Does the iOS security mechanism inadvertently open the back door to hackers?

Based on publicly available documents from Apple and Google, including law enforcement reports about bypassing their own analytics and mobile security features, cryptographers assessed the level of Secure iOS and Android encryption. The study found that while the encryption infrastructure on iOS “sounds really good,” it was essentially not being used.

The team’s research aim is to explore security mechanisms to prevent unauthorized access to data in mobile devices, ways of unauthorized data access, and how to improve it to prevent unauthorized access. . Study subjects are iOS and Android platforms. ” Especially on iOS, this multilayered encryption infrastructure is in use, and it’s really good, ” said lead iOS researcher Maximilian Zinkus . But I was really surprised to see it was underused at that time .

When the iPhone boots up, all data is stored in a “fully protected” state, and the user must unlock the device before decrypting anything. While it’s safe to do so, many researchers emphasize that when the device is unlocked for the first time after a reboot, a large amount of data goes into what Apple calls “pre-protected. first-user authentication state ”.

Since the device rarely reboots, most of the data is in the state ” protected with first user authentication “, not ” fully protected “. The advantage of this less secure state is that the decryption key is stored in fast memory and can be accessed quickly by applications.

In theory, hackers can find and use certain types of security holes in iOS systems to quickly access the encryption key in memory, helping it decrypt large amounts of data in the device. . This is also how many smartphone access tools work, such as the Grayshift digital forensic access tool.

In addition to the iOS system itself, iCloud transfers large amounts of user data to Apple’s servers, which can also be remotely accessed by hackers or unauthorized law enforcement. Apple uses the SEP security processor to strictly limit password guessing attacks, but there is evidence that at least in 2018, hackers used the GrayKey tool to crack SEPs.

Attackers need specific operating system vulnerabilities to retrieve data, and Apple and Google will apply multiple patches when they discover those vulnerabilities, but this can be avoided by hiding encryption keys. deeper.

” It really shocked me because when I got into this project I thought the phones would actually protect people’s data, ” said Matthew Green, a cryptographer at Johns Hopkins University. used, but the reality is different. The iOS security mechanism is unintentionally creating backdoors for hackers . The researchers also directly shared their findings and some technical advice with Apple.

” Apple devices are designed with multiple layers of security measures to protect against a variety of potential threats, ” an Apple spokesperson stated publicly . We are constantly working to add new measures to our users. As the amount of sensitive information stored on the device continues to increase, we will continue to develop some additional hardware and software protections to protect users ‘ data.

Additionally, while many of Apple’s cloud services advertise the use of end-to-end encryption technology, stressing that only users can access cloud data, researchers found that when Using iCloud backup service, the security of certain encryption services will be compromised.

In fact, Apple’s security efforts are mainly focused on protecting users from hackers, thieves, and criminals who want to steal personal information. They also point out that the attacks highlighted by the researchers are costly to develop, require physical access to the target device, and can only work before Apple releases a patch. Apple also emphasized that their goal for iOS is a balance between safety and convenience.

On the contrary, the situation of the Android platform seems more complicated. Researchers found that the latest top Android models can provide strong protection, but the loss of connection between Google and Android device manufacturers leads to the progress of software updates. security and privacy controls are inconsistent with most Android phones.