How Law Enforcement Gets Around Your Smartphone's Encryption
New research has dug into the openings that iOS and Android security provide for anyone with the right tools.
LAWMAKERS AND LAW enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.
Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade's worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools. The researchers have dug into the current mobile privacy state of affairs, and provided technical recommendations for how the two major mobile operating systems can continue to improve their protections.
“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research. “Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”
"On Android you can not only attack the operating system level, but other different layers of software that can be vulnerable in different ways." TUSHAR JOIS, JOHNS HOPKINS UNIVERSITY