iPhone Maker Cracks Down on Law Enforcement Hacking

Key Takeaways

• Apple has issued a security update designed to prevent USB hacking.
• Law enforcement agencies use special digital forensics tools to crack into locked devices.
• Device manufacturers like Apple view digital forensics tools as a major security threat.

An iOS security patch, released by Apple on Feb. 10, points to the company’s ongoing efforts to crack down on USB hacking.

However, unlike other security risks, the biggest threat doesn’t come from malicious hackers but from law enforcement and intelligence agencies who use the technique to crack into suspects’ devices.

What Is USB Hacking?

USB hacking refers to techniques that gain unauthorized access to devices by physically connecting to their USB ports.

While there is some limited evidence of criminals using social engineering tactics to trick device owners into compromising their device ports, the most sophisticated USB hackers are law enforcement and intelligence agencies.

Companies that specialize in the technology include Magnet Forensics and Cellebrite, two leading digital forensics companies that provide tools for breaking into locked devices.

Apple vs. Digital Forensics Tools

Digital forensics companies emphasize legitimate uses of their technology and have policies in place to prevent it from being used by rogue states or criminals. However, major device manufacturers maintain that the vulnerabilities exploited by forensics tools pose a security threat to all users.

This sets the stage for a game of cybersecurity cat-and-mouse between device manufacturers and digital forensics companies.

For example, in 2018, Apple rendered a smartphone unlocking device made by Magnet Forensics useless. Yet today, the company boasts that its GrayKey can “consistently unlock leading iOS and Android devices.”

A key component of Apple’s USB security system is USB Restricted Mode. Introduced with iOS 11.4.1, USB Restricted Mode blocks all iPhone USB connections, unless the device has been unlocked within the past hour.

USB Restricted Mode Vulnerability Discovered

The recent security update fixed an issue that let attackers disable USB Restricted Mode on a locked device.

Without disclosing further details, Apple said it “is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

Significantly, the vulnerability was originally identified by Bill Marczak. A researcher studying digital censorship and surveillance, Marczak has spent his career exposing government hacking and the companies that enable it.

Tech Firms Fight Back Against Law Enforcement Hacking

As well as beefing up cybersecurity to prevent unauthorized access, some technology firms are taking legal action against the companies that develop law enforcement hacking tools.

One notable example is Meta’s legal battle with NSO Group, the Israeli cyberintelligence firm behind the Pegasus spyware.

In a landmark ruling last December, NSO Group was found liable for hacking charges after Pegasus was used to illegally compromise private WhatsApp messages.

In the latest escalation of WhatsApp’s anti-spyware crusade, the Meta subsidiary accused Paragon Solutions of illegally targeting journalists and activists in two dozen countries.

Meta’s revelation has led to a political crisis in Italy, where critics of the government are among those who were targeted by Paragon’s spyware.

Addressing the controversy on Wednesday, Cabinet Minister Luca Ciriani admitted that the government holds a contract with Paragon, but denied charges of illegal spying.