{"id":3031,"date":"2014-09-24T13:48:30","date_gmt":"2014-09-24T13:48:30","guid":{"rendered":"http:\/\/ncjolt.org\/?p=3031"},"modified":"2020-06-04T20:53:42","modified_gmt":"2020-06-04T20:53:42","slug":"how-secure-is-ios-8-from-law-enforcement-intrusion","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/how-secure-is-ios-8-from-law-enforcement-intrusion\/","title":{"rendered":"How Secure Is iOS 8 From Law Enforcement Intrusion?"},"content":{"rendered":"<p>With competitors like <a href=\"http:\/\/www.cnet.com\/news\/apple-takes-very-different-view-on-customer-privacy-cook-says\/\">Google and Microsoft<\/a> admitting to scanning and accessing user information, Apple is attempting to set itself apart by making some noise with its <a href=\"http:\/\/www.forbes.com\/sites\/jaymcgregor\/2014\/09\/18\/ios8-beefs-up-security-with-unbreakable-passcode\/\">new privacy policy<\/a> dealing with the iOS 8 operating system. CEO Tim Cook discussed the new policy in an <a href=\"http:\/\/www.imore.com\/apple-posts-new-privacy-policies-cover-ios-8-changes\">open letter<\/a> to customers this week. Essentially, all your data\u2014photos, messages, emails, contacts and call history\u2014is protected by your device password, and Apple will not have the ability to access this. The company has come <a href=\"http:\/\/www.washingtonpost.com\/business\/technology\/apple-will-no-longer-unlock-most-iphones-ipads-for-police-even-with-search-warrants\/2014\/09\/17\/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html?hpid=z1\">under scrutiny<\/a> for handing user data and information over to the government in recent times as well as with the <a href=\"http:\/\/www.wired.com\/2014\/09\/three-things-apple-can-fix-iclouds-awful-security\/\">recent hacking of its iCloud service.<\/a> So it is not far fetched to assume this new policy stems from these issues. However, a key component of the new policy deals with user information and law enforcement.<br \/>\nIn the past, were a law enforcement agency to approach Apple with a search warrant, the company would be able to break into an iPhone or iPad and access personal data. With the new operating system security measure, Apple cannot bypass the user password and therefore cannot access data. Essentially, what Apple seems to be trying to do is appease its customers with greater security while at the same time cleaning it\u2019s hands of any potential disputes with law enforcement by creating a system that prevents them from accessing it directly. So were they presented with a warrant, they could essentially do nothing.<br \/>\nHowever, users <a href=\"http:\/\/www.wired.com\/2014\/09\/apple-iphone-security\/\">may not be as safe<\/a> from government intrusion as they think.<\/p>\n<blockquote><p>While media and privacy experts have applauded Apple on its new security measures, iOS forensics experts still offer users words of caution.<\/p><\/blockquote>\n<p>One such expert, Jonathan Zdziarski believes that law enforcement can still access devices operating on iOS 8 even without Apple\u2019s help. All they need is for your phone to be powered on and access to a computer you previously used to move data. Zdziarski was able to run his own forensic software and pull from devices running iOS 8 by impersonating a trusted computer to which a user had previously connected their device. \u201cI can do it. I\u2019m sure the guys in suits in the government can do it,\u201d says Zsziarski.<br \/>\nThe data siphoning trick presented by Zsziarski does have <a href=\"http:\/\/www.wired.com\/2014\/09\/apple-iphone-security\/\">several limitations<\/a> however. Police officers or intelligence agents would have to either plant malware on a user\u2019s machine or grab the individual\u2019s computer along with their mobile devices. Additionally, the majority of the information that Zsziarski was able to pull from the devices came from photos and information from third-party applications such as Twitter and Facebook. The data siphoning did not compromise sensitive information such as emails, messages and phone numbers. However, <a href=\"http:\/\/www.techopedia.com\/definition\/23340\/database-dump\">data-dumping<\/a> methods could potentially be used by law enforcement to gather this information. In order to combat this, Zsziarski recommends that users encrypt their hard drives and power down their devices when going through places such as airport checkpoints.<br \/>\nWhile iOS 8 does still have a certain level of vulnerability, Apple deserves to be applauded for the steps it has taken in order to protect user personal information. While competitors like Google are willingly unlocking any device that runs their pattern-based unlock mechanism, Apple is taking a hard stance against data intrusion. And to be fair, Apple did not claim that its new privacy settings would be impervious to law enforcement data extraction. The government can still find ways to access your personal devices, but Apple has made it much more difficult with iOS 8\u2019s privacy policy. With iOS 8 just coming into use, only time will tell how effective this policy truly is.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With competitors like Google and Microsoft admitting to scanning and accessing user information, Apple is attempting to set itself apart by making some noise with its new privacy policy dealing with the iOS 8 operating system. CEO Tim Cook discussed the new policy in an open letter to customers this week. Essentially, all your data\u2014photos, <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/how-secure-is-ios-8-from-law-enforcement-intrusion\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":3032,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/3031"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=3031"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/3031\/revisions"}],"predecessor-version":[{"id":7447,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/3031\/revisions\/7447"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/3032"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=3031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=3031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=3031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}