[UPDATE] Apple is Said to be Making iPhones Harder to Crack (& Tim Cook's Interview)

[RedRound2]

Quote

Apple engineers are working on new security measures that would prevent an iPhone from being hacked using the methods at the heart of the company's fight with the US government, The New York Times reported Wednesday. It wasn't immediately apparent when such new measures would be made available to consumers.

 

The development appears to be a salvo in the war of words between the FBI and Apple, which has declined to modify its iOS software so the government can crack open an iPhone 5C tied to the December massacre in San Bernardino, California, which left 14 dead and 22 injured.

Apple tightening security is a good thing but I honestly feel that this going out of hand. Apple's approach would probably make other countries impose strict law regarding this given that the recent poll suggested that the public is supporting FBI here rather than Apple

 

Here's Tim Cook's interview regarding recent events

 

 

Source: http://www.nytimes.com/2016/02/25/technology/apple-is-said-to-be-working-on-an-iphone-even-it-cant-hack.html

 

UPDATE: More Details

 

Quote

Apple engineers are now actively developing new encryption methods for iCloud backups and iPhone hardware, so that Apple couldn’t even hack itself … if it was asked to again like in San Bernardino iPhone backdoor/unlock case. 

 

Right now, although iCloud backups are encrypted, the keys for the encryption are also stored with Apple. This means that law enforcement can ask for this data to be provided from Apple’s servers. In the San Bernardino case, Apple gave FBI iCloud backups for the iPhone until October 19th.

 

The Financial Times report explains that Apple is developing a new backup strategy, where the keys would be tied to the local user device in some way. Apple could not decrypt these backups by itself and hence could not comply with law enforcement requests, uncovering no private user data. It’s unclear what impact this will have on user convenience — according to the report, such measures may mean that users who forget their iCloud authentication password may be permanently locked out of their data as well. 

 

Similarly, for hardware, NYT says Apple is re-evaluating its iOS security with the mindset that it needs to be even impervious to Apple itself. This tenet had not been fully considered in the current iPhone security model, as the FBI request compelling Apple to create special OS software was unprecedented. With this now a real possibility, whether it passes through court or not, Apple does not want to risk a similar set of circumstances from arising again.

 

Apple’s willingness to make devices in this manner may cause a new round of legal disputes; governments or even countries may want to ban ‘unencryptable’ devices from the start. In terms of the current legal battle, Apple has until Friday to post a formal court rebuttal. Tim Cook said he is willing to take the matter all the way to Supreme Court, if necessary.

Seems Apple is pretty determined about the whole privacy issue and a much more secure software and hardware will Apple's answer to the government

 

Source: http://9to5mac.com/2016/02/25/apple-working-on-stronger-icloud-backup-encryption-and-iphone-security-to-counter-fbi-unlock-requests/

[branden_lucero]

if only Steve was still here. 

[TrigrH]

3 minutes ago, branden_lucero said:

if only Steve was still here. 

he died from PC

[2FA]

I thought the newer iPhones were already considerably more secure.

[SImoHayha]

Hopefully a way to turn off the fingerprint scanner lel.

 

Not sure about you but a fingerprint scanner is the worst security by itself anyway. Maybe if you had to also do a PIN along with that it would work better.

 

But...all someone needs to do is force your finger to press the button then your phone is unlocked. That or chop off all your fingers lel.

[KraftDinner]

Apple devices use AES 256 bit encryption, one of the hardest to crack, even by a supercomputer 

 

17 hours ago, DeadEyePsycho said:

I thought the newer iPhones were already considerably more secure.

Yeah they use AES 256-bit encryption which is tough to break

[2FA]

5 minutes ago, KraftDinner said:

Yeah they use AES 256-bit encryption which is tough to break

I know they use AES-256, even the 5C uses it. I meant like the 6 and 6S which have a third part needed to unlock the phone while the 5C only has the pin and that other number thingy. I can't think of the right terms at the moment and I was too lazy to look it up.

[BradH]

its sad it has to come to this but everyone knows if the fbi gets a backdoor every us agency will use it and theres not just ONE case the fbi is asking for theres 14 phones they are requesting help with that have nothing to do with terrorism

[Thony]

Good, crackers will be challenged to improve

[ShadowCaptain]

4 hours ago, Ramamataz said:

..all someone needs to do is force your finger to press the button then your phone is unlocked. That or chop off all your fingers lel.

All somebody needs you to do is tell you a 4 digit number, not exactly MORE secure

Also a severed finger would NOT unlock the iphone - for a start there is a capacitive ring around the sensor which needs to detect the electrical charge in your skin, and it reads the subdermal layer of skin, not the outer layer

Also fingerprint + pin would be pointless since the whole idea of touch ID is to be faster

[LukeTim]

4 hours ago, KraftDinner said:

Apple devices use AES 256 bit encryption, one of the hardest to crack, even by a supercomputer 

 

As I understand it, there is not enough energy in the entire known universe to brute force AES 256. The only way it could be beat is by finding some sort of flaw.

[Trixanity]

From a security perspective, fingerprints should only be used for identification, not authentication. Right now it kinda serves as both user name and password when it should only be used as user name. You can't change your fingerprints, so it's bad if the fingerprint data was ever compromised. 

 

I know that it's there for convenience and I agree that it's much more convenient to scan your finger for a number of milliseconds and be done with it but it's ultimately a bad idea. At least as far as I know. 

[BuckGup]

7 hours ago, Ramamataz said:

Hopefully a way to turn off the fingerprint scanner lel.

 

Not sure about you but a fingerprint scanner is the worst security by itself anyway. Maybe if you had to also do a PIN along with that it would work better.

 

But...all someone needs to do is force your finger to press the button then your phone is unlocked. That or chop off all your fingers lel.

Why is it the worst? It is a lot better then a pin code. Look at the government they us it all the time.

[SSL]

13 hours ago, RedRound2 said:

Apple tightening security is a good thing but I honestly feel that this going out of hand. Apple's approach would probably make other countries impose strict law regarding this given that the recent poll suggested that the public is supporting FBI here rather than Apple

 

Not going out of hand at all. Far from imposing "stricter laws" it is very likely that other countries have developed their own exploits of this backdoor in iOS.

 

I want to see a citation for that poll; if true, that is very concerning and suggests that the media isn't properly framing this issue - which would make sense since the dichotomy seems to have been presented as "National Security vs Privacy" rather than "Security vs Surveillance". If the former captures the public consciousness, we lose.

[handymanshandle]

Again with all the technology the FBI has and all the funding the FBI gets, why can't the FBI hack that iPhone.

[SSL]

1 minute ago, wcreek said:

Again with all the technology the FBI has and all the funding the FBI gets, why can't the FBI hack that iPhone.

 

They could, given enough funding, time, and manpower, but the key here is that they need to set a precedent of compelling tech companies to comply with government requests for backdoor access to encrypted devices and services.

[handymanshandle]

10 minutes ago, SSL said:

 

They could, given enough funding, time, and manpower, but the key here is that they need to set a precedent of compelling tech companies to comply with government requests for backdoor access to encrypted devices and services.

Of course... If more tech companies follow in the footsteps of Apple the slippery slope of backdoors can be prevented.

I'd imagine that if there was that backdoor it could be abused by criminals and the government.

 

Though this is definitely a matter of security vs surveillance. 

[SSL]

1 minute ago, wcreek said:

Of course... If more tech companies follow in the footsteps of Apple the slippery slope of backdoors can be prevented.

I'd imagine that if there was that backdoor it could be abused by criminals and the government.

 

The backdoor already exists and possibly has already been exploited. The issue here is that the FBI wants Apple to develop custom software to exploit this backdoor - and, implicitly, to avoid fixing the backdoor.

[iamdarkyoshi]

This is seriously getting out of hand. Holy shit. I wonder how long it is until the FBI tries to ban iphones or hires a whole bunch of people to try to hack them as a way of saying "Fuck you, apple"

[iamdarkyoshi]

Just now, valdyrgramr said:

The FBI already hacks every type of device.  So does the CIA and NSA.

With the "increased security" though, they might need a larger team of hackers

[Senor Potato]

This really makes me want to buy an apple product  just because they are like "screw you us government"

[ChineseChef]

15 hours ago, TrigrH said:

he died from PC

Very subtle, very dark.  I like it.

[Stuff_]

This was always going to happen. Tim Cook is annoyed now. This is good for consumers.

[SurvivorNVL]

Well, this may lead to me buying an iPhone as my next phone.  Hell, maybe even an iPad Pro.  Complete overkill for Fallout Shelter, but oh well!

[RedRound2]

9 hours ago, SSL said:

 

Not going out of hand at all. Far from imposing "stricter laws" it is very likely that other countries have developed their own exploits of this backdoor in iOS.

 

I want to see a citation for that poll; if true, that is very concerning and suggests that the media isn't properly framing this issue - which would make sense since the dichotomy seems to have been presented as "National Security vs Privacy" rather than "Security vs Surveillance". If the former captures the public consciousness, we lose.

I'm pretty sure Cameron will be the first to propose the banning of iPhone if Apple actually proceeds with it's plan while fighting the government and soon other countries will follow. I can honestly see this go in two completely different ways in the end

 

http://www.people-press.org/2016/02/22/more-support-for-justice-department-than-for-apple-in-dispute-over-unlocking-iphone/