Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

LAPD cracks iPhone 5S in murder case, but it probably wasn't encrypted

AppleInsider Staff |

Last updated

An iPhone 5S being held as evidence in the investigation of a 2014 murder has reportedly been unlocked by the Los Angeles Police Department, though the timing of the crime suggests that the phone in question may not have been protected by encryption.

Detectives seized the phone shortly after the murder of April Jace, late wife of actor Michael Jace, according to court records reviewed by the Los Angeles Times. While the phone has been in the LAPD's possession since 2014, they were only recently able to access its contents.

Standing in their way was the phone's passcode, making for a circumstance similar to the now-infamous San Bernardino case.

However, the iPhone 5S used by the victim has been in police possession since before iOS 8 — with stronger encryption enabled by default — was released. This means the device in question was running iOS 7, which did not ship with strong, system-wide encryption enabled and left many portions of the system open to recovery.

As a result, it's likely that the phone was not protected by anything more substantial than the passcode lock.

The LAPD notes in its court filings only that it contracted a "forensic cellphone expert" who could "override the locked iPhone function." The warrant was issued without going into further detail, though a number of methods for bypassing the passcode lock on various iOS devices — many revolving around the iPhone's power circuitry — have been detailed in recent years.

19 Comments

Rosyna 9 Years · 87 comments
About

"This means the device in question was running iOS 7, which did not ship with encryption enabled."

Encryption has been mandatory, non-optional since the iPhone 3GS and iOS 3.

In iOS 7, all third party app data was encrypted with a key derived from the passcode. As was email. Here's a quick primer on iOS encryption: http://www.darthnull.org/2014/10/06/ios-encryption

What's far more likely was that they used a brute force method that exploited a bug only fixed in iOS 8.1.1. The IP-BOX is an example of a third party device that does this cheaply. http://www.teeltech.com/mobile-device-forensic-tools/ip-box-iphone-password-unlock-tool/

gatorguy 14 Years · 24705 comments
About

Yeah, I think the article author was momentarily confused. AFAICS both iOS data and that from 3rd party apps was encrypted by default in iOS7.  What the author perhaps had intended to point out was that unless you used a passcode there would be no encryption (which changed with iOS8 didn't it?). Without a passcode tho it seems the LAPD could have accessed that phone long ago. 

foggyhill 11 Years · 4767 comments
About

Don't get what their saying, if there is a passcode and its a 5s, it's encrypted.

They may have used whatever unpacted exploits to brute force the passcode though, though even that would not have worked if someone had touchID (to make more likely to use a long passcode) and actually used a 8 alpha character passcode.

Rosyna 9 Years · 87 comments
About

gatorguy said:
Yeah, I think the article author was momentarily confused. AFAICS both iOS data and that from 3rd party apps was encrypted by default in iOS7.  What the author perhaps had intended to point out was that unless you used a passcode there would be no encryption (which changed with iOS8 didn't it?). Without a passcode tho it seems the LAPD could have accessed that phone long ago. 

It is always encrypted. This encryption is non-optional. If the is a passcode set, then the master decryption key for that protection class of data is encrypted with a key derived from the passcode. If there is no passcode set, the key is only encrypted with a key derived from the UID and GID.

This "double encryption" is used so users can easily change the passcode without having to re-encrypt all user data. It's also so employers that provide iPhones to employees can use MDM to get a backdoor decryption token without needing to know the user's passcode.

FileVault2 on Mac OS X also uses this double encryption method to support multiple users and recovery keys.

1 Like · 0 Dislikes
dick applebaum 18 Years · 12525 comments
About


Read More on our Forums ->
 

Top Stories

article thumbnail

Amazon's best deals: $299 Apple Watch S10, iPads & MacBooks up to $600 off
article thumbnail

Trade war escalations between Trump and China to significantly impact Apple
article thumbnail

Yet another iPhone 17 Pro case leak shows off camera bar design
article thumbnail

EU puts Apple fine on hold while US trade talks continue
article thumbnail

Google claims it won half of its monopoly case, and will appeal the rest
article thumbnail

Trump vs. China: How the tariff war has hit Apple so far
article thumbnail

Deals: Amazon drops Apple's 14-inch MacBook Pro with M4 Pro chip to $1,829