October 6, 2014 by

Apple’s New Encryption Won’t Stop Intelligence Gathering

As Apple and Google introduced a more thorough encryption for their devices and revised their privacy policy (Apple), many people are wondering what this actually means to them. Apple claims it’s a move to better protect the privacy of its users, while some opponents claim that Apple is just picking a pointless fight with the US government, while providing criminals with protection at a cost to the public.

Whichever view you hold, the truth is, if you’re concerned about intelligence agencies (let’s call them I.A.) listening in on your conversations, you’re out of luck. Here’s a few reasons why:

  • Apple only encrypts data on your device directly. Phone calls, text messages, internet data packets all cross the carrier’s network and are weakly encrypted. Your carrier is also legally required to provide this data to law enforcement and I.A.
  • If this I.A. can communicate with your device directly (via Wi-FI, SMS, man-in-the-middle of the radio link, access to the USB port, or spearphishing via a well made email and more) they might be able to use a zero day exploit to gain code execution ability on your phone and bypass encryption by reading the cleartext out of RAM while the phone is unlocked.
  • Often, the contents of text messages and calls are not even necessary. If the law enforcement or an I.A. need to locate you, they can use the existing e911 GPS location or triangulation of your position via cell phone towers.

These are just a few ways an interested third party may gain access to your information. Andrew Zonenberg put together an in-depth article for those interested in a more through examination of Apple’s encryption and its possible breaking.

 

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Apple Pushes Update to Fix Major Mac OS Vulnerability

Apple has issued an emergency patch after admitting to a major security flaw that enabled anyone to...

Read more arrow_forward

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are...

Read more arrow_forward

Kaspersky Denies Involvement in Russia’s Hack of NSA Contractor

Moscow-based cybersecurity firm Kaspersky Labs has denied a Wall Street Journal report that alleges...

Read more arrow_forward