Friday, September 19, 2014

Security & Hacking: Apple iOS 8 & Data Extraction

People have been citing a statement on this page http://www.apple.com/privacy/government-information-requests/ as proof that with iOS 8 Apple can't extract data from devices secured with a passcode.

I don't think most people are reading Apple's statement with a critical enough mindset, here is last part of what Apple actually wrote about data extraction:

"So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

The key part is "extraction of this data from devices in their [government] possession running iOS 8." Note my bolded emphasis.

What Apple is really saying, I think, is just like iOS 7 Apple needs devices in their possession to extract data, they can't do it remotely and didn't provide government agencies with the tools to do so either.

Here is a snippet from Apple's page Legal Process Guidelines U.S. Law EnforcementImportant Note, the original link "https://www.apple.com/legal/more-resources/law-enforcement/" to this information at Apple gets redirected to "https://www.apple.com/privacy/government-information-requests/" now, so if you don't have a copy of original page you will need to find cached version to verify:
 " I. Extracting Data from Passcode Locked iOS Devices
 Upon receipt of a valid search warrant, Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data." 

And from the FAQ section of that page:
"Can Apple provide me with the passcode of an iOS device that is currently locked?
No, Apple does not have access to a user’s passcode but may be able to extract some data from a locked device with a valid search warrant as described in the Guidelines."
So what it seems like to me, is that iOS 8 offers at best same protection as earlier versions, Apple can still extract data from from devices in their possession, though they worked hard to write a factually accurate statement that was misleading.

I also haven't noticed any comments about data from the coprocessor that tracks movement and other data on iPhone 5S and newer, even when phone is sleeping.


Additional Links of Interests: