Apple fixes bug that cops used to extract deleted chat messages from iPhones

Posted by cdrnsf 18 hours ago

Apple fixes bug that cops used to extract deleted chat messages from iPhones(techcrunch.com)

657 points | 165 commentspage 2

itopaloglu83 17 hours ago|

Thankfully Apple backported the fix the iOS 18 as well.

ilikepi 17 hours ago|

Not only that, but iOS 18.7.8 actually seems to be available to devices capable of running iOS 26 without any workarounds, unlike 18.7.3 through .6. It makes me wonder if those intermediate releases really were supposed to be available but weren't due to some issue on the distribution side that no one bothered to fix.

lynndotpy 16 hours ago|||

Very serious vulns were being exploited in the wild, I think that's what forced their hand. I don't think Apple ever had a discrepancy like the one with iOS 18.7.3 through .6 being held back.

For those on iOS 18, beware that the update to iOS 18.7.8 will toggle Automatic Updates back on. Make sure to switch it back off so you don't wake up to a nasty surprise when iOS 26 is non-consensually forced onto your iPhone.

wao0uuno 8 hours ago||

I just updated to iOS 18.7.8 and automatic updates are still off. Updates used to enable Bluetooth but event that's not the case anymore.

itopaloglu83 17 hours ago||||

I think that was another attempt by Apple to push users to iOS 26, but after seeing how many people with compatible devices refuse to upgrade, they finally caved in and provided an update.

lynndotpy 16 hours ago||

They caved, but they're still pulling out new tactics to trick users into installing iOS 26.

The new iOS 18 update will _also_ toggle Automatic Updates back on. I had it happen just now on my 13 Mini against my will. I had to go back into settings and very carefully navigate to disable automatic updates.

wao0uuno 8 hours ago||

Interesting. Judging by the time of your post I assume that you're American. I'm in Europe and automatic updates stay disabled for me. I just upgraded 3 devices without any problems.

lynndotpy 36 minutes ago||

Yep, I'm in America. Would be strange if it differed by locale.

layer8 16 hours ago|||

There seems to have been a change of mind, maybe also due to the severity of the exploits. The non-availability of security updates for models that are upgradable to a newer major version has been Apple's practice for many years now.

The way major upgrades are presented in the Settings UI makes it clear that users installing these security updates while not upgrading to a newer major version do so very intentionally. So Apple is now supporting these users deliberately.

chislobog 14 hours ago||

Looking at the detritus in the filesystem on Jailbroken iOS devices you will observe that iOS decides to vacuum, purge, and let linger all sorts of databases and logs until something triggers a cleanup which is usually time or an iCloud sign-out induced erase and subsequent sync. People have been complaining for years about excessive phantom “system storage” and “other data.” Interestingly the photos thumbs database can grow seemingly indefinitely in size for some weeks or more if you’re regularly deleting all of your photos and saving to photos from apps or taking photos. I suspect that there a lot of behavioral data records that is left on most devices until a convenient period of inactivity passes and the possible user behavior analysis and reporting functions of iOS allow whatever cleanup happens after processing on device. It would be useful to capture iCloud backup restores from physical devices to corellium virtual devices with some creative matching of your existing idevices identifiers. Could see what triggers a cleanup during backups, local or otherwise, get a good look at what is being restored from iCloud. I also think it’s possible that iCloud can sync a database, say safari bookmarks, pushing it to the device inducing a state where the device bookmarks are moved to inaccessible tables and left there, unavailable to the end user, but not out of sync with the current active session state. Of course this is just my musing based on observations of weekly ffs extractions of a few devices over the last 5 years.

handedness 14 hours ago||

My observations from when I daily drove iOS (no more) mirror yours: the incredible amount of cruft that would accumulate was astonishing. At one point I had a device that was majority full of system storage and other data. The same was true across family devices, too.

Some years ago I stopped depending on Apple's purchased downloaded movies for long flights, after an instance of having the files downloaded to the device beforehand, but Apple deciding I didn't have the DRM keys to play said files during a long transoceanic flight. I then moved to storing DRM-free movies in VLC, but iOS prioritized keeping system storage and other data cruft around, and wiped VLC's stored files. Talk about paying for an expensive device and media you don't really own.

I'd imagine the metadata picture that could be synthesized from that data could be extensive in some cases. This stuff is hard and I'm sure there are good reasons for caching things, especially on a device positioned to primarily act as a readily available front end for online stores, but I have a hard time believing that Apple's executing it well.

jameshart 2 hours ago||

This all seems like a reasonable critique but the idea that the reason for not cleaning up data is so the system can run background behavioral analysis on it seems paranoid. Surely the main reason for not running cleanup until storage is needed is just optimizing for in the moment performance.

samarth0211 9 hours ago||

That was definitely necessary, becuase the major reason people buy iphones is privacy and security

trinsic2 13 hours ago||

I would never rely on a closed system for secure messaging to many unknowns.

exfil 8 hours ago||

Agree. Peoples are trusting App with unknown source code & delivery path, infrastructure controlled by 3rd party. Application cannot protect against OS and OS cannot protect against HW. Too many known unknowns. Seek the arguments how and why OTF got re-funded last time.

dewey 13 hours ago||

And yet iOS is probably the most secure mobile platform for secure messaging. Especially in lock down mode.

trinsic2 12 hours ago||

Except, you cant really verify all of that. so IMHO that's just speculation based on the surfacing of news which can easily be distorted. Or maybe you can. Is there any sources on people that have evaluated the security of these features.

dewey 12 hours ago||

You can’t verify that even on an open OS as there will still be closed hardware blobs. At least with popular systems there’s a lot of state level hacking activity so zero days get patched routinely. Also Apple has a program for researchers where they get more access to the system (That program was criticized heavily though for the way it was implemented).

It’s not a perfect system so right now you still have to trust someone at some point in the chain.

j_maffe 8 hours ago||

> At least with popular systems there’s a lot of state level hacking activity so zero days get patched routinely

Not sure how you're implying one leads to the other.

Fokamul 4 hours ago||

Who cares, Apple as any other US company must cooperate with "cops" or 3-letter agencies.

Not publicly, of course.

Ask yourself, do you really own your device? Can you access kernel? Can you flash your own firmware on your device? No?

Then you DON'T own it.

jameshart 2 hours ago|

Apple has repeatedly shown - as in this case - that when police are able to find a way to use their subpoena and coercive powers over Apple to subvert a user’s privacy expectations and extract data from an iPhone, that they see that as a failing of iOS and are willing to fix that bug.

In this case they are patching out a data extraction path that was exploited to access data a user thought had been deleted.

varun_ch 17 hours ago||

This makes me wonder: Cellebrite makes tools for law enforcement to break into iPhones, likely exploiting weaknesses/vulnerabilities. Does Apple buy Cellebrite’s tools and reverse engineer them? Or would they not have a way of acquiring them legally?

saagarjha 16 hours ago||

Cellebrite sells their lower-level devices to Apple directly for things like data transfer at Apple Stores. The ones above that are unlikely to be sold to Apple.

tredre3 15 hours ago|||

> Cellebrite sells their lower-level devices to Apple directly for things like data transfer at Apple Stores.

Please substantiate that claim. Why would Apple need mystical third party devices to transfer data? They've designed both the user devices and the software, and they're both capable of exchanging data, and I'm sure Apple can do even more once they put the devices in diagnostic mode. What am I missing? What is Cellebrite providing here?

avianlyric 14 hours ago|||

Because it’s a pain in the arse to design, manufacture and build a specialist device just for use in your stores.

I’m sure Apple could do everything that box does and more. But why bother designing, building and manufacturing your own specialist device when someone else already sells a perfectly good tool that does the job.

Don’t forget this is for use in a retail store by people who will have been given 5mins training on how to use the device. You want something that just requires a person to plug two phones in and hit a big “go” button. And it needs to work 99% of the time with zero messing around.

dewey 13 hours ago||

They built specialized tools to update iOS through the cardboard box without opening it before it goes on sale. I’m sure they can build something with a big “go” button if it’s important.

Petersipoi 9 hours ago|||

Nobody is arguing whether or not Apple could build the box. Apple could do almost anything that another company does. "Why doesn't Apple build their own planes to ship iPhones". Well, obviously because it's way cheaper, faster, and rational to use the perfectly good existing planes/boxes/you-name-it.

dewey 9 hours ago|||

That’s true, but it seems unlikely to me that they would partner with the company that helped the FBI unlock iPhones and is in general an adversary to Apple.

jrflowers 7 hours ago|||

> Nobody is arguing whether or not Apple could build the box.

People aren’t debating whether or not Apple could theoretically find a way to transfer data between the devices they make and sell. The question here is if there is any evidence for the assertion that Apple buys Cellebrite devices in lieu of making their own solution for transferring data between the devices that they make and sell.

RulerOf 10 hours ago|||

They did?

jackvalentine 10 hours ago||

Yes!

https://www.macworld.com/article/2107557/iphone-ios-update-i...

https://talk.macpowerusers.com/t/apples-in-box-device-update...

saagarjha 5 hours ago|||

Apple was not always a 4 trillion dollar company.

jrflowers 14 hours ago|||

Do you have a link that talks about this in more detail?

saagarjha 5 hours ago||

Sure: https://www.zdnet.com/article/more-evidence-that-apples-morp.... Also you can just ask people who've worked in the stores: https://old.reddit.com/r/gadgets/comments/sodt49/most_us_cab...

jrflowers 3 hours ago||

That is an article from 2010, the same year that “The US military buys PS3s for compute” was a true statement.

https://phys.org/news/2010-12-air-playstation-3s-supercomput...

It’s like saying “Single Ladies” by Beyoncé is topping the charts.

Do you have a link that talks about Apple buying cellebrite devices presently?

saagarjha 3 hours ago||

No, I don't think they are using Cellebrite devices currently.

kstrauser 14 hours ago|||

I can’t imagine a scenario where Apple couldn’t legally buy them on the grey market. I can imagine it being illegal to sell them, like contractual restrictions blocking purchasers from reselling them. But short of the tools being a munition or controlled substance, you can buy whatever you want.

bilbo0s 16 hours ago||

I bet Apple has access to Mythos now.

Not saying they should use it to reverse engineer hacking tools.

Just saying they have access to Mythos now.

klausa 11 hours ago|||

You bet that the company that was prominently mentioned as a parter in the announcement for a thing, has access to that thing?

Wow, such a risky bet, I'm not sure it'll pay off.

gsky 8 hours ago||

have you ever thought maybe Apple is creating a backdoor like this to make secret deals with gov orgs.

trusting a valley company is the last thing you could do since there is a ton of money to be made from selling secrets

random3 12 hours ago||

Makes you think what’s the biggest concerns wrt Mythos — is it finding or fixing the vulnerabilities that’s scarier :))

kippinsula 15 hours ago||

every time something like this surfaces I'm reminded how many privacy guarantees end at the app boundary. you can do all the e2e crypto you want, the OS layer is going to do whatever it does with your strings once they hit a render path. probably an unsolvable category of bug as long as notifications need to show readable text somewhere.

riddlemethat 15 hours ago||

If you want security through obscurity you can revert to IPoAC (RFC 1149).

Razengan 12 hours ago||

Speech capable avians can spontaneously leak secrets

Razengan 12 hours ago||

> probably an unsolvable category of bug as long as notifications need to show readable text somewhere.

Let screens always show garbled pixel vomit, decoded on device only by your private AR glasses

kippinsula 10 hours ago||

threat model just shifts to whoever has a camera pointed at your face, but probably still an improvement.

joshrw 2 hours ago|

“Bug”. More like a “bugdoor”

More comments...