The effectiveness of Apple’s protective mechanisms in its devices has never been questioned. Rather, the opposite. It was enough to look at the reaction of the industry representatives to the next initiative of the company in the field of privacy protection. That the prohibition of cross-tracking in Safari, that it is the responsibility of developers to request permission to track, that the need to publish security labels in the App Store. All of them at one time caused the outrage of developers and advertising companies since it became more difficult for them to follow users. But it turns out that this is not enough for a good defense.
A group of security experts from Johns Hopkins University has identified flaws in iOS encryption systems that could put users at risk. The study found that Apple is ineffective in using encryption in a selective way.
When the iPhone is best protected
This increases the potential risk of being compromised because if attackers know about unprotected operating system segments, they will certainly try to take advantage of it. As a result, they will almost certainly be successful.
IOS has all the necessary infrastructure for hierarchical encryption that only looks secure on paper. But I was unpleasantly surprised when I found out how ineffectively it is being used, – said Maximilian Zinkus, the author of the study.
When the iPhone boots up for the first time after being disabled, all the data it stores is in the “Full Protection” (BFU – before first unlock) state and the user must unlock it to decrypt it all. It is very reliable indeed. However, after the first unlocking – with a password, fingerprint, or face – a larger amount of data goes into the “Protected before authentication” (AFU – after first unlock) state, in which the smartphone stays 95% of the time. Although it assumes encryption, it is no longer as reliable as in the first case.
In the Protected Before Authentication state, the iPhone quickly stores encryption keys where applications can interact with them. That is, nothing prevents an attacker from discovering any vulnerabilities and taking advantage of them in order to pull the necessary strings and gain access to a seemingly blocked device.
Is the iPhone well protected
I was in real shock when we analyzed the security of Apple smartphones. After all, we’ve always thought iPhones were really good at protecting users and their data. Now that we have completed the project, I really understand that there is no such protection in the mobile market that we really need and is justified from the point of view of reasonable security. I do not understand why law enforcement agencies require Apple to make a backdoor in iOS, if they can easily hack iPhone, ”said Matthew Green, a researcher on Zinkus’s team.
In fact, Green is not exaggerating when talking about iPhone hacks by law enforcement agencies. It is highly likely that the vulnerabilities in iOS encryption systems are exploited by the GrayShift toolkit. As a result, they don’t even have to guess passwords, which can be really time-consuming. They simply find a flaw in the operating system and exploit it, after which they gain access to the encryption keys and unlock the locked smartphone.
In fact, not all data is permanently in a weakened state of protection. Some types of information are stored in a highly encrypted form at all times. These are data from the standard Mail application, books, Safari history and some other applications. However, until 2012, the defense was more solid. It’s just that since that year, Apple has decided to weaken it in order to prevent conflicts between geolocation services and other system functions, which have become more actively used in the operation of the iPhone and third-party applications.