Researchers Explain How Police Hack an iPhone

BY Sanuj Bhatia

Published 24 Dec 2020

iPhone unlocked(Hacked)

A new report by SecurePhones has highlighted a probable way of how police and other law enforcement authorities hack into someone’s iPhone.

Despite Apple’s claim of the iPhone is a ‘secure’ phone, Matthew Green, an associate professor at Johns Hopkins Information Security Institute has found an explanation about how law enforcement agencies break into convict’s iPhone. Matthew, on Twitter, revealed that the theory is based on the research done by him, along with two of his students. He’s written a 65-page report on the same, and plans to publish a paper on this soon.

So here’s what you need to know. iPhones can be in two states: BFU (Before First Unlock) state and AFU (After First Unlock) state. When you first enter your passcode for the first time in the morning, or after you reboot the device, you switch your iPhone from BFU state to AFU.

When you unlock your iPhone with a passcode, the phone uses that passcode to derive a set of cryptographic keys, and these keys stay in the memory after the first unlock. Now coming to the strong encryption part, Apple vaguely offers a list of apps and programs that get ‘high-security encryption’ even when the phone’s in the AFU state.

This list includes Apple’s own mail app, Safari bookmarks, location data among others. This means even when the phone’s in AFU state, police will find it difficult to get hold of this data. Some apps like Photos, Texts, Notes do not get this level of high encryption, so police only need to access the stored cryptographic keys to get hold of the data.

Long Story Short

Long story short, the government agencies don’t need to break the strongest encryption on your iPhone since the phone (most probably) is in AFU state, and the police has to only access keys in the memory to unlock it.

We Want To Hear From You

Did you know about iPhone’s encryption before reading the thread? What else do you know about iPhone’s encryption? Let us know in the comment section below!

[via SecurePhones]