Apple Working on Security Measures to Make iOS Devices 'It Can't Hack'

[2984839]

Need to be a bit careful here though. TouchID was placed on these devices to make the use of passcode/passphrase easier for the general user. Requiring both, though it enhances security, would negate that benefit.
Besides rolling out encryption I own for the iCloud backups, what else can be done that still allows ease of use?

It wouldn't be negated; it would only be very very slightly less convenient. It's a lot easier and faster to use TouchID followed by a 6 digit PIN than type in a long and complex passphrase.

Right now, your options are a short numeric PIN which is very poor against brute force; a fingerprint, which is worthless if you are compelled to provide it; or a long, complex alphanumeric passphrase which provides very good security, but is cumbersome and frustrating to type every time.

 

[CFreymarc]

Quote: "......implementing stronger security measures "even it can't hack" to protect iOS devices......"


Even that will be in vain if Apple is court-ordered to prevent it from implementing just such measures.
It is imperative we win this 'war' in the interest of preserving privacy of our Data, and non-erosion of our freedoms.

My take is that this can be dragged out for months and may even turn into an issue in the Presidental Election. History has shown that software development is a first amendment issue where there is freedom to abstain from writing a work as much as the freedom to write it.

 

[dk001]

The US Govt, or more strictly the next POTUS, will pass a law requiring companies to give up the information and making it a condition of licencing devices that it be possible. End of argument. Apple is protecting terrorsts, peodophile's and other criminals. "Who do they think they are ?"

Nope. The President cannot pass a law. He/she/it can sign a law passed by Congress.

Question of the day: what is the security implication of a conjoined twin being President?

 

[JohnGrey]

this 'backdoor' is just a method for law enforcement to be able to brute force the iphone passcode. not some magic hallway pass into the iphone's OS.

Read.

When all but a few people use a 4-digit passcode, it makes a great deal of difference. Let's assume that, with the custom OS, wait time between attempts is reduced to 10ms, which I find reasonable given the 80ms requirement for human interface. If we also assume that it takes 10ms for their brute force attack to increment the counter, cast it as a 4-digit padded string and transmit it (in reality it would take less than that), the longest scenario is under 4 minutes.

That's a trip to loo, waiting for your coffee to be poured, standing in a queue at a convenience store. Remember, part of the tool's requirement is the ability to have it broadcast over wifi or Bluetooth. When any direct interface time exceeds a worst-time cracking interval, it is functionally is a 'magic hallway pass'.

 

[dk001]

It wouldn't be negated; it would only be very very slightly less convenient. It's a lot easier and faster to use TouchID followed by a 6 digit PIN than type in a long and complex passphrase.

Right now, your options are a short numeric PIN which is very poor against brute force; a fingerprint, which is worthless if you are compelled to provide it; or a long, complex alphanumeric passphrase which provides very good security, but is cumbersome and frustrating to type every time.

Actually right now I use a complex passcode (AN) and TouchID. No pins here.
If I had to use TouchID and my passcode every time.... I would drop TouchID. Fingerprints are not super secure but as a convenience like this quite adequate.

 

[Wondercow]

Governments are not perfect but the US has as good a government as is likely on this planet.

I just don't know where to begin; I mean--wow. I guess this is just blind nationalism.

Get real and realise your enemy is not your elected government but the loony tunes around the globe who are even more demented than you and your ilk. They will stop at nothing to get to you and your family and mine.

That's exactly how many people, the world over, feel about the US government--and the revelations presented by Snowden prove just how correct that feeling is.

Time to wake up and smell the rotten Apple who will manipulate and spin just because it can in a free society that needs your protection. But not like you believe.

How is Apple manipulating and spinning when it was the FBI who insisted on making this public?

Edit to fix broken quote tag

 

[ChrisA]

There is no unhackable software. If it is programmed by human, it bond to have holes that is hackable.

The above is not true. There is such thing as a mathematical proof. Today the state is that we can prove some some algorithms do as they are required to do. We can't apply this to an entire operating system but Apple does not intend to make a secure OS, just a secure enclave using both hardware and software.

I am 100% confident that this could be done. I've seen it done inside some systems (that are not sold to the public) So no Apple can't guid a provably correct OS but they can build a truly perfect area in which to store a key

 

[Wondercow]

And no, it won't be a car analogy.

Bonus likes for this

 

[\-V-/]

this 'backdoor' is just a method for law enforcement to be able to brute force the iphone passcode. not some magic hallway pass into the iphone's OS.

Read.

It appears you're the one that needs to read.

 

[dk001]

It wouldn't be negated; it would only be very very slightly less convenient. It's a lot easier and faster to use TouchID followed by a 6 digit PIN than type in a long and complex passphrase.

Right now, your options are a short numeric PIN which is very poor against brute force; a fingerprint, which is worthless if you are compelled to provide it; or a long, complex alphanumeric passphrase which provides very good security, but is cumbersome and frustrating to type every time.

That's part of the challenge. Even with TouchID, most company sponsored devices will require 8+ character code. Security conscious individuals will use more than the default 6. Another solution is needed. It will be interesting to see where Apple goes in solving this.

 

[B4U]

It's gratifying to look at this case (a power grab on the part of the FBI) as the reason why Apple is tightening its security even further. But I don't think it's the case. Apple has been improving its security all along.

I'm not saying that requests from law enforcement have nothing to do with it. Just that those requests have been coming all along, and Apple saw this moment coming years back. This is a long-term process that will probably never be completely done.

Security is hard, especially if you're also trying to increase functionality. Apple's Siri doesn't do everything you might like it to, because Apple is reluctant to mine your data to give Siri the power it needs. When you upgrade your iPhone, you'll likely have to re-enroll your Apple Pay credit cards. iPhone backups don't include backups of your credit cards. If you want to move your keychain and health data to your new iPhone, you need to make sure you back your old iPhone to iTunes, and make sure that backup is encrypted. Use the more convenient iCloud backups, and you'll lose the old data.

https://support.apple.com/en-us/HT204136

Not exactly "it just works". Until Apple figures out how to keep your data in iCloud as untouchable as they have on your iPhones, there's going to be a disconnect.
[doublepost=1456389875][/doublepost]
I don't regret it one bit. I vote on a number of issues, and Obama was the best choice on most of those issues, by far.

I'm not wishing we were currently under a McCain/Palin administration or a Romney/Ryan administration.

But I knew going in that I wasn't going to agree with Obama on everything. That's not a realistic criteria for choosing a President. I just believe strongly that I and the country are better off after seven years with Obama than we would have been with the alternatives we were given.

My bad for not putting in longer post.
I kind of regret to vote for him on this stance, but I agree that he was a better candidate.
On the other hand, we are just picking a less rotten fruit...which is another sad part...

 

[MacBH928]

Just wondering if any one still cares about computer security as in OS X and Windows. Phones seem a late more secure now days

 

[Jambalaya]

Nope. The President cannot pass a law. He/she/it can sign a law passed by Congress.

Question of the day: what is the security implication of a conjoined twin being President?

Its going to happen

 

[unplugme71]

I'm not the "march on Washington D.C." type of guy. But this is one issue I would march for. If you knew the FBI could get at your personal information, no matter what, and no matter how "innocent" you think you are *today*, would you really have a right to privacy? And if the FBI could do it, every other government agency could, and that essentially means that everything you keep private is open to full disclosure pending any legal dispute, even if eventually the dispute proves without merit.

This is essentially bypassing the 5th amendment. Sure we are not self-incriminating ourselves by giving the FBI access to our phones, but they are running the end around and just going to Apple to do what amounts to the same.

I've already made changes to my security habits. I already use FileVault full encryption on my Mac, but have updated my password to a much stronger pass phrase. I still use one encrypted folder inside the OS for the most sensitive files. I no longer use my login password for my encrypted folder password. I also updated my iPhone 5 passcode to a stronger passcode.

So the FBI has succeeded in one thing so far, getting me to update my security. Thanks FBI! What sucks is that some banking sites actually only let you use a maximum of 12-16 characters for the password. Right now, I use 32 alphanumeric with special characters.
[doublepost=1456414355][/doublepost]

Or, what if it takes Apple two years to write the code to break the old iOS, meanwhile, iOS 10 won't let them do what the FBI wants them to do. Tim could say, OK court, we'll get right working on that.

Ever see The Twilight Zone episode "One For The Angels?" To summarize, Mr. Death comes for a neighborhood pitchman. Naturally, the guy doesn't want to die. So Death says there are a couple of special circumstances to postpone death, one being that if you haven't done something you really wanted to do in life-- something of a grand nature that would complete your life. The guy says he always wanted to do a big pitch, one for the angels. Mr. Death has a soft spot and gives him extra time for the big pitch. Death then asks him when he can expect this pitch to occur, and the guy says soon, maybe not this year or next, but soon. Boom!

Tim should start with that.

PS- However, in the end, Death gets his man sooner rather than later. Tim beware!

I would just refuse to comply to writing such a code. Apple doesn't have the key. The government changed the iCloud passcode. I would say, sorry, but you guys messed up.

 

[zioxide]

The US Govt, or more strictly the next POTUS, will pass a law requiring companies to give up the information and making it a condition of licencing devices that it be possible. End of argument. Apple is protecting terrorsts, peodophile's and other criminals. "Who do they think they are ?"

This is a ridiculous accusation full of fearmongering.

Apple isn't "protecting terrorists and pedophiles." They are protecting the data and privacy of their users.

If a few terrorists get their data protected too, then so be it. You don't get to put my data at risk to catch a few terrorists.

Besides, if there were a backdoor in iOS, terrorists would just use other devices or build their own secure messaging system using one of the 500+ open source encryption libraries freely available on the web.

The bottom line? You can't ban math.

 

[Tech198]

"Apple has already begun work on implementing stronger security measures "even it can't hack" to protect iOS devices."

u know that actually also implies Apple CAN currently hack a phone too now.

 

[Vanilla35]

u know that actually also implies Apple CAN currently hack a phone too now.

They can. It's not "hacking" though, they're just creating a new OS to meet FBI's requests (taking off password input limits, time between entering in codes, etc.).