The Future of iPhone Security

The current faceoff between Apple and the FBI has placed the topic of Apple's security into the public eye. Apple has placed an emphasis on security and privacy in their products for some time now, but this is likely to be the most attention the topic has ever received.

Of course there's a question of whether or not Apple will be forced to help the FBI bypass current security features of the iPhone, but looking forward there's also a question of how iOS security will continue to advance.

What the FBI is requesting

For those unfamiliar or unclear about the current case, let's do a quick recap of what the FBI is requesting of Apple. The work-issued phone used by one of the shooters in the San Bernadino attack was recovered by the FBI.

The device (an iPhone 5c) is locked with a passcode, and may have the security feature enabled which erases the device's encryption keys after 10 failed passcode attempts. The FBI has requested that Apple create a special version of iOS that removes 3 security features.

The FBI has requested that Apple create a special version of iOS that removes 3 security features.

  1. The OS will bypass or disable the mechanisms to erase data after 10 failed attempts.
  2. The OS will allow for electronic passcode attempts (as opposed to manual entries performed physically on the device's screen). The phrasing of the FBI's request could also be read to mean that Apple will be responsible for providing the means to electronically submit passcode attempts.
  3. The OS will not introduce delays between failed passcode attempts.

In other words, the FBI would like to be able to brute force the device's passcode in a timely manner without the risk of losing the data that is on the device.

Why Apple can comply with the FBI's request

At the core of what the FBI is requesting is the ability to update the software of the iPhone without the user's passcode, and without losing data on the device. Currently, iOS can be updated on a locked device without ever entering the passcode.

This means that Apple could create an iOS update which removes or disables security features, sign it using keys that only they possess, and load it onto the locked device. Once the update were installed, the FBI (or any other party in possession of the device) could attempt to brute force the device's passcode without risk of being slowed down by backoff delays or losing data.

How Apple can change this

If the current legal battle ends with Apple being legally required to comply with the FBI's request, there is no technical limitation that would prevent Apple from complying on this device. However, a future version of iOS could remove their ability to do this.

A future update could (and in my personal opinion, probably will) require the device passcode to be entered prior to loading a recovery image (read: OS update). If the passcode cannot be entered, the user would have the ability to load the recovery image anyway, but the device would wipe its current encryption keys first, rendering existing data on the device practically irretrievable.

iCloud backups

Apple's current case with the FBI focuses entirely on the security of a physical device. However, many people utilize Apple's iCloud service for storage and backups. While data on iCloud servers is encrypted, this encryption is done with keys that Apple possesses, rather than keys possessed only by each user.

Apple would need to change iCloud to have it encrypt a user's data using a key that only they possess.

This means that Apple can comply with any legal requests for a user's iCloud data. For people who use iCloud for backups, this means that just about all of the information stored on your devices is retrievable by Apple. Even with backups disabled, a large amount of information may still be stored on iCloud including photos, documents, contacts, calendars, bookmarks, mail and app-specific data.

To change this, Apple would need to change iCloud to have it encrypt a user's data using a key that only they possess, rather than one that Apple controls. It is now rumored that Apple intends to make this very change at some point in the future.

While such a change would be a clear improvement for user security and privacy, it remains unclear how this may impact a user's ability to retrieve their data should they ever forget their password (or whatever other user-controlled piece of information may be used to encrypt their data).

The fight for the future

It's impossible to know what changes Apple may implement to further increase the security of their devices down the road, but it's a safe bet they'll be doing something. Each year, in addition to number other features and enhancements, we see Apple continue to make improvement to security, and put increasing amounts of user data out of their reach. In fact, it seems likely that the changes to iCloud encryption were on their product roadmap well before this legal case caught the public's attention.

Everything Apple has done for security up to this point has been in full compliance with applicable laws.

Security researcher Jonathan Zdziarski published a list of requested iOS security improvements, which doubles as an interesting list of weaknesses in Apple's current security model.

It's also important to be mindful that everything Apple has done for security up to this point has been in full compliance with applicable laws. Apple's current fight with the FBI isn't an act of civil disobedience or defiance of the law, but rather Apple challenging that the FBI's request is unlawful.

If applicable laws change, it's very possible that Apple's actions will change accordingly. While Apple is not currently required to implement backdoors to facilitate investigations by law enforcement, such laws do exist for telecommunications companies, and similar laws could be passed in the future that apply to smartphone manufacturers.

The bottom line

While we will have to wait to see the outcome of Apple's current battle with the FBI, the world of mobile security will likely never be the same. For years law enforcement has made legal requests for user information and data. And for years Apple has complied with legal requests, while distancing themselves from that user data.

With Apple continuing down this path, the next major version of iOS and next iPhone update may contain the most public and controversial security enhancements yet.

Nick Arnott
  • What if the user has updates disabled? Can Apple still upgrade the IOS without passcode?
  • Currently iOS prompts the user for their passcode when installing an over-the-air update. However, a phone put into recovery mode can be updated via iTunes without entering a passcode. The ability to install an update without a passcode is mostly a concern for people who are no longer in possession of their device.
  • oh the drama!
  • #StandWithApple iMore, Microsoft, Google, Twitter, Yahoo, WhatsApp, RepTedLieu, and others on this important issue of security. Add your name to the petition >>>
  • I support the first security enhancement you mentioned, but not the iCloud security enhancement. There is something about the physicality of our phones that creates the desire for absolutely protection. Whatever data we physically have on our phones, they have almost become extensions of our minds, and we should be able to absolutely protect them. I don't see this the same way with cloud data. Companies that own cloud data, as long as they have the private encryption keys, should be able to comply with warrants for that data. I don't think Apple should take an additional step of making iCloud backups completely inaccessible. Savvy users will create their own encryption regime to protect their cloud data if they are really serious about protecting that data, but for everyday users that Apple caters to, the benefits of super-encryption outweigh the costs of losing all that data if you forget your password.
  • If any service is compelled to hand over cloud data, why should Apple be any different ? don't they all (in part) encrypt our data in some way as well ? Dropbox, Microsoft Onedrive as well.. and Apple should be no different at turning over cloud data, weather this FBI vs Apple came to light or not... if u put extra security prompts in for the user, then Apple will be the fallback when uses forget the password, and if u force a 8 or more number/password, then expect more calls to Apple, then u need to do something with recovery.. Maybe just like Apple does with iforgot... send email asking usre to confirm with verification, or trusted device.. What i am saying is Apple is only coming to light with "clamping down" with extra security *only* in lue of this FBI thing...
  • They actually didn't have a problem with handing over an icloud copy of the data if I'm not mistaken. They are refusing to grant them physical access to what's physically stored on the device which contains much more information than an icloud back up of certain items
  • Tech198, I'm not worried about tech savvy users, but there are tons of iOS users out there who don't go on iMore and Reddit who have iCloud email addresses, who don't have 2FA, who don't use secondary email accounts, who just might simply forget their password. Don't forget that your iPhone's security passcode/passphrase is different from your iCloud password, which frankly isn't typed in all that frequently.
  • if Apple did dictate the pass-code attempts, then it wouldn't be YOUR phone anymore. On the other hand it would give em quick updates to change this anytime to increase (or decrease) security at will and would not need iOS update to do this. To me, it seems the only way to future prrof a device with over the top security AND everyone can use it without calling up Apple every 5 minutes is bio-metic.... Everyone upgrades their handsets to use Touch ID,, then Apple can increase the security as much as they'd like till the cows come home.... You'd only get the possible issue when turning on the phone, or forcing a password on users, but they can be fixed. I'm not worried about the tech savy user either, but anyone knows u make things more complex than normal, and the average joe will forgot the password..... How many people don't use password managers or use simple passwords online ? Probably quite a majority.... Apple has to do things for everyone, not just for the tech savy user who would use the maximum possible password available for security... All i'm saying is, is Apple is forced to up the password and make it not changeable to decrease security, then Apple just needs to know with just an increase in secure, they better be ready to feel the burden when uses need access to their phones and cannot remember the password. Everything comes as a cost.
  • It is iteresting that most comments relate to the texhnical fesabilities whereas, taking the possibility to reveal the data as positive, this is a purely ethical issue.
    Apple is justifiably concerned about creating a precedent - today murder, tomorrow tax evasion etc.
    While most of us would agree that certain extreme siruations justify acceeding to the FBI demand, there atr two prerequisites:
    1. The legislature together with relevant technological concerns must come out with a law clearly stipulating those instanceas in which compliance is necessary.
    2. Some sort of tribunal (a panel of judges) must be established to adjudicate specific issues.
    Complete negative response is unacceptable. If', for example, access to the data would prevent the explosion of an atom bomb in New York, I assume tgat revelation of data would be acceptable.
  • interesting discussion .. so, u'r telling me a phone is *more secure* than our own home with much more valuable stuff in, yet if the law come to the door, we must abide. ? Its crazy to think a small personal device we use everyday that no one should have access, but where we store much more valuable stuff (10x over) and ore expensive, (eg car in garage, jewelry etc , money etc totally thousands of dollars) but a phone that is only work a measly $800 "It's mine, and u cannot touch it." It un-heard of... I abide by what Apple is doing, but it seems too one sided.
  • Interesting to me as a non iPhone person. I live in another country.
    The USA company APPLE may be asked to comply with the request as reported.
    The law of the USA must apply there in these cases, but what about the millions of iPhones in use outside of the USA?
    Your laws cannot apply to 'my phone' I believe here. nor your FBI force me to reveal info on 'my personal iPhone' .
    I support Apple in their fight for privacy but if they cannot win, then I shall not buy a mobile phone of any kind. Yes I am retired at home and have a wired landline. Lucky me. My house is locked but the police or ambulance people would need to break in and I support their methods.
  • Fear mongering at its best. Apple does all things in the name of security. It's all BS. It's all a marketing ploy. And bottom line, it serves to help the terrorists. Period. My national security as well as all national security should be priority. Not the fear of having your private data forced from you.