In a conference call with reporters last week, an Apple exec said it was reasonable to expect the company to continue strengthening the security policies of its products in light of the Apple/FBI battle.
In complementary reports today, The New York Times and Financial Times are detailing that Apple engineers are now actively developing new encryption methods for iCloud backups and iPhone hardware, so that Apple couldn’t even hack itself … if it was asked to again like in San Bernardino iPhone backdoor/unlock case.
Not only would this counter the orders by the FBI in the current court case for future iPhone owners, it would also close a security hole in iCloud backups that various law enforcement institutions have exploited thousands of times before …
Right now, although iCloud backups are encrypted, the keys for the encryption are also stored with Apple. This means that law enforcement can ask for this data to be provided from Apple’s servers. In the San Bernardino case, Apple gave FBI iCloud backups for the iPhone until October 19th. It could have used the same technique to get access to even more recent backups, but the local county police in cooperation with the FBI reset the Apple ID password, which meant the phone could no longer authenticate with the backup servers.
The Financial Times report explains that Apple is developing a new backup strategy, where the keys would be tied to the local user device in some way. Apple could not decrypt these backups by itself and hence could not comply with law enforcement requests, uncovering no private user data. It’s unclear what impact this will have on user convenience — according to the report, such measures may mean that users who forget their iCloud authentication password may be permanently locked out of their data as well. Apple refused to comment on rumors and speculation beyond its public statements on the Apple/FBI case.
Similarly, for hardware, NYT says Apple is re-evaluating its iOS security with the mindset that it needs to be even impervious to Apple itself. This tenet had not been fully considered in the current iPhone security model, as the FBI request compelling Apple to create special OS software was unprecedented. With this now a real possibility, whether it passes through court or not, Apple does not want to risk a similar set of circumstances from arising again.
Although this would likely require hardware changes, leaving the existing 800 million iOS devices exposed, future iPhones and iPads which include the new security measures, would be truly secure … to everyone. The San Bernardino furore would not be a furore because what the FBI would want would be technically impossible. In a TV interview, Tim Cook called the software the FBI is ordering Apple create ‘the equivalent of cancer’.
One potential hardware solution would be for system storage to be configured to wipe itself when new firmware was applied, without a valid passcode. This would mean that Apple could still flash the firmware to resolve user technical issues but it would require explicit user authentication in the form of their passcode. If a passcode was not present, the device could still be wiped afresh but so would all private user data.
Apple’s willingness to make devices in this manner may cause a new round of legal disputes; governments or even countries may want to ban ‘unencryptable’ devices from the start. In terms of the current legal battle, Apple has until Friday to post a formal court rebuttal. Tim Cook said he is willing to take the matter all the way to Supreme Court, if necessary.