Apple Working on Security Measures to Make iOS Devices 'It Can't Hack'

[doelcm82]

I knew it! I knew Apple would double down on their encryption/security after this.

Good for them!
You can't leave even the smallest weakness in an OS/program or else criminals and especially governments will try to find ways to exploit it or compel an individual/company to exploit their own products for them.

It's gratifying to look at this case (a power grab on the part of the FBI) as the reason why Apple is tightening its security even further. But I don't think it's the case. Apple has been improving its security all along.

I'm not saying that requests from law enforcement have nothing to do with it. Just that those requests have been coming all along, and Apple saw this moment coming years back. This is a long-term process that will probably never be completely done.

Security is hard, especially if you're also trying to increase functionality. Apple's Siri doesn't do everything you might like it to, because Apple is reluctant to mine your data to give Siri the power it needs. When you upgrade your iPhone, you'll likely have to re-enroll your Apple Pay credit cards. iPhone backups don't include backups of your credit cards. If you want to move your keychain and health data to your new iPhone, you need to make sure you back your old iPhone to iTunes, and make sure that backup is encrypted. Use the more convenient iCloud backups, and you'll lose the old data.

https://support.apple.com/en-us/HT204136

Not exactly "it just works". Until Apple figures out how to keep your data in iCloud as untouchable as they have on your iPhones, there's going to be a disconnect.
[doublepost=1456389875][/doublepost]

Problem is, Obama supports the FBI's case...
I kind of regret to have voted for him...

I don't regret it one bit. I vote on a number of issues, and Obama was the best choice on most of those issues, by far.

I'm not wishing we were currently under a McCain/Palin administration or a Romney/Ryan administration.

But I knew going in that I wasn't going to agree with Obama on everything. That's not a realistic criteria for choosing a President. I just believe strongly that I and the country are better off after seven years with Obama than we would have been with the alternatives we were given.

 

[diipii]

Wow, apple is hardcore. I like it.

F you government, we the people.

What planet do you live on ? I suspect some idealised comic strip with you as the hero and the government some black monster devouring virgins. What are you, 6 years old ? Governments are not perfect but the US has as good a government as is likely on this planet. Get real and realise your enemy is not your elected government but the loony tunes around the globe who are even more demented than you and your ilk. They will stop at nothing to get to you and your family and mine. Time to wake up and smell the rotten Apple who will manipulate and spin just because it can in a free society that needs your protection. But not like you believe.

 

[BvizioN]

This is not a fight about some master lock, this is a fight about 1 specific phone.

If you believe that, you believe just about anything.
[doublepost=1456400177][/doublepost]

Actually Apple is proving how clever they are. Maximizing the free publicity, they understand how gullible some people can be. Believing every word Apple speaks, the devotees are lapping this up. Make no mistake, the Apple Marketing Machine is very effective.

There are 2 ways of sniping this story.

Believe me I realize it. I find it semi hilarious, but my inner naiveté is still saying "Go Apple!"

Do you really expect them to trust FBI and say "Go FBI" instead? You must be having a laugh!!

 

[fortheus]

From conspiracy perspective, both Apple and FBI are laughing at us.

FBI pretend they can't hack iPhone and Apple get publicity for standing in privacy and build trust so more people using their device thinking it's safe.

Does no one remember Apple DID provide the data from iCloud?

Technically speaking, they can make it look like iCloud is disabled, but in backend it's quietly siphoning data

 

[Krandor]

If Apple does this, I wonder what the next move will be. The FBI and other law enforcement agencies will still want access to iPhone data so they will likely start to move to get a law passed requiring a backdoor with a court order. The good thing is in the past such attempts have not been very popular with the American people. Of course, nowdays with terrorism being the big rally cry, that will be the way to try to push it though. We'll have to see what happens.

 

[wikiverse]

Weasel words.

It's not weasel words. It's code. 'Could' = 'will'.

Already the FBI request to hack 'One terrorist's phone' expanded to '12 phones unrelated to the terrorist attack'.

Also, PRISM exists. If the government had their way, every computer/device would be running the US equivalent of RedStarOS.

 

[LovingTeddy]

The article talks about security "measures"

It doesn't specifically say "software"

Don't forget... Apple also designs the hardware.

Couldn't Apple could insert some code into the silicon that will permanently brick the phone if ANY tampering is detected?

Apple got sued for bricking people's phone when they replace touchid or screen and Apple backed off.

What would happen when Apple deliberately destroying people's phone if any tempering detected? You can argue about security all day long, but what if Apple abuse that power? Not allowing any repair done by third party repair store? How do you draw the line when to brick people's phone?

 

[2984839]

Then why not just use a long passcode?

They're inconvenient on a phone. A TouchID/PIN combo gives you nearly the convenience of either one alone but much better security.

 

[neuropsychguy]

Apple has made it into something else entirely than what the FBI had wanted - making it into a fight on the legal integrity of encryption. This is not a fight about some master lock, this is a fight about 1 specific phone, and whether or not Apple would help the FBI brute force a pin code.

It's never been about one phone. To believe otherwise is to completely ignore what the FBI is and does. If Apple gives in once they have no standing to resist future requests (which already have come).

 

[Robert.Walter]

It's never been about one phone. To believe otherwise is to completely ignore what the FBI is and does. If Apple gives in once they have no standing to resist future requests (which already have come).

Apple is entirely justified in its early expression of this issue having slippery slope concerns.

Because as we've seen, there is a hopper of requests, for cases big and small, teed-up from DA's across the USA for such services should Apple be forded to break encryption. After satisfying these, sure to follow will be similar demands from other nation-state criminals with security state apparatii, then the non-state criminals like hackers, etc.

We've now seen the slope and it is a scary never ending ever speeding up bobsled run.

 

[furi0usbee]

You go Tim!

 

[Vanilla35]

What planet do you live on ? I suspect some idealised comic strip with you as the hero and the government some black monster devouring virgins. What are you, 6 years old ? Governments are not perfect but the US has as good a government as is likely on this planet. Get real and realise your enemy is not your elected government but the loony tunes around the globe who are even more demented than you and your ilk. They will stop at nothing to get to you and your family and mine. Time to wake up and smell the rotten Apple who will manipulate and spin just because it can in a free society that needs your protection. But not like you believe.

You must not know much about what power does to people and organizations. I was going to have a much longer response to this, but it is not worth the effort, as I do not feel like you will see another's point of view. Either way, while not dismissing our government entirely, I would prefer to put power in the people, than in a concentrated organization that (specifically regarding secret organizations and bureaus) has repeatedly shown a disregard for individual rights, and in some cases, even holding ethical opposition.

 

[JohnGrey]

No emotional equivocation at all. In fact, that was the very first thing I tried to address.
What you spoke about is truly not a future that I would wish upon us. No-one in their right mind would want that.
But there is a very large disconnect between the case at hand here and the possible future you just described.

It is not unprecedented for a government to ask a bank to open the safe of a criminal, or to freeze their funds, or to subpoena emails for use as evidence in court. So why is the phone, a digital safe, so sacred?

This is one phone. A phone from a recently deceased terrorist yes, but one that presumably could have been used during the planning stages of the attack. Who knows where that leads? Would you not want the authorities to follow this lead, after getting a valid warrant from a judge?

I think the emotional backlash over this case has caused fear-mongering to grow, on both sides.

No, it's really quite simple, and I explained it in another thread. The reason that the qualification for violating digital security must be far more stringent comes from the nature of what can be taken and the manner in which it can happen. As others have pointed out, the Fourth Amendment guarantees (not grants, I should note, as it is a right and not a privilege) that an individual shall be secure in their person or effects unless agents of the state are granted a warrant issued from evidence given under oath and affirmation, i.e. given with evidence and sworn statement. I also grant that the jurisprudence of the Supreme Court has also established the exigent circumstances doctrine.

These points being established, we must take into account the nature of personal effects. By any reasonable estimation, a personal effect is a material object which you have produced yourself or of which you have taken possession have reaching agreeable compensation by the producer or previous owner. Then we have the notion of papers, which stands as an elaboration of personal effects. Why? Because it speaks to the heart of the two-part privacy criteria descending from the Fourth Amendment, namely that there must be, one, an expectation of privacy, and two, that privacy is reasonably possible. The reason that this is important is because one's papers, and especially one's communication, carries with it the obvious intention of privacy beyond those parties which are so-labelled in origination and destination. This is law, for instance, in both traditional postal mail and email.

What permits true privacy in one's papers, at least in traditional modes of jurisprudence, is the combination of three things: uniqueness, destructibility and inaccessibility. Those things which carry an expectation of privacy are those things which have the reasonable expectation of relative unqiueness (only a particular number of persons have copies and are known to the originator), inaccessibility (the article in question is not accessible via unaided apprehension and can be secured), and destructibility (if you so desire, you can, for reasons of ensuring privacy, destroy the papers in question). Digital effects are capable of all of these, but they are also capable of being subverted far more easily

The problem is that digital effects can, with efforts like those currently being undertaken by the FBI, violated in far more insidious ways than your traditional effects. With the tool they demand Apple produce, they can, and will if PRISM is any indication, access our digital effects with relative ease and we would never know about it. We would have no indication of their interest in us, knowledge of their possession of our person effects, or have reasonable opportunity to engage legal counsel and further protect our rights.

This is not fear-mongering, it is a real and reasonable reaction a government whose tenor and policies are becoming increasingly hostile, both to the citizenry to which it is beholden and from which it claims to receive authority and to the very law from which its very existence is derived. A state, so divorced from its accountability and so blatantly willing to circumvent, or outright ignore, its lawful restriction, is one that must be challenged and thwarted in every endeavour, and which must, as an entity and in every request, be considered guilty of malicious intent until it can prove otherwise.

 

[unplugme71]

So what if Apple DOES in fact have to create a new iOS version, BUT the developers either cannot write such code to do this or it won't load the new OS into the existing phone in question. Then what do the courts do?

I think Apple should've stuck with, we cannot write software that will help regain control of this phone because it will not work.

I also think the FBI has more information then they are telling us. They probably changed the passcode on purpose to force Apple to write this code.

 

[furi0usbee]

I'm not the "march on Washington D.C." type of guy. But this is one issue I would march for. If you knew the FBI could get at your personal information, no matter what, and no matter how "innocent" you think you are *today*, would you really have a right to privacy? And if the FBI could do it, every other government agency could, and that essentially means that everything you keep private is open to full disclosure pending any legal dispute, even if eventually the dispute proves without merit.

This is essentially bypassing the 5th amendment. Sure we are not self-incriminating ourselves by giving the FBI access to our phones, but they are running the end around and just going to Apple to do what amounts to the same.

I've already made changes to my security habits. I already use FileVault full encryption on my Mac, but have updated my password to a much stronger pass phrase. I still use one encrypted folder inside the OS for the most sensitive files. I no longer use my login password for my encrypted folder password. I also updated my iPhone 5 passcode to a stronger passcode.

So the FBI has succeeded in one thing so far, getting me to update my security. Thanks FBI! What sucks is that some banking sites actually only let you use a maximum of 12-16 characters for the password. Right now, I use 32 alphanumeric with special characters.
[doublepost=1456414355][/doublepost]

So what if Apple DOES in fact have to create a new iOS version, BUT the developers either cannot write such code to do this or it won't load the new OS into the existing phone in question. Then what do the courts do?

I think Apple should've stuck with, we cannot write software that will help regain control of this phone because it will not work.

I also think the FBI has more information then they are telling us. They probably changed the passcode on purpose to force Apple to write this code.

Or, what if it takes Apple two years to write the code to break the old iOS, meanwhile, iOS 10 won't let them do what the FBI wants them to do. Tim could say, OK court, we'll get right working on that.

Ever see The Twilight Zone episode "One For The Angels?" To summarize, Mr. Death comes for a neighborhood pitchman. Naturally, the guy doesn't want to die. So Death says there are a couple of special circumstances to postpone death, one being that if you haven't done something you really wanted to do in life-- something of a grand nature that would complete your life. The guy says he always wanted to do a big pitch, one for the angels. Mr. Death has a soft spot and gives him extra time for the big pitch. Death then asks him when he can expect this pitch to occur, and the guy says soon, maybe not this year or next, but soon. Boom!

Tim should start with that.

PS- However, in the end, Death gets his man sooner rather than later. Tim beware!

 

[wovel]

One other thing I see not discussed: the terrorists will soon adapt and will wipe and/or physically destroy their smartphones, and this issue will be largely moot.
I urge anyone who hasn't done so to sign the petition:
https://petitions.whitehouse.gov/petition/apple-privacy-petition . At the very least, this will force the Obama administration itself to publicly make the case for these FBI actions.

Even in this case the terrorists destroyed their smartphones. This is the phone they didn't destroy. It was his work phone owned by his employer. If the FBI ever gets in I am sure they will learn some interesting tidbits about San Bernadino County, but probably nothing else.

 

[Jess13]

The system of Domination and Control is grinding its teeth over Apple.

View attachment 618257



It was staged, just like Sandy Hook, the Boston bombing and most of the rest. The Truman show is live and running.

No it wasn’t.

 

[Jambalaya]

The US Govt, or more strictly the next POTUS, will pass a law requiring companies to give up the information and making it a condition of licencing devices that it be possible. End of argument. Apple is protecting terrorsts, peodophile's and other criminals. "Who do they think they are ?"

 

[dk001]

Weasel words.

That is the general verbiage used on both sides.
[doublepost=1456418866][/doublepost]

if everyone took a step back and look at the issue at hand in isolation here, without the noise of herd mentality, I dont think this issue is such a clear cut to Apple's side.

Apple has made it into something else entirely than what the FBI had wanted - making it into a fight on the legal integrity of encryption. This is not a fight about some master lock, this is a fight about 1 specific phone, and whether or not Apple would help the FBI brute force a pin code.

The fact is, this phone was a phone owned by a terrorist. If you are a terrorist I would hope that the law does not prevent the authorities to catch you, I would hope that a judge can sign a warrant, after human review, for the cops to break into your house, your safe and read your bank transactions in order to catch you. Why should that capability be limited to their phones? Why is their phone so sacred?

We are not talking about giving the government the key to break every encryption known to man here, therein lies the hyperbole. We are talking about 1 phone, a terrorist's phone. And we are talking about a mechanism to speed up the FBI's brute force method. That's the issue. Not about the legality of some magical master key.

Very short sighted. Significantly paradigmed.
Scenario....
"Your Honor, since my client was accused of aiding a "terrorist suspect" by evidence of data recovered from an encrypted iPhone, we request that the method of and code used to execute this "de-encryption" be turned over to our forensic experts to determine whether or not this "code" can actually accomplish this or if this is just something the FBI pulled out of the air!"
Totally legal. (for those legal types, excuse my word construction ) Think DNA, fingerprint, and other challenges. This will never remain secret.
Go back to the interview and listen to Tim's other "what if.." scenarios. All a possibility.
If you honestly think this is about one device ... well, you are entitled to your personal opinion.

 

[Jakexb]

There are different levels of "can't hack". Once you get into the area of things that will take hundreds of years to hack given current technology, I feel like that counts as "can't hack".

 

[dk001]

Two factor auth with fingerprint and passphrase is something I desperately want. Even a 4 digit PIN would be essentially impossible to brute force if it needs a fingerprint along with it. A passphrase would be even better.

edit: This also provides legal protection in the US, since you can be compelled to give up a fingerprint, but not a password. Combining the two would be awesome.

Need to be a bit careful here though. TouchID was placed on these devices to make the use of passcode/passphrase easier for the general user. Requiring both, though it enhances security, would negate that benefit.
Besides rolling out encryption I own for the iCloud backups, what else can be done that still allows ease of use?

 

[Designer Dale]

I think compliance with this order is a bigger deal that some people think. The Feds want Apple to write an iOS version that contains no "10 and Out" function and allows electronic input of passcodes. That isn't just something a crew of coders can whip out and drop on a flash drive. It has to be developed and tested for bugs before being deployed on the suspect phone. Right there the Government looses it's argument that this is something that would work only on the San Bernadino shooter's phone. It would have to be a generalized tool able to be deployed on any iPhone using whatever version of iOS is on that 5c.

That makes this a develop / test / debug / test / debug / test / deploy process with an unlimited number of test steps. There is only one target phone in question (based on the court order) so it would have to be right before they use it. Imagine the fallout if the Government ordered fix bricked the phone? Hasn't that already happened?

Since Apple is to be the sole propriator or this "patch", every byte of code would have to exist on one "black box" in Apple's possession. Not a server, a seperate removable, store in a vault, drive of some sort. Encrypted, of cource.

Any developer want to guess on the storage requirement of this project? Potential work hours?

It Apple looses this, their best option would be to release an iOS update to the general public on the day they service the FBI phone. This update would not self install and Apple would not have any ability to install it on a user's phone. Instead, we would recieve either text alerts or emails informing us that a new OS is available with an included link. Only users with passcodes could install it. Zero access from Apple.

I'm OK with the FBI pressing for info with a warrent. I just want them pressing me, not some device manufacturer.

Dale

 

[dk001]

Let the fur... (i mean news) fly..

If the FBI were really that smart, they wouldn't be asking Apple to create an entire OS....... u don't need an entire OS just to get into someone's encrypted phone......
...

Has the FBI asked the NSA if they could extract the data?
This question was asked of the FBI and no answer has been forthcoming nor listed in the current court documents.
Why haven't thy asked?
[doublepost=1456420279][/doublepost]

I generally support Apple in all this, but doesn't that work the other way as well? So much of the phone's functionality depends on access to a network and someone else's server somewhere in the internet. With enough resources I would imagine that it wouldn't be too difficult for an agency or well-funded private organization to piece together intelligence from your network activity. Marketers are in a way already doing this and so are security agencies. That capability will only get more sophisticated. End to end encryption, like iMessage uses, helps, but the phone is only one piece in a whole network of activity.

True and in this instance, the FBI has all that other information.
[doublepost=1456420344][/doublepost]

I think they finally, actually did "Double Down on Security"...
[doublepost=1456371911][/doublepost]iPhone 7... it's not the phone you need. It's the phone you deserve.

Quick! Copyright that and sell it back to Apple.
Actually, it's not bad.

 

[teknikal90]

For the umpteenth time, this isn't about one friggin' phone. What they've asked Apple to do goes far beyond simply asking them to give them data ... data which they don't have access to [because the data was never backed up to Apple's iCloud servers] or are capable of retrieving for the FBI thanks to the the FBI borking up that opportunity by activating the failsafes within the phone. You don't appear to have any idea what you're talking about because you don't seem to grasp the gravitas of the situation.

If this backdoor is created ... and falls into the wrong hands ... people's entire lives are in their phones ... this includes things ranging from credit card numbers, possibly social security numbers, and a plethora of other things that baddies with these backdoor tools could have access to ... and there are half a billion iPhones around the world. Can you even stop to think for just a moment how bad it would be if this backdoor could be accessed by the worst kinds of people who's only purpose in life is to destroy the lives of others?

Scope, people. Get some.

this 'backdoor' is just a method for law enforcement to be able to brute force the iphone passcode. not some magic hallway pass into the iphone's OS.

Read.

 

[Nunyabinez]

I know this thread has just about petered out, but I wanted to use an analogy to show how ridiculous the FBI's request is. And no, it won't be a car analogy.

Imagine that a pharmaceutical company had someone tamper with a product and someone else died. The FBI could come to the company and ask for records about where the lot was sold. As long a the FBI has a warrant, the company by law must comply and ethically, they should as well.

Now imagine that the FBI comes to that same company and points out that a side effect of one of their products is liver damage. They come with a court order to have them CREATE a version of the drug that would destroy someone's liver in a matter of hours. Should the company be required to develop a product that they morally oppose simply because the FBI came to them?

That is what is at stake here. The government is trying to conscript Apple to develop a product for them and Apple is morally opposed to the product and how it could be used. Think about your job. Would you want the FBI to be able to compel you to create something for them that would be used to do things you believe are wrong and dangerous?