As a result of the ongoing legal battle with the FBI, Apple has plans to develop new security measures for the iPhone. The major security flaw in this case is that Apple has the ability to update the firmware on iPhones even when they are locked. Due to this weakness, Apple is facing a court order to install custom software on a phone belonging to one of the San Bernardino shooters, in order to make it easier for the FBI to break into the phone.
While this weakness is known to exist in the specific iPhone model in this case, it was thought that the secure enclave introduced in newer iPhones would deal with this particular issue. Experts, including Apple employees, insist that Apple could still force an update on a locked phone with a secure enclave, although the exact technical solution to do it would be different from the one used on older phones. Therefore, Apple must find a way to address this weakness in future versions of the iPhone.
Apple has been questioned as to why they would even make it possible to change the firmware while the phone is locked. Apple claims it was meant as a troubleshooting system to make it easier to repair damaged or malfunctioning phones. It was not intended as a deliberate security weakness. The problem is that Apple had not seriously considered the possibility of being forced by the government to attack the security of its own customers. Weaknesses which might otherwise be obvious escaped Apple’s notice because the company did not consider itself to be a security threat.
This dispute between the FBI and Apple has caused the company to think of security in a new light. Apple is aiming to make iPhone’ so secure they couldn’t break into it if they wanted to, or help the FBI break in for that matter. Apple is also getting outside help on this matter. Security experts who have studied the iPhone’s security have sent in suggestions on how to fix this vulnerability. Security researcher Jonathan Zdziarski stated, “There are probably 50 different ideas we have all sent to Apple.”
However, it’s not just iPhone security Apple is working on. The company is also planning make its iCloud backups so secure that only the user can access them. Apple is planning to redesign the system so that Apple itself will no longer have access to the keys to decrypt the data stored on the iCloud. This may inconvenience some users, since they will permanently lose access to their iCloud storage if they forget the password. Any sort of password reset process will be impossible under the new system. In the past, as well as the current case that has lead to the dispute between Apple and the FBI, Apple has been willing to comply with FBI requests for iCloud data. However, these new changes would make it impossible for them to comply with future requests, even if backed by a court order.
Apple has also hired Frederic Jacobs to work on Core OS security team. Jacobs was previously a lead developer of the encrypted messaging app Signal. The app is favored by Edward Snowden and the Electronic Frontier Foundation due to its robust security features. It is believed that Jacob’s experience developing the app will make him a valuable asset to the company as it attempts to improve the security on all its products.
Do you think Apple will develop products so secure even they can’t break in? Leave your comments below.