October 6, 2014 by

Apple’s New Encryption Won’t Stop Intelligence Gathering

As Apple and Google introduced a more thorough encryption for their devices and revised their privacy policy (Apple), many people are wondering what this actually means to them. Apple claims it’s a move to better protect the privacy of its users, while some opponents claim that Apple is just picking a pointless fight with the US government, while providing criminals with protection at a cost to the public.

Whichever view you hold, the truth is, if you’re concerned about intelligence agencies (let’s call them I.A.) listening in on your conversations, you’re out of luck. Here’s a few reasons why:

  • Apple only encrypts data on your device directly. Phone calls, text messages, internet data packets all cross the carrier’s network and are weakly encrypted. Your carrier is also legally required to provide this data to law enforcement and I.A.
  • If this I.A. can communicate with your device directly (via Wi-FI, SMS, man-in-the-middle of the radio link, access to the USB port, or spearphishing via a well made email and more) they might be able to use a zero day exploit to gain code execution ability on your phone and bypass encryption by reading the cleartext out of RAM while the phone is unlocked.
  • Often, the contents of text messages and calls are not even necessary. If the law enforcement or an I.A. need to locate you, they can use the existing e911 GPS location or triangulation of your position via cell phone towers.

These are just a few ways an interested third party may gain access to your information. Andrew Zonenberg put together an in-depth article for those interested in a more through examination of Apple’s encryption and its possible breaking.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Apple Partners Allianz to Offer CyberCrime Insurance Perks

A new partnership between Apple, Cisco and insurance firm Allianz SE will see businesses using...

Read more arrow_forward

Security Researchers Uncover ‘World’s Most Powerful Android Spyware’

Security researchers at Kaspersky have uncovered a new form of Android spyware with capabilities...

Read more arrow_forward

Happy New Year: Researcher Drops MacOS Zero-Day Root Access Kernel Exploit

To ring in the new year, a security researcher on New Year’s Day disclosed an unpatched security...

Read more arrow_forward