Police Can Still Get Data Off Your iOS 8 Device Without Apple's Help

Illustration for article titled Police Can Still Get Data Off Your iOS 8 Device Without Apple's Help

Remember that promise Apple made about not turning your data over to police in iOS 8? It's not a lie! But as iPhone security experts point out, that does not mean police can't access your data. It's actually not even that hard.


This week, iOS forensics expert Jonathan Zdziarski published a sobering reminder that iOS 8 is not infallible to intruders, especially government-funded intruders. Zdziarski has actually trained police on how to access data on iPhones in the past and didn't have any trouble pulling almost all third party data off of a locked iPhone in a recent test. That includes everything from Facebook, Twitter, Instagram, banking apps, and so forth. "I can do it. I'm sure the guys in suits in the governments can do it," Zdziarski told Wired. "And I'm sure that there are at least three or four commercial tools that can still do this, too."

Of course Apple never said your data was unreachable. Just that it could no longer cooperate with government requests for access to iPhone data, because it could not access that data itself. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8," the statement reads.

Not to suprirsingly, government agencies—from local police to the FBI to the NSA to the CIA—can do the job just fine without Apple's help. Zdziarski takes pains to point out how even though security is greatly improved in iOS 8, holes still exist. The intruder only needs access to a powered on device and a computer that has exchanged data with that device in the past. That means if your computer and phone are seized together at the airport, for instance, your data is vulnerable. Data from native iOS applications, including call records and text messages were protected, but all third party data is up for grabs.

So if you want to keep prying eyes off your iPhone, use a passcode, for one. You should also power down the device at airports or any other time it could intercepted. Finally, encrypt your hard drive so hackers can't access sync data. In fact, you should just go ahead encrypt everything. It can't hurt. [Wired]



I bet it is because the phone decrypts the storage on first passcode entry/touch ID and never re-encrypts until you shut it down. The passcode after that is just a screen lock and doesn't activate encryption. It would be nice if there were an option to have the phone encrypt when the phone locks or goes to sleep for those that want to use it. Or an "Encrypt storage after 5/10/15 minutes of inactivity" option. It might make unlocking a little slower but it would be worth it in my book. Android has this problem (and some worse ones) with its encryption too.