The Root of the Issue
The FBI isn’t just demanding that Apple unlock the lone device belonging to the deceased individual who undoubtedly committed this heinous crime. Its court order requested software tools that could bypass the phone’s encryption, which irretrievably erases a phone’s data following ten incorrect password entry attempts.
That the FBI seeks to override this technology and potentially overcome the waiting periods between allowed password entry attempts implies that it wants to brute force the password. Obviously, this could enable it or anyone else who gets their hands on the tool to guess passwords on all iOS devices.
What This Means for Data Security
Apple publicly denied the FBI’s request. In the process, the tech giant kicked off a highly-politicized debate about whether a single investigation was worth the privacy of millions of users. What many media outlets overlooked, however, was the fact that any outcome of this situation could have huge implications for the data recovery industry.
Would valid data recovery attempts be better served by an iOS version that didn’t lock people out so securely? While it’s easy to assume that such software could help companies retrieve their data after losing device passwords, it would probably also facilitate corporate espionage. A bad actor who steals corporate hardware and the appropriate credentials could
conceivably send the device in question to a recovery service and access data they shouldn’t possess. This possibility also raises a whole host of liability and consumer privacy concerns.
As it stands, the fact that even the FBI can’t breach a locked Apple device should serve as a clear warning to users. You only have so many tries to get into your phone, and you may be blocked out for up to an hour between attempts. In short, guessing your passwords could constitute an unacceptable risk, especially when essential professional data is at stake. On the other hand, it also means that base Apple devices may not be the best choice when you anticipate having to employ data recovery services.