Apple Used the DMCA to Take Down a Tweet Containing an iPhone Encryption Key
Apple asked Twitter to take down a viral tweet posted by an independent iPhone security researcher. Then, the company backtracked and asked for the tweet to be re-posted.
Dec 11 2019, 8:28pm
Image: Sean Gallup/Getty Images
Security researchers are accusing Apple of abusing the Digital Millennium Copyright Act (DMCA) to take down a viral tweet and several Reddit posts that discuss techniques and tools to hack iPhones.
On Sunday, a security researcher who focuses on iOS and goes by the name Siguza posted a tweet containing what appears to be an encryption key that could be used to reverse engineer the Secure Enclave Processor, the part of the iPhone that handles data encryption and stores other sensitive data.
Two days later, a law firm that has worked for Apple in the past sent a DMCA Takedown Notice to Twitter, asking for the tweet to be removed. The company complied, and the tweet became unavailable until today, when it reappeared. In a tweet, Siguza said that the DMCA claim was “retracted.”
Apple confirmed that it sent the original DMCA takedown request. The company said that it retracted the request but Twitter had already complied with it and had taken the tweet down. Apple then asked Twitter to put the tweet back online.
At the same time, Reddit received several DMCA takedown requests for posts on r/jailbreak, a popular subreddit where iPhone security researchers and hackers discuss techniques to jailbreak Apple devices, according to the subreddit’s moderators.
“Admins have not reached out to us in regards to these removals. We have no idea who is submitting these copyright claims,” one moderator wrote.
Twitter and Reddit did not immediately respond to emails asking for comment. Motherboard was not able to verify who sent the DMCA takedown requests to Reddit.
iPhone security researchers and jailbreakers see these actions as Apple trying to clamp down on the jailbreaking community. Some in the community have questioned whether an encryption key, or posts linking to jailbreaking tools, are subject to copyright at all.
In September, an independent iPhone security researcher that goes by the name axi0mX released Checkm8, a hacking tool that allows anyone to remove restrictions and jailbreak iOS devices as recent as the 2017 iPhone X. Weeks later, other researchers released checkra1n, a full-fledged jailbreak for devices running iOS 13, the latest version of Apple’s mobile operating software. For now, both Checkm8 and Checkra1n don’t work on recent iOS devices, such as the iPhones released this year and last year. These developments came after years of there being no publicly available iPhone jailbreak for up-to-date phones.
“They just completely lost control of the battle (Jailbreaking) on iPhone X and older,” Pwn20wnd, an iPhone security researcher who said his posts on Reddit were taken down, told Motherboard in an online chat. “So they are trying to pick up a legal fight and waste our time, thus money / resources.”
Do you work or used to work at Apple? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
In the last few months Apple has flexed its legal muscles against iOS security researchers. In August, the company sued Corellium, a startup that offers a product that virtualizes iPhones. Security researchers criticized the lawsuit as an attempt by Apple to control the market of iPhone vulnerabilities, and restrict hackers’ ability to find them.
This post was updated with more information on Apple's request to Twitter.
Subscribe to our new cybersecurity podcast, CYBER.