UK police turn to stealing in-use iPhones from suspects on the street, bypassing encryption
AppleInsider may earn an affiliate commission on purchases made through links on our site.
U.K. law enforcement has turned to legalized "street robbery" to avail themselves of suspected criminals' iPhones, snatching them after the owner unlocks them to prevent contents from being irretrievable by forensics teams.
Metropolitan Police specializing in major fraud and organized crime online came up with the tactic, according to BBC News. A covert team obtained a warrant and trailed one suspect, Gabriel Yew, in June.
A team of officers grabbed the iPhone — and Yew — while he was actively using the device, and swiped through screens to prevent the phone from locking while processing the arrest.
"Officers had to seize Yew's phone from him in the street," said the leader of the operation, Detective Chief Inspector Andrew Gould. "This evidence was crucial to the prosecution."
As a result of the seizure, the phone gave up information on how Yew conducted his fake credit card business, as well as evidence leading to four convictions. Also gleaned from the phone were another 100 suspects in the ring.
The law, and compelling decryption
Presumably the U.K. investigators assumed that the Regulation of Investigatory Powers Act of 2000 (RIPA) would fail to induce Yew to give up the password or biometric information for Apple's Touch ID. Failure to comply with RIPA allows for a sentence of up to two years in jail — Yew was given a five-year sentence as a result of his conviction earlier in December.
In the U.S., suspects' rights are potentially protected against mandatory password sharing by the Fifth Amendment to the Constitution, but a recent court order in Virginia allowed compulsion of a fingerprint or other information for biometric identification, such as Touch ID.
Law enforcement's persistent needs
iOS 8, 9, and 10 all offer full-disk encryption, making it nearly impossible for anyone — including Apple — to access data on a device without its owner supplying the passcode. On products with Touch ID the situation is even more complex — while a person can potentially be compelled to supply their fingerprint, there's a limited time window in which to do so, and physical hacks may run into problems with the Secure Enclave.
Bringing law enforcement's encryption problem to light, the FBI was unable to penetrate the data on the San Bernardino shooters' county-owned iPhone 5c, and lacked the tools to perform the task itself. It attempted to force Apple to develop software to break into the phone.
After a lengthy battle mostly in the court of public opinion, the FBI dropped its legal pursuit of Apple, and hired "grey-hat hackers," rumored to be Israeli firm Cellebrite, to break into the phone. No actionable data was found.
In November, Manhattan district attorney Cyrus Vance claimed that his office held 423 uncrackable Apple devices in evidence, with the iPhone 6 being the most prevalent. As recently as Sept. 2015, the office had around 100.