Although Apple devices are known for their security and privacy features, a group of cryptography experts have claimed that government agencies can still access private user information.
According to an Apple Insider report, experts have discovered a new method that law enforcement agencies may be using to break into Apple devices, despite constant security updates.
Matthew Green, an associate professor at Johns Hopkins Information Security Institute, took to Twitter to explain how this might be possible. Citing research conducted by his students Maximilian Zinkus and Tushar M Jois, Green said law enforcement agencies probably do not even need to break the strong encryption on iPhones anymore because it does not protect all types of user data.
iPhones are always in either of the two states -- Before First Unlock (BFU) and After First Unlock (AFU). Once a user sets up the device and enters their password for the first time, it goes into FAU state. When the user keys in the passcode, the iPhone uses it to derive various cryptographic keys that are used to encrypt files.
However, when an user locks their handheld Apple device, it goes into BFU but remains in AFU state. At the time, only one cryptographic key gets purged from memory and the rest stays until the user unlocks the iPhone again. These keys can be used to decrypt protected iPhone files. Government agencies will only need to use a software that would help it bypass the iOS lock screen.
Unlike before, Apple uses its strongest protection only to safeguard emails and App Launch data. Which means, photos, texts notes, and location-based data are most vulnerable now.The team of researchers is expected to release a detailed report explaining the mode of operation soon.