Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Is Said To Be Working On an iPhone Even It Can't Hack (nytimes.com)

Posted by timothy on from the google-should-be-scrambling-to-follow dept.

An anonymous reader writes with this story at the New York Times: Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts. If Apple succeeds in upgrading its security — and experts say it almost surely will — the company would create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year's San Bernardino, Calif., rampage. The F.B.I. would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple.

8 of 405 comments (clear)

  1. Re:Torn by Nethemas+the+Great · · Score: 4, Informative

    In case I wasn't clear with my above post. This is the physical version of what I'm talking about.

    --
    Two of my imaginary friends reproduced once ... with negative results.
  2. Re:Is this treason? by skids · · Score: 4, Informative

    People can talk secretly. Over large distances. The sooner the government comes to grip with this simple fact, the better.

    --
    Someone had to do it.
  3. Re:Android? by VValdo · · Score: 4, Informative

    I think it depends on the OEM. There are factors such as whether the device storage is encrypted by default, whether the bootloader is locked by default, what kind of security hardware is available on the SoC and whether it is used, whether exploits are patched, whether there is a continuing roll out for discovered exploits, whether updates are automatically installed w/o authentication, whether the baseband contains known exploits and attack vectors (cough), etc.

    So there's no one answer because there's no one Android device and many phone OEMs (and the manufacturers of the underlying hardware platform) may be implementing security to different degrees. Though many of these considerations do have google guidelines and policies in place, some of which may be enforceable via google compatibility tests, there is a wide spectrum of what you can expect from Android generally speaking I think.

    You might look to Google's policies and recommendations, and more importantly their Nexus devices themselves as models for what they consider best practices to be. Then there is blackphone and other distros that have security as their primary focus, so they may be good to consider as well.

    --
    -------------------
    This is my SIG. There are many like it, but this one is mine.
  4. Re:Why does Apple get props for doing the obvious? by timholman · · Score: 4, Informative

    Why does apple get headlines for doing what they should have done in the first place? Anything else is a broken, insecure device. If the vendor has a backdoor, it's not secure, whether they allow the government to access it or not.

    Apple's encryption is still very secure. It hasn't been broken, and even Apple won't be able to break it for the FBI. What the FBI wants Apple to do is hack the unlock code for them.

    The only "vulnerability" is this case is that Apple potentially has the ability to push new firmware onto this model of iPhone (the 5c) using its own signed certificate, even if the phone is locked. The FBI wants this new firmware to do two things: (1) bypass the "10 wrong tries on the unlock code and the iPhone erases itself" routine and (2) reduce the time interval between unlock code entries. Once this is done, the FBI will brute force input combinations until the iPhone unlocks.

    The only problem is that Apple hasn't written this firmware. Even if the firmware existed, you'd need Apple's own certificate to push it onto the iPhone. So the iPhone is still quite secure, relatively speaking, provided the courts don't compel Apple to develop a forensics tool for the FBI at Apple's expense.

    Of course, Apple doesn't want this situation to ever, ever happen again. You can bet the iPhone 7 will plug this potential vulnerability by making it impossible for anyone to push firmware onto a locked iPhone, even with Apple's own certificate. At that point, the FBI will no doubt petition Congress to legislate that Apple (and Google, Samsung, LG, etc.) provide a means for altering the firmware of any smartphone sold in the U.S., on court order. And that's when this fight will really get interesting.

  5. Re: Torn by jxander · · Score: 4, Informative

    iPhones are only secure within themselves. If I send you a text, that's open and easily interceptable.

    Military needs secure comms, not secure storage.

    (Well okay, they need both... But the storage is cheap and easily handled)

    --
    This signature is false.
  6. Re:Torn by Dcnjoe60 · · Score: 4, Informative

    Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.

    Don't forget though, Ben Franklin is someone who never had his liberty or his safety threatened. It's an easy platitude when you've got both.

    One would think that his involvement with the US Declaration of Independence, the revolution, etc., would certainly be evidence that he felt his safety and liberty were threatened.

  7. Re:Torn by Khyber · · Score: 4, Informative

    "Ben Franklin is someone who never had his liberty or his safety threatened"

    Say fucking what? February 15, 1739: Franklin’s home was robbed by William Lloyd. November 24, 1737: Franklin and others organized a volunteer militia – the Associators – for the defense of Pennsylvania. December 23, 1750: Franklin was severely shocked, while electrocuting a turkey. June, 1752: Franklin, who has not yet heard of the French success of his 'sentry-box' experiment, experiments with flying a kite in a thunderstorm, and also proves that lightning is electrical in nature. September 16-17, 1765: Franklin’s house threatened by Stamp Act protestors. Deborah refused to flee, and the mob was dissuaded by 8oo Franklin supporters ready to combat them.

    Franklin has had his liberty and safety at risk more times than you can possibly imagine. these are just the documented and notable ones.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  8. Re:Android? by shawn2772 · · Score: 4, Informative

    What I haven't heard yet is where Android lands on the security spectrum. Are they already as or more secure than what the rumors are now saying Apple is trying to achieve? Are they as or more secure than where Apple is right now? Are they as or more secure than where Windows is right now?

    Android devices with L or M are roughly as secure as the pre-Secure Enclave Apple devices (like the 5C). That is, the security software is all in flashable components which are signed, and if the holder of the signing keys can be coerced into signing a custom image, it's possible to bypass all of the anti brute-force protections. Brute force is still necessary, then, but it's trivial for four-digit PINs and may be feasible even for better passwords (or patterns).

    That's in general. Some OEMs have gone a bit further, such as Samsung's KNOX. I don't know the details and can't comment on whether or not they actually improved the security above the baseline required/defined. by Google.

    I'm the Google Android engineer responsible for lots of these bits.