In early 2016, the FBI struggled against Apple in court; the FBI claimed they were unable to access the files on the San Bernardino shooter’s iPhone and that Apple needed a backdoor to the phone. Apple could not technically access the encrypted contents through any hard-coded backdoor, but they could create a custom update for the phone that would remove the passcode. The FBI backed off and found the phone’s encryption, thanks to an unnamed private hacking firm.
Cellebrite, one of the FBI’s “go-to” hacking groups, claimed they could hack the iPhone, but that the FBI had not used them for the San Bernardino iPhone. The FBI, DEA, and local police forces rely on Cellebrite and similar hacking firms every day. But over time, one piece of the phone hacking puzzle has grown increasingly difficult: iPhones have never been more secure than they are today.
CyberScoop spoke with security researchers like Will Strafach and Andrew Blaich who said the state of device security and encryption—especially with respect to modern iPhones—had changed significantly. Even Cellebrite, a company that reveals very little if not necessary, agreed. In a video uploaded to the company’s Vimeo account, Dan Embury, a technical director at Cellebrite, explained that the evolution of the iPhone (and iPhone software) had made their work more challenging.
Andrew Blaich, a security researcher at Lookout, said that with every software update pushed by Apple, forensics or data recovery become more challenging. He gave the examples of added passcode complexity and a mandatory passcode on modern devices. At one point in time, Apple allowed for only a four digit passcode. They can now be alphanumeric. And with the A7 and newer chips, Apple implemented the Secure Enclave—a co-processor that handles cryptographic requirements for data integrity. According to Apple’s security guide, “[data] is encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave.”
In the Vimeo video, Embury explained that even a four digit passcode could impede an investigation now. Modern processors and increasingly large amounts of RAM allow companies to put military grade encryption on any device. “It sums up to things not being well protected before and now Apple has actually fixed things,” Will Strafach said. Strafach has years of experience in iOS security and was deeply involved in the early jailbreaking scene.
“There was no security and now there is,” he added.