Apple and app developers do not make sufficient use of the security functions available in iOS. Renowned IT security experts from Johns Hopkins University are convinced of this. Compared to the US magazine Wired they sometimes sharply criticized the current approach. It “really shocked him,” said crypto expert Matthew Green, because he thought these devices “protect user data well”. He wonders why the often requested back doors for criminal prosecutors are needed at all.

Levels of security Specifically, Green and his colleague Maximilian Zinkus, who specializes in iOS security, are concerned the fact that hierarchical encryption is simply not used in large parts. When an iPhone boots, it is first in the so-called “Complete Protection” mode before the user unlocks it. Then the decryption takes place.

Problem Quick Access Afterwards, however, a large part of the data from the system and apps ends up in the area “Protected Until First User Authentication” (protected until the first user authentication). According to the Johns Hopkins researchers, this state is less secure because the keys required to decrypt the device data are automatically transferred to the quick access memory area. This is used to give applications faster access.

Use by hacker tools This is not fundamentally unsafe. However, this means that attackers who manage to bypass basic iOS backups have significantly easier access to them than in “Complete Protection” mode. The researchers believe that hacking tools such as Grayshift used by security agencies are exploiting Apple’s decision. These can “open” iPhones completely and often use holes that are still publicly unknown.

Apple: Developing further The Johns Hopkins researchers call on Apple to address the problem. Compared to Wired the group announced that Apple devices were provided with “several security layers” in order to be protected against “a wide range of potential threats”. They are “constantly working on adding further protective measures for our users’ data”. It remains to be seen whether this means that Apple will respond to Green & Co.’s criticism. The group also announced that the attacks described were “very expensive” and that attackers would have to physically have the device in front of them. Apparently Apple sees its current strategy as a compromise between security and ease of use. (bsc)