eyes, go get the latest Android or iPhone and make sure you enable encryption.