iPhone security is so good that police had to ‘mug’ a suspect to get his data

Law enforcement are forced to devise new techniques to deal with improved device security.

Graham Cluley
Graham Cluley
@[email protected]

iPhone security is so good that police had to 'mug' a suspect to get his data

British police have found a primitive, but effective, way to get around the security measures built into Apple iPhones, as BBC News reports:

Gabriel Yew had been under investigation for the suspected manufacture of fake cards that gangs were using across Europe to buy luxury goods. Detectives suspected that he was using an iPhone exclusively to communicate to other members of the network but knew if they arrested him, he could refuse to unlock it and they would never see incriminating evidence.

They considered whether they could legally force a suspect’s finger or thumb on to the device’s fingerprint reader to unlock it, but found they had no such power.

Sign up to our free newsletter.
Security news, advice, and tips.

However, they concluded their could stage their own lawful “street robbery” – using a similar snatch technique to a thief – and in June a team set out to do precisely that.

Yes, your iPhone is pretty damn secure when it’s locked, but if it falls into the hands of law enforcement while it’s *unlocked…*

By continually swiping the home screen, officers could ensure that the iPhone did not deny access by auto-locking itself.

Detective Chief Inspector Andrew Gould, who led the operation, said that the information obtained from Yew’s iPhone was critical to securing a prosecution:

“The challenges of pin code access and encryption on some phones make it harder to access evidence in a timely fashion than ever before. Officers had to seize Yew’s phone from him in the street. This evidence was crucial to the prosecution.”

Yew’s iPhone revealed a wealth of information about his criminal operation, and he has been sentenced to five-and-a-half years in jail.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

14 comments on “iPhone security is so good that police had to ‘mug’ a suspect to get his data”

  1. Bob

    It's been done before. UK officers dressed up in a couriers uniform and pretended they were senior managers checking a timesheet irregularity.

    "…cops pretended to work for his company as managers and challenged him on where he was on a certain day. Khan then got out his iPhone to prove where he was."


  2. Etaoin Shrdlu

    Never forget that the police are trained professional liars, meaning that not only are they allowed to use lies and other deception in the course of gathering evidence, they are trained in and encouraged to use such techniques as part of their job. Of course a citizen being questioned is not allowed to lie; that would be against the law. Even truthful answers may get you prosecuted for lying if someone else lies and the police prefer to believe them.

    Never believe them, never answer any question.

    1. Chris · in reply to Etaoin Shrdlu

      Unlike, presumably, a fine upstanding citizen like Mr Yew mentioned in the article? What crimes would you say permit this technique, or should it be none at all so that criminals like this cannot be convicted (and know it)?

      Assuming that you're in the UK, if anything bad ever happens to you requiring police assistance, you'll suddenly realize what a (mostly) hardworking force we have with relatively little corruption.

      If you were ripped off by a known criminal like this, would you accept the explanation "well, he won't let us into his iPhone, so we let him go"? No, of course you wouldn't.

      1. Etaoin Shrdlu · in reply to Chris

        @Chris – My advice is for the law-abiding citizen targeted by the police, in any jurisdiction. I am resident in the UK, and the worst "anything bad" that has happened to me here was to be falsely accused of a crime on the basis of mistaken identity on CCTV footage. The police burst into my home without knocking, accused me of being drunk (I do not drink) in order to set up a false narrative to support their actions, and took me away in handcuffs. What was I accused of? Shoplifting whiskey. Eventually the case was laughed out of court, literally, when the person on the CCTV footage turned out to be bald. I am not bald. Nevertheless, all the police involved said they were absolutely sure it was me and neither myself nor my lawyer were allowed to see the footage until my second court appearance. Not corrupt? They don't need to be.

        1. Chris · in reply to Etaoin Shrdlu

          So you were unlucky and got dragged through the mud by a few individuals or organisations that should have known better – I'm surprised your case got past the CPS, but there you go. Your name got cleared in the end. For every one cock up like your case, there are far more very bad individuals who get justly removed from where they could do more damage to society. But from your point of view the police will always be the bad guys. Personally, I've had bad experiences dealing with the thin blue line, and good ones. They are just (mostly, decent) people, trying to do an increasingly difficult job with fewer and fewer resources.

          1. Etaoin Shrdlu · in reply to Chris

            My name didn't get "cleared" in any way. The only record is that I was prosecuted unsuccessfully, and it cost me £500 (would have been more if my lawyer had not persuaded the Judge to look at the video at an early stage). I am still banned from shopping at Sainsburys.

            The police have too many powers and they routinely abuse them. My lawyer said, "People make mistakes and the police are people". When I make a mistake, I am the one who has to pay for it, and no one is put in a cage.

          2. A. Schmidt · in reply to Etaoin Shrdlu

            …and you never sued them for damages? Why?

          3. Visitor · in reply to A. Schmidt

            Court cases are never 100% certain, always stressful, and can be very expensive. If he sued, he might win a few £k. Or he might paint a target on his back and get some police coming after him. Don't blame him for preferring a quiet life.

          4. graphicequaliser · in reply to Chris

            The problem with the police is the law they mindlessly uphold. It seems to change depending on whether the perpetrator is powerful, rich or famous, OR if the perp is a commoner. Until they address that, they have no authority, since you cannot base authority on hypocrisy. That’s the UK police. And the US police. And … police everywhere. I mean, who’s policing the police? Police-appointed committees! Examples include bank businesses go bankrupt and taxpayers bail them out, instead of the directors going to prison for fraud. Pension funds go missing but the absconders do not get imprisoned. People like Kate Moss go to rehab for repeated cocaine abuse, but Joe Bloggs gets a prison sentence on repeated offence with the drug. You get my drift…

  3. sanba06c

    hey, can u tell me the reason why the Police did not disable autolock instead of swiping screen?

    1. Bob · in reply to sanba06c

      You need the PIN to access the menu to disable automatic locking.

      1. sanba06c · in reply to Bob

        Really? I'm using Iphone 6, IOS version 10.1.1. I could disable autolock without entering PIN.

        1. Bob · in reply to sanba06c

          I don't know why that is; unless you're disabling another option?

          The option for 'Require Passcode' (a.k.a. 'automatic locking') is in the 'Touch ID & Passcode' menu.

          To enter the 'Touch ID & Passcode' screen you need to enter your passcode.

  4. Fredrik Beckman

    This proves that the answer is not to ban encryption or enforce backdoors that opens a device to any hacker. The answer is good old-fashioned police work. Nothing new here because of tech. Earlier you had to prevent a suspect from burning documents in a safe, now you have to grab the phone while it's in use. It's all about field surveillance and timing.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.