Privacy and security have long-been one of the top selling points for iOS devices in the interminable marketing fracas between Apple and its competitors, with fancy additions to their suite of protection features like fingerprint scanning and facial recognition. Android devices, by contrast, always seemed to lag behind in the personal encryption space, but have caught up fairly recently in the consumer’s mind, at least.
The cat, as they say, is out of the bag thanks to researchers at Johns Hopkins University, who decided to test the mobile security systems of two of the biggest mobile device makers, Apple and Google. Their findings reveal that the layers of security protecting our data are only skin deep and that much of the encryption structures built into these devices remain unused. “I’ve come out of the project thinking almost nothing is protected,” Matthew Green, the professor who oversaw the study told Wired.
Using the companies’ own data and records spanning over a decade, the team of cryptographers found a plethora of security loopholes that can and are being exploited “by hackers and law enforcement alike.” The latter’s access to our mobile devices is of particular concern, given “the privacy risks involved in unchecked seizure and search.” Significantly, it is not your local police precinct that necessarily has the right tools to extract any readable data from your cell phone or laptop (though that is changing), but rather, these unique abilities are reserved for private cybersecurity companies who offer their services to police and other government entities.
One such firm, Israeli cyber forensics firm Cellebrite, boasts about their ability to “unlock and extract data from all iOS and high-end Android devices,” a service they have been selling to governments around the world and which they have more recently integrated into a product called Universal Forensic Extraction Device or UFED, which has been purchased by multiple law enforcement agencies across the globe, including the Hong Kong Police, which used Cellebrite’s hacking technology to “crack protestors’ smartphones” during the anti-extradition riots of 2019 and the NYPD, which enrolled in Cellebrite’s “UFED Premium program” that same year and gives ‘New York’s finest’ the capability to extract ostensibly private citizens’ data from the department’s own computers and laptops.