A security researcher at Johns Hopkins University who led an examination into the robustness of smartphone encryption systems says he was shocked by the Android and iOS vulnerabilities they discovered.
He said that iOS in particular has extremely secure encryption capabilities, but these are not in use much of the time …
Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade’s worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools […]
“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research. “Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”
The researchers said that iPhones essentially have three levels of protection:
- Before First Unlock (BFU), or immediately after a restart
- After First Unlock (AFU), when the phone has been locked but not restarted
- Complete Protection locks available for developers to use if they wish
When an iPhone is restarted, and not yet unlocked, it is in a state Apple calls Protected Until First User Authentication and which security researchers refer to as Before First Unlock (BFU). In this state, the highest level of encryption is applied, known as Complete Protection. It is virtually impossible to extract data from an iPhone in this state unless you can find a way to unlock it.
The risks begin after that first unlock, says the report.
When data is in the Complete Protection state, the keys to decrypt it are stored deep within the operating system and encrypted themselves. But once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone.
Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, researchers realized that this is how almost all smartphone access tools likely work right now.
Apple does, however, offer one option Android doesn’t.
Where Apple provides the option for developers to keep some data under the more stringent Complete Protection locks all the time—something a banking app, say, might take them up on—Android doesn’t have that mechanism after first unlock.
Most apps don’t take advantage of this.
The risks do, however, need to be viewed in perspective.
It’s not hard to understand why Apple offers different levels of protection: performance. Having the phone operate in Complete Protection mode all the time – only retrieving decryption keys when needed, and purging them from quick access memory after use – would significantly slow down the phone. Apple takes a balanced approach which is appropriate for the vast majority of users.
It’s important to understand that the type of tools used to exploit this slightly weakened security state rely on physical access to the phone, and require knowledge of other zero-day iOS vulnerabilities in order to gain access to data. In practice, unless you are a criminal, or a high-value target for a nation state or major corporation, you aren’t going to be at risk from this type of attack.
Apple said that it continually refines its privacy protections.
“Apple devices are designed with multiple layers of security in order to protect against a wide range of potential threats, and we work constantly to add new protections for our users’ data,” the spokesperson said in a statement. “As customers continue to increase the amount of sensitive information they store on their devices, we will continue to develop additional protections in both hardware and software to protect their data.”
As an aside, if you want to see an example of the difference between BFU and AFU protections, there’s a simple experiment you can conduct.
When your best friend calls your phone, their name usually shows up on the call screen because it’s in your contacts. But if you restart your device, don’t unlock it, and then have your friend call you, only their number will show up, not their name. That’s because the keys to decrypt your address book data aren’t in memory yet.
FTC: We use income earning auto affiliate links. More.