Apple developing iPhone and iCloud encryption that counters FBI-requested workaround, reports say
A pair of reports on Friday cite unnamed sources as saying Apple is in the process of designing next-generation encryption technology that would nullify government-requested decryption methods at the heart of a court case against involving the FBI.
It is unclear what, exactly, is being developed to thwart future incursions, but The New York Times reports Apple is working to negate a workaround requested by the FBI in its investigation of an iPhone used by San Bernardino shooter Syed Rizwan Farook. Law enforcement officials are asking Apple to design and install a custom operating system on Farook’s iPhone 5c designed to bypass iOS’ passcode counter, leaving the device open to a brute-force attack.
A separate report from the Financial Times claims the company is also looking to shore up its cloud service security, a task potentially more complex than devising viable on-device encryption. According to sources, Apple plans to restrict access to iCloud passkeys in much the same manner as the on-device encryption method introduced with iOS 8.
In the case of Farook’s iPhone, for example, Apple suggested law enforcement agents attempt an automated iCloud backup by connecting the device to a known Wi-Fi network. Unfortunately, the FBI changed the Apple ID password Farook used to sync up the device, but if it hadn’t — and Farook left automated iCloud backups enabled — Apple could have downloaded the resulting backup file from its servers. Apple’s planned security upgrade addresses such vulnerabilities.
Without an iCloud account’s encryption key, the company is technically unable to access backup data, meaning it is also incapable of handing over said data to authorities. Implementing such unforgiving security runs the risk of creating zombie iCloud accounts, however, as customers who forget their passcode likely can’t ask Apple for a reset.
For Apple, a company embroiled in a high-stakes fight it claims has implications far beyond iPhone, the extra assurance might be worth the frustration.
When Apple CEO Tim Cook spoke with ABC News anchor David Muir on Wednesday, he likened the FBI’s requested workaround to the “software equivalent of cancer.” What Cook didn’t mention is that Apple is developing a cure for that cancer, one that would effectively knock the FBI back to square one even if the agency manages to compel a workaround for Farook’s phone.
That Apple is working on a contingency plan for its upcoming legal battle is unsurprising — iOS has for years been touted as incredibly secure. Apple’s focus on data privacy is commensurate with iPhone’s proliferation, a smartphone now in the hands of hundreds of millions of customers worldwide. End-to-end encryption was introduced with iOS 8, while the latest Apple gadgets feature biometric Touch ID protection and built-in secure data enclaves.
“Our job is to protect our customers, and our customers have incredibly detailed information on their phones. There’s probably more information about you on your phone than there is in your house,” Cook said in Friday’s ABC interview, noting many people keep contact information, health records, private communications and more on their smartphones. “So it’s not just about privacy, but it’s also about public safety.”