If You Think Your Encrypted iOS Or Android Phone Is Safe From Law Enforcement, Guess Again
Over the years, lawmakers and law enforcement worldwide have been pushing for backdoors and to eliminate end-to-end encryption in devices. According to security and cryptographic research, however, law enforcement and governments can already access locked smartphones through various tools and tricks. This is mainly due to weaknesses in Android or iOS devices, which honestly, could be a lot better.
Recently, cryptographic researchers at Johns Hopkins University analyzed both Android and iOS devices and paired their findings with publicly available data. Johns Hopkins cryptographer Matthew Green stated that the results of the research shocked him, and he has now “come out of the project thinking almost nothing is protected as much as it could be.” Green then asks the critical question, “why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”
To be clear, phones are not just willy-nilly leaking data or giving it out to anyone who politely asks. Both Android and iOS devices have varying security levels, but the one that most phones have enabled at any one time can be problematic. The different security levels made the researchers assume that it would be challenging to unlock data from a phone, but that is not what happened. Both phone types could be vulnerable to exploitation and data extraction should they fall into the wrong hands. This requires many things to happen first, such as you just normally locking your phone and the attacker having physical access to take information from the system memory. Of course, the researchers also presumed that this is how many smartphone access tools work, so it likely happens in the wild.
In response to the research, an Apple spokesperson told WIRED that Apple is “focused on protecting users from hackers, thieves, and criminals looking to steal personal information.” Moreover, “The types of attacks the researchers are looking at are very costly to develop, the spokesperson pointed out; they require physical access to the target device and only work until Apple patches the vulnerabilities they exploit.” Google had similar things to say when WIRED asked the company for comment.
Ultimately, “researchers have concluded that [device security systems] fall short on the question of specialized forensic tools that governments can easily buy for law enforcement and intelligence investigations,” as WIRED writes. Another interesting thing to think about is that the U.S Government and law enforcement agencies are looking for backdoors when they could essentially buy access. Furthermore, it feels like a double-standard of sorts, as the U.S Government will ditch Huawei and ZTE Telecom equipment over “backdoor fears.” It is almost as if the government does not want to be spied on, but is perfectly happy to spy on anyone by setting a precedent. It is funny how that works, but you let us know what you think of phones not enforcing excellent security in the comments below.
