Skip to main content

Apple working on stronger iCloud backup encryption and iPhone security to counter FBI unlock requests

iPhone passcode

In a conference call with reporters last week, an Apple exec said it was reasonable to expect the company to continue strengthening the security policies of its products in light of the Apple/FBI battle.

In complementary reports today, The New York Times and Financial Times are detailing that Apple engineers are now actively developing new encryption methods for iCloud backups and iPhone hardware, so that Apple couldn’t even hack itself … if it was asked to again like in San Bernardino iPhone backdoor/unlock case.

Not only would this counter the orders by the FBI in the current court case for future iPhone owners, it would also close a security hole in iCloud backups that various law enforcement institutions have exploited thousands of times before …

Right now, although iCloud backups are encrypted, the keys for the encryption are also stored with Apple. This means that law enforcement can ask for this data to be provided from Apple’s servers. In the San Bernardino case, Apple gave FBI iCloud backups for the iPhone until October 19th. It could have used the same technique to get access to even more recent backups, but the local county police in cooperation with the FBI reset the Apple ID password, which meant the phone could no longer authenticate with the backup servers.

The Financial Times report explains that Apple is developing a new backup strategy, where the keys would be tied to the local user device in some way. Apple could not decrypt these backups by itself and hence could not comply with law enforcement requests, uncovering no private user data. It’s unclear what impact this will have on user convenience — according to the report, such measures may mean that users who forget their iCloud authentication password may be permanently locked out of their data as well. Apple refused to comment on rumors and speculation beyond its public statements on the Apple/FBI case.

Similarly, for hardware, NYT says Apple is re-evaluating its iOS security with the mindset that it needs to be even impervious to Apple itself. This tenet had not been fully considered in the current iPhone security model, as the FBI request compelling Apple to create special OS software was unprecedented. With this now a real possibility, whether it passes through court or not, Apple does not want to risk a similar set of circumstances from arising again.

Although this would likely require hardware changes, leaving the existing 800 million iOS devices exposed, future iPhones and iPads which include the new security measures, would be truly secure … to everyone. The San Bernardino furore would not be a furore because what the FBI would want would be technically impossible. In a TV interview, Tim Cook called the software the FBI is ordering Apple create ‘the equivalent of cancer’.

One potential hardware solution would be for system storage to be configured to wipe itself when new firmware was applied, without a valid passcode. This would mean that Apple could still flash the firmware to resolve user technical issues but it would require explicit user authentication in the form of their passcode. If a passcode was not present, the device could still be wiped afresh but so would all private user data.

Apple’s willingness to make devices in this manner may cause a new round of legal disputes; governments or even countries may want to ban devices that cannot be decrypted. In terms of the current legal battle, Apple has until Friday to post a formal court rebuttal. Tim Cook said he is willing to take the matter all the way to Supreme Court, if necessary.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. PhilBoogie - 8 years ago

    Truly love what Apple is doing here. And the timing is Simply Brilliant™.

  2. 89p13 - 8 years ago

    And I can hear all the Government shills calling out “What if it were your child / wife / mother who was abducted and being held for a ransom” or “Only terrorists will buy iPhones and iPads now.”

    Good for Apple – And PhilBoogie has it so right!

  3. 89p13 - 8 years ago

    Benjamin – In the last paragraph, “ban ‘unencryptable’ devices” didn’t you mean undecryptable?

  4. Fred Simpson - 8 years ago

    LOL. Marketing PR by Apple that tracks its smartphone users location while accessing your contacts and everything else to know about you then resells your info to third parties. Data mining thats where the big bucks are. Back to standing up for privacy rights available 24/7 on all channels. I see a Geraldo special in the offspring here

  5. alanaudio - 8 years ago

    This shows how inept the FBI’s handling of the San Bernardino case has been. If they had not chosen to make it into a public confrontation with the intention of trying to create a precedent, Apple would not be putting so much effort into rapidly hardening the security of it’s products.

    If this had truly been about simply extracting data from that company iPhone, they could have arranged to have done so with Apple’s co-operation at the outset, but the FBI have made that impossible by tampering with the evidence without understanding what they were doing – or alternatively they deliberately changed the ID passcode with the full knowledge of what they were doing so that they could force Apple to do something that goes against Apple’s stated principles.

    The result of all this is that there will inevitably be a rapid transition from devices with encryption that is difficult to defeat, towards devices with encryption that is impossible to defeat. In addition there is going to be a great deal of interest in encryption solutions from outside of the US, where there can be more certainty that the encryption hasn’t been crippled by FBI interference.

    It’s also worth noting that other smartphone manufacturers have been surprisingly reluctant to support Apple in any meaningful way. If they knew that their operating systems had no FBI back door you would think that they would be extremely vocal about wanting to ensure that no smartphones are required to have these back doors because they would be next. On the other hand, if they have already conspired to create such a back door within their OS, they wouldn’t like Apple getting away with not having one. I note that we are not reading stories about the FBI having a large backlog of Android or Windows smartphones that can’t be unlocked.

  6. giuseppe1111 - 8 years ago

    “Creating a rescue firmware to prevent ONLY auto reset, no interface needed, no iOS integration (iOS could be even disabled by that firmware), firmware installable only by request of doj AND using the usual AppleSignature procedure OR in an apple corporate lab” is a violation of your constitutional rights?
    Don’t be silly.

    At the very end, Apple is NOT taking care of you or your data but only of its corporate profitability. Desn’t want to create a compliance division for justice matters.

    A great move btw to mobilize all those people and columnists on the web to protect a mere “money” problem.

    • Ron Cardi (@ROYG_B) - 8 years ago

      “At the very end, Apple is NOT taking care of you or your data but only of its corporate profitability”

      Giuseppe111, that is exactly my concern.

      Are we 100% sure that Apple doesn’t have any conflicts of interests? I’m a bit wary of putting my total trust in any company who’s #1 priority is maximizing profits. Having to create a backdoor would affect their marketing strategies, would require a lot of time, money, and talent; might affect existing and currently in development iOS features, etc etc. And that’s not even considering the nightmare of possibly dealing with hundreds if not thousands of requests from the U.S alone. If Apple creates a backdoor for the US, there’s no doubt other countries would request the same. That would require more time, money, and talent that I’m sure they would prefer not to waste resources on. But while all that might be legitimate concerns from a business and financial perspective, it’s not a priority for the general public and their safety.

      TLDR: Are there truly no safe solutions that Apple, Google, etc. can take their time to develop over the next couple of years? There’s not much transparency so it’s hard to say.

      • This is precisely accurate. People are trying to paint the FBI/government as some evil entity, but the reality of the matter is the government is elected into power to represent the people, whereas a corporation like Apple will always have it’s own financial interests as priority.

        For Apple to create software that could get the data they’d need to set up a huge operation/team of people dedicated to extracting data for law enforcement everywhere and this would cost Apple more money. This isn’t something they’d want to do.

        Honestly, I’m on the fence on this whole issue, I can understand both the government’s and Apple’s point of view.

      • Jake Becker - 8 years ago

        Please show concrete sources and proof that the #1 priority of Apple is profit.

      • sewollef - 8 years ago

        @A Wolf at the Door: “People are trying to paint the FBI/government as some evil entity, but the reality of the matter is the government is elected into power to represent the people”.

        Partly true. The FBI was elected by no-one. Their operatives – both undercover and out in the open – are elected by no-one. The dumbasses that reset the Apple ID on the phone in question were elected by no-one.

        One thing you should remember, whatever you think about Apple’s motives, only 2 weeks ago a 15-year-old schoolboy hacked the FBI’s personnel servers and effectively stole the personal details of all FBI agents – including undercover agents. A 15-year-old.

        Are you seriously taking the FBI’s side in this issue, with all we know about their utter incompetence at protecting even their own private details?

    • You sir don’t know the first thing about this issue and the two rubes that have responded to you are equally clueless. It’s unfair to expect the general public to know the ins and outs of the technical aspects of this case, but at the same time it’s scary to see so many people buying into the “just the tip” sweet whisperings of the FBI.

      You show a complete disregard for history and for even the slightest idea of how this slippery slope will play out in the future. Putting your head in the sand or covering your ears while yelling ‘nya nya nya” isn’t going to help anyone.

      • Ron Cardi (@ROYG_B) - 8 years ago

        Bruno, you say we’re clueless and don’t fully understand what’s going on and yet you don’t share any information whatsoever. I brought up a concern about potential conflicts of interest and Wolf at the Door says “I’m on the fence, I can understand both the government’s and Apple’s point of view” and you come in here with that BS of what’s not helping anyone. Your attitude is not helping anyone.

    • Dan (@sometimesilie) - 8 years ago

      If the government could truthfully say (call it what you want, mistakes, intentional overstepping), “we have not once abused our power, overstepped boundaries, or illegally acquired or used data,” they might have a stronger case.

      Code has already been ruled “speech.” The government could not torture (well, they’re not supposed to) or force you into saying/writing something you are strongly opposed to and forcing you to sign it.

      They may be worrying about corporate profitability, and good for them. I purposely switched to an iPhone because of their standard encryption which is so hard to accomplish on the two previous Samsung Galaxy phones I’ve owned.

      I would much rather fight terrorists than my own government.

      • tabitha206 - 7 years ago

        >or force you into saying/writing something you are strongly opposed to and forcing you to sign it.

        Ever heard of a tax return?

        The government humors you with rights until the really don’t want you to have them, and the Supreme Court backs them up.

        Ever heard of “a compelling government interest”? It’s what they say when they uphold laws that clearly and openly violate your enumerated rights.

        The bottom line is more or less that you have no rights. At least none that you can count on.

  7. “…the FBI reset the Apple ID password, which meant the phone could no longer authenticate with the backup servers.” FBI = F*#^ing Bunch of Idiots.

  8. Im pretty sure doubling down against the government and rubbing it into their face is a pretty stupid idea. How about channeling your efforts into some sort of quiet resolution to save all faces. What a bone head move by management.

    • This could have happened but our FBI choose to make this public I think folks are not seeing the big picture. Most likely this would have been a hush deal had they dealt with Apple offline not taking it to media outlets and making information public so now the company has to stick up for exactly what it says privacy. Second everyone of us USA folks on here talking all this stuff about just do it do this and that let them have the crap unlock it and what not are the same folks that were like oh yes please we agree with the patriot act then years later once folks found out the act was being abused which this backdoor deal will be too! everyone was all up in arms. Oh the government is listening to our cell phone calls and spying on what I do online and what not.. Oh Eric Snowden you are god for bringing down the NSA and sharing details with every country on what we have been doing. This is what happens when folks do not understand what is going on and just say yes because someone says terrorist had this phone. 3 years from now we will have another insider hacking their own job and supplying back door info to everyone and again everyone will be engaged and rallying, congress and senate will use it for their advantage to re-election and what not, just remember it all started with this case just like the madness after sept 11th ushered in the Patriot Act and everyone being for it and what the NSA and other branches were doing. IJS…

  9. cameroncovington - 8 years ago

    Absolutely brilliant! The government can’t ask you for something you don’t have access to–or any way to break into.

  10. gjconstructs - 8 years ago

    President not allowed to use an iPhone because it is not secure enough. http://swampland.time.com/2013/12/05/obama-forbidden-iphone-for-security-reasons/

    • JBDragon - 8 years ago

      That may have been the case, but BlackBerry isn’t secure. It’s been noted in the past of them handing out backdoor keys, and yes they have keys, to other country’s to be able to read Data! Your link was form 2013. Wasn’t that iOS7 still. Once iOS 8 got released, Apple no longer has the Encryption keys for people’s phones.

      What OBAMA says why he’s sticking with a Blackberry is really just a false sense of security. Security hype that’s not really true. If the iPhone was so insecure, what’s the FBI problem? They should have been able to crack it open long ago, right? Or send it to the CIA or NSA or whoever and have it cracked?

      Who cares what some old late 2013 Article says. Doesn’t make it a fact.

  11. John Smith - 8 years ago

    Interesting.

    This sounds like a public statement that Apple intends to carry out an action specifically to obstruct law enforcement, even when they have a court order.

    Previously we had developments which were good security – they kept out cops but they were also to keep out hackers.

    If this is openly stated to be intended only to obstruct the FBI and other law enforcement agencies when they are investigating felonies – then surely this now going past irresponsible and heading towards a crime ?

    • 89p13 - 8 years ago

      You really have a bizarre way of looking ta the world! I’m sure you have your reasons – but I sure can’t see what they would be outside of just trolling.

      But, you are, under the Constitution and Bill of Rights, guaranteed “Free Speech” so troll away. Just be aware – you are really showing your ignorance of what Apple is trying to prevent and the Pandora’s Box that the FBI is trying to open.

      I’m sure you’ll falame back – and that’s within your rights – but it doesn’t hide your ignorance!

  12. charismatron - 8 years ago

    In a land where terrorists can access guns amazingly easily, the US government thinks to do something about phones, and not guns. Only in America.

  13. alfredprunesquallor - 8 years ago

    This is probably not going to resolve anything. If the FBI and DOJ are consistent, they will simply outlaw the manufacture and sale of an undecryptable iPhone.

    • Dan (@sometimesilie) - 8 years ago

      This currently isn’t within the powers allowed by the Constitution. Remember, the federal government ONLY has the power allowed by the Constitution. All other powers are reserved to the states. The states need to step up and take back the power that has been stripped away.

      I’d think a smart state – apparently not California – would create laws that specifically would protect encryption and un-decryptable (?) devices, and then invite Apple to move there. Outside of that, how long would it take Apple to move their “headquarters” to a new country should the US take this too far?

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.