DOJ: iPhones 'too secure'; A key moment for the enterprise?

Summary:According to MIT, the U.S. Justice Dept. is struggling to access iPhone data, making the task of law enforcement nigh on impossible. The security is good, but only BlackBerry's have the government edge.

Move over, BlackBerry. Apple is on its way, and it's only a hair's breadth away from government use -- something Research in Motion has, but may not be the last to acquire such accreditation.

According to MIT's Technology Review, Apple's iOS designed for iPhones and iPads, has security tough enough to cause even the U.S. Department of Justice headaches in criminal investigations.

A Justice Dept. official spoke at the 2012 Digital Forensics Research Conference, describing the popular smartphone platform as one of law enforcement's worst nightmares.

"I can tell you from the Department of Justice perspective, if that drive is encrypted, you're done," said Ovie Carroll, director at the Justice Dept.'s Computer Crime and Intellectual Property Section, during his address earlier this month.

"When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data."

iOS in its early days was a hacker's dream. There were bugs that could allow hackers to access the inner sanctum -- thanks to applications' root access permissions -- of the phone's data stores, which were not fixed until 2008, more than a year since its initial release in in June 2007. 

Since then, the enterprise sector became Apple's target. The rise of the BlackBerry in business and government use -- despite its subsequent decline -- was in the Cupertino, CA. company's sights. 

The iPhone 4S and iPad 3, despite its consumer attraction, remains a "trustworthy mobile computing" platform, MIT described.

Apple says on its website:

Device policies, restrictions and strong encryption methods on iPhone provide a layered approach to keeping your information secure. iPhone uses hardware encryption to protect all data at rest. To further secure mail messages and attachments iPhone uses Data Protection which leverages the unique device passcode to generate the encryption key.

The mobile technology giant uses primarily AES-256, a highly secure algorithm, used by the National Security Agency to encrypt data classified as TOP SECRET. Because each and every iOS device has a "unique [key] to each device and is not recorded by Apple or any of its suppliers" that is burned into the device's chips, it "guarantees that they can be access only by the [device's internal] AES engine."

You might even think the four-digit PIN code is easy to crack? Wrong. If you're lucky, you can tilt the device in a bright light and work out the combination left by a user's fingerprints, but even this is a long-shot. The iOS' six-digit or even eight-digit PIN code is "good enough for most corporate secrets," MIT said, but warned that it was equally good enough for those on the other side of the law.

In a world where the bottom-up hierarchy goes from: consumers, small-businesses and enterprises, and governments -- it's clear that the first two are pretty much covered by iOS' security.

But since the enterprise sector was covered, government use then became Apple's target. 

However, even if the devices themselves are secure enough for governments, there's still a way to go yet, in not only back-end infrastructure, but required federal certification. 

Apple has yet to acquire certification from the U.S. government, or any government for that matter. The only runner in the race is Research in Motion, which only this year saw BlackBerry 7 -- thanks to the firm's highly secure back-end data infrastructure -- achieve U.K. government certification from a division within its third intelligence agency, GCHQ. 

The U.S. granted FIPS-140-2 certification, required by U.S. law for security necessary in federal government, to BlackBerry devices almost since their first release on the market. 

Though BlackBerry's can only send and receive documents classified under the U.K. and U.S. government classification system as RESTRICTED and below, not including SECRET and TOP SECRET, it's still enough to keep the ailing Canadian firm in business.

For now, iPhone's may still be technically the most secure handset on the enterprise and government market. However, without RIM's decentralized and highly secure infrastructure in place, Apple still has a way off yet. And until it has a government certificate in its pocket -- such as FIPS award -- you won't even get close to Langley with an iPhone in your pocket or an iPad in your bag.

via MIT's Technology Review.

Topics: Security, Apple, Government : US, iOS, iPad, iPhone, Legal, Privacy

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.