Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Many iOS Encryption Measures 'Unused,' Say Cryptographers
- Thread starter MacRumors
- Start date
- Sort by reaction score
Sigh... “Person with zero experience making a phone offers idea on how to make phones slower, film at 11”
There's this thing called asymmetric encryption, it's been around for a very long time. New emails can be fetched and encrypted while the phone is locked. Notification events would likewise be fine too, as their associated blurbs could be stored in RAM (compressed, even), associated via GUID and stored with an encrypted cache so if power is lost, the next unlock would bring them right back up.
A lot more can be under "complete protection" than what is right now without UX changes.
Security researchers are bored now that actual scary remote hacks are few and far between. As always, I think ALL security articles should START with wether or not it requires physical access to do. But, then again, most people would stop reading at that point if they did
What happens on your iPhone stays on your iPhone unless if you use iCloud to backup your iPhone.
Well, not all users understand what encryption is and how it works. It shouldn't be a user option to be very protected or a bit less protected. A user should be allowed to make election only on stuff that are clear to understand and average user would understand the trade off and advantages of each option and you cant explain security and encryption in a simple pop-up window. You can choose to activate Siri, or share analytic data with Apple upon setting up your iPhone or using Face ID and these options makes sense because an average user understands what he is agreeing with. With encryption, probably only 1/10 people can make an informed decision. If you cant make an informed decision, then it is not an option, it is a trap!
Not even a non-average person. You must be a brillian hacker I would say. 1 in a million chance or less.
I stopped using iCloud.
Use calDAV for contacts and calendar.
Ditch iMessage. Use Signal instead.
MEGA.nz for cloud storage.
I run nextcloud for photo backups. Apple has made it very annoying to do. I constantly get pop ups that the app is accessing my location data. They do not respect your choice to always allow location data to an app - unless it is their own app.
Nextcloud relies on location movements to trigger checking if there are any new photos to backup. Ideally, Apple could provide an api for that, but they are trying to get everyone to pay for iCloud storage instead. I guess they think if they annoy users enough, then people will switch.
I‘m all for E2EE iCloud but I get why they didn‘t do it. Imagine the PR nightmare if your data was permanently lost due to e.g. forgetting your password or recovery codes. This is exactly what they talk about in their statement: security vs convenience.
Do you mean that the phone enters "Complete Protection" in those cases? Its likely already in "Protected Until First User Authentication" in the situations you mentioned, so I'm guessing you mis-typed.
Without having physical access it’s really hard to hack. It’s so inconvenient, that it’s far easer for hackers to just use social engineering (getting you to unlock your phone, visit a website, enter your credentials, etc.). So, while I believe the researcher, it’s like just finding the hack to walk from NY to LA. Sure, it’s possible, but anyone in NY that wants to get to LA would use any of a number of easier and more successful methods.
no, unfortunately that doesn't work anymore. you now have to hold the power and one volume button until the shutdown screen appears and then press cancel on screen - that's not something you can do quickly, casually or unnoticed.
So it's been all a lie.
That's worse than using a device that's known to not be secure.
There's zero reason to believe apple's narrative (aka lies) on privacy from here on out.
Just remember: The data on your iPhone and everything you've ever done with it can be accessed by skilled adversaries
That's worse than using a device that's known to not be secure.
There's zero reason to believe apple's narrative (aka lies) on privacy from here on out.
Just remember: The data on your iPhone and everything you've ever done with it can be accessed by skilled adversaries
IIRC, they did make them end-to-end encrypted and then ran into lots of people who said “I lost my phone / it broke / etc, and I can’t remember my password, so you have to get my data back” who were then furious at Apple that all their data was 100% permanently irretrievable, so Apple ended up toning down the backup security.
Really, it’s better if you just cast the phone into the middle of a large block of concrete, along with a glass vial of nitroglycerin.
Do you HAVE to press cancel on the screen, though? I think another tap of the power button acts as “cancel” as well.
iCloud data security overview – Apple Support (UK)
iCloud uses strong security methods, employs strict policies to protect your information and leads the industry in using privacy-preserving security technologies, such as end-to-end encryption for your data.
As I partially suspected: pure PR to tout to the masses as to feel “safe” about iPhone.
Here's the gist about (today's digital) security. Everything can be hacked/breached given enough time. The trick is convenience, providing a fair level for the user and unreasonable for the attacker. With a moderate to strong encryption algorithm and a very long password/key, even if it is a chain of words, will require a long time to decrypt. Long enough and it could require weeks to months to process. In which case, hackers will be deterred. It's because of this you see a lot more automated passwords having 50+ characters and being hexadecimal as well as the increased popularity of phishing attacks -- much more efficient to dupe a person than try all of the possible permutations of a key.
Unless the iPhone 12 is different my 11 shows the shutdown screen after 5 presses. You still have to hit cancel though.