Apple may be focusing on ensuring customers that their personal data stored on iOS and OS X devices is safer and more private than ever, but that doesn’t mean law enforcement and spy agencies won’t be able to access iOS 8 devices anymore. Wired points us to a new blog post published by security researcher Jonathan Zdziarski, who says that regardless of the steps Apple has taken to further protect personal data and regardless of whether the company is willing to help such agencies, they’ll still be able to force their way into an iPhone 6 or any iOS device running Apple’s latest operating system.
Apple on Thursday revealed on its newly published privacy pages that security on iOS 8 will be a lot tighter, as personal data will be encrypted on devices and Apple won’t be able to access that data, as long as it’s protected by a personal PIN code.
“This is a significantly pro-privacy (and courageous) posture Apple is taking with their devices, and while about seven years late, is more than welcome,” Zdziarski, who has previously criticized Apple for the security holes in iOS, said. “In fact, I am very impressed with Apple’s latest efforts to beef up security all around, including iOS 8 and iCloud’s new [two factor authentication]. I believe Tim Cook to be genuine in his commitment to user privacy; perhaps I’m one of the few who can see just how gutsy this move with iOS 8 is.”
Zdziarski further revealed that Apple’s precautions offer the company “plausible deniability” when dealing with requests from law enforcement agencies. But, while making the job harder for agencies, the new security features won’t stop them from accessing data on iPhones, iPads and iPod touches that have been updated to iOS 8.
As long as an iOS device has been tied to computers beloging to a target, forensic tools can be used to bypass the aforementioned PIN encryption on iOS devices and retrieve personal data such as personal pictures and videos, third-party application data, caches and databases and other content stored on the device. Obviously, law enforcement agencies will need access to those computers.
On the other hand, law enforcement agencies won’t come after someone for no apparent reason. But the same forensic tools they can use to get to someone’s private data may also be used by other third parties with knowledge of how iOS 8 works for stealing stuff from an iPhone – of course, in such a case, accessing someone’s personal computer is more difficult than it is for police or other agencies.
Zdziarski advises users to PIN-protect their iOS 8 devices at all times, to power down computers (rather than just putting them to sleep) when not in use and especially when travelling, and even turn off iPhones when going through airport security – to read his detailed take on iOS 8 security follow the source links below.
“The biggest mistake consumers can ever make in this situation is to assume that the information on their device is completely safe from the police,” he told Wired. “Even with iOS 8’s big improvements, assume the data on your mobile device could potentially be accessed, and act accordingly.”
Finally, let’s not forget that spy agencies have always been able to remotely and covertly retrieve data from all sorts of smartphones, including iPhone, so iOS 8 might be just a more complex, but not impossible, challenge for them.