If someone takes your iPhone, can they get your data too?
For years, Apple has been working to make sure the answer is no. The iPhone’s local storage drive has strong encryption, and without a passcode or a fingerprint, there’s no way to get past the lockscreen. If the phone powers down or goes 48 hours without a login, it locks down even further, requiring a passcode to restart. It’s a huge problem for phone thieves — and, as the San Bernardino case demonstrated, makes life difficult for law enforcement too. It’s still possible to get cloud data held on Apple servers, and any data controlled by an app is another story — but if it’s stored locally on your phone, it’s tough to get without your permission.
With those protections in place, thieves and digital forensics experts have turned to the iPhone’s automatic backup system as the easiest way through. If your phone has registered your computer as a trusted device, it’s possible to trigger an automatic backup from the computer itself, which basically dumps all the phone’s data onto the computer in a nice package for investigators. Even if the computer isn’t a trusted device, all you need to establish a trusted device is a fingerprint login, which you could potentially spoof or 3D-print. Once you’ve made that login, you can pair the phone, dump the data, and start picking through.
In some ways, this sounds a lot like logging into the phone — but it gives a lot more access for a much longer span of time. Once a computer is registered as a trusted device for a particular phone, the computer can pull backups off that phone at any time in the future, even without logging in.
The process for establishing a trusted device is already a bit daunting — but with iOS 11, that system will get just a little bit tighter. A new post from ElcomSoft (which makes the forensic software that pulls data off those paired phones) details an overlooked feature in iOS 11 that will make that system a little bit harder to crack. Now, you won’t be able to establish a pair with just a fingerprint; you’ll need the full passcode, just as if you were unlocking the phone after a hard reset. It seems minor, but it’s potentially a serious problem for police, who are legally allowed to compel fingerprints but move into trickier legal territory when it comes to passcodes.
In the abstract, this is all something of a moot point. If you’re spoofing fingerprints, you’ve got enough to log into the phone itself (as long as it’s not locked down), at which point you can just open apps and get the data you need anyway. But backing up the phone to a trusted device is a huge part of modern forensics, and it’s one of the few ways for investigators to be sure they’ve gotten every piece of data they could. Under iOS 11, it will be harder to do that without the user’s permission, turning up the heat ever so slightly on the encryption debate.
It’s still unclear exactly why the change was made, although rumor has it the next iPhone will drop the TouchID fingerprint reader entirely, which would certainly explain it.