Apple could make it even tougher to hack iPhones

SAN FRANCISCO -- Suppose the FBI wins its court battle and forces Apple to help unlock an iPhone used by one of the San Bernardino killers.

See Full Article

That could open all iPhones up to potential government scrutiny -- but it's not the end of the story.

Turns out there's a fair bit both individuals and Apple could do to FBI-proof their phones and shield private information from investigators and cybercriminals alike. Those measures include multiple passcodes and longer, more complex ones.

Of course, increased security typically comes at the expense of convenience. Most efforts to improve phone security would make the devices harder to use, perhaps by requiring you to remember more passwords.

Making it more difficult for law enforcement to crack open iPhones could also spur legal restrictions on phone security, something that neither Apple nor other technology companies want to see.

"They are walking a tightrope," says Mark Bartholomew, a law professor at the State University of New York at Buffalo who specializes in privacy and encryption issues. Requiring longer passcodes might annoy most Apple users, he says, while boosting phone security "sort of amplifies the whole argument that Apple is making things too difficult and frustrating law enforcement officials."

Apple had no comment on any future security measures. In a recent letter to customers, it noted that it has routinely built "progressively stronger protections" into its products because "cyberattacks have only become more frequent and more sophisticated."

In the current fight, the FBI aims to make Apple help it guess the passcode on the work phone used by Syed Farook before he and his wife killed 14 people at an office party in December. The FBI wants Apple to create special software to disable security features that, among other things, render the iPhone unreadable after 10 incorrect guesses.

Apple has resisted, maintaining that software that opens a single iPhone could be exploited to hack into millions of other devices. The government insists that its precautions would prevent that, though security experts are doubtful.

Should the FBI prevail, it would take computers less than a day to guess a six-digit passcode consisting solely of numbers, the default type of passcode in the latest version of the iPhone operating system. Even with security features disabled, each passcode guess takes 80 milliseconds to process, limiting the FBI to 12.5 guesses per second.

For security-conscious individuals, the simplest protective move would be to use a passcode consisting of letters and numbers. Doing so would vastly increase the amount of time required to guess even short passcodes. Apple estimates it would take more than five years to try all combinations of a six-character passcode with numbers and lowercase letters. Adding capital letters to the mix would extend that further.

Changing to an alphanumeric code is as simple as going into the phone settings and choosing "Touch ID & Passcode," then "Passcode options."

Another option is simply to pick a much longer numeric code. An 11-character code consisting of randomly selected numbers -- that means no references to birthdays or anniversaries that could be easily guessed -- could take as long as 253 years to unlock.

But longer, more complex codes are harder to remember, and that's probably why Apple hasn't yet required their use. It could, however, easily do so. In fact, iPhones moved to six-digit passcodes from four last September.

Apple may have other tricks up its sleeve. For instance, the company could add additional layers of authentication that would thwart the security-bypassing software the FBI wants it to make, says computer security expert Jonathan Zdziarski.

Apple phones rely on a feature known as the "secure enclave" to manage all passcode operations. The software demanded by the FBI would alter the secure enclave, Zdziarski says. But the software couldn't do so if the secure enclave required the user passcode to approve any such changes.

"This is probably the best way to lock down a device," Zdziarski says.

Apple could also require a second passcode whenever the phone boots up; without it, the phone wouldn't run any software, including the tool the FBI is requesting. "It would be like putting a steel door on the phone," Zdziarski says. Currently, iPhones automatically load the operating system before asking for a passcode.

For now, Apple CEO Tim Cook is focusing on winning the current battle with the FBI in a Southern California federal court while also trying to sway public opinion in the company's favour. The skirmish could go all the way to the U.S. Supreme Court.

In the meantime, Apple is probably already working on security improvements for the next version of the iPhone operating system that it will probably announce in June and release in September.



Advertisements

Latest Tech & Science News

  • Loosening offshore drilling rules is a risky proposal

    Tech & Science CBC News
    The Trump administration is proposing a bill to roll back restrictions on oil drilling in offshore waters along its coast, including the Arctic.This wipes out regulations that were put in place after the Deepwater Horizon disaster in the Gulf of Mexico. Source
  • Google parent turns on internet balloons in Puerto Rico

    Tech & Science CTV News
    MENLO PARK, Calif. -- Google's parent Alphabet Inc. said Friday that its stratospheric balloons are now delivering the internet to remote areas of Puerto Rico where cellphone towers were knocked out by Hurricane Maria. Two of the search giant's "Project Loon" balloons are already over the country enabling texts, emails and basic web access to AT&T customers with handsets that use its 4G LTE network. Source
  • When stars collide: How 4,000 scientists converged for an epic kilonova cram session

    Tech & Science CBC News
    more stories from this episodeGord Downie: Canada's friend, poet, advocate, rocker and neighbourhood goalieWhen stars collide: How 4,000 scientists converged for an epic kilonova cram session A remote First Nation is going to use drone delivery to cut the cost of groceriesCareful what you wish for: The perils of wooing AmazonSex, drugs and rock 'n roll: The life and times of Rolling Stone founder Jann WennerHRW Researcher: 'Afghan children recruited in Iran are fighting and dying in…
  • Feds: Right whales should remain on endangered list

    Tech & Science CTV News
    PORTLAND, Maine -- As the North Atlantic right whale nears the end of a year of dangerously high mortality, federal ocean regulators are calling for it to remain listed as endangered, according to a report released Friday. Source
  • Berry disappointed: Bear tries to eat fake fruit on Manitoba woman's door wreath

    Tech & Science CTV News
    STE. ANNE, Man. -- It would have been one berry disappointed bear. Kim Bouwman was sitting in her rural home Thursday in Ste. Anne, about 40 kilometres southeast of Winnipeg, when she caught something out of the corner of her eye. Source
  • Birds' beaks may evolve to better reach backyard feeders

    Tech & Science CTV News
    Britain's enthusiasm for backyard bird-feeding may have led some of the nation's feathered friends to evolve bigger beaks in just the past 40 years, researchers said Thursday. The report in the U.S. journal Science compared beak length among birds known as great tits in Britain and The Netherlands, where bird-feeders are less common. Source
  • Elon Musk's Boring Company gets tunnelling go-ahead in Maryland

    Tech & Science CTV News
    The governor of Maryland has announced his support for tunnelling by tech visionary Elon Musk’s The Boring Company, which could mark the first step toward an ultra-high speed Hyperloop system on the U.S. East Coast. Source
  • B.C. SPCA says noteworthy singing pig tips the scales in search of forever home

    Tech & Science CTV News
    VANCOUVER -- A pig with personality is searching for a forever farm after being seized during a cruelty investigation in British Columbia. The B.C. Society for Prevention of Cruelty to Animals says Lyle, a two-year-old black pig, was fearful and didn't want to be touched when he was taken into care in Metro Vancouver just over a year ago. Source
  • Nearly 200 report fireball streaking across Northeast sky

    Tech & Science CTV News
    SEA GIRT, N.J. - Nearly 200 people across the Northeast reported seeing a bright object streak across the sky. The American Meteor Society says the flash of light that was spotted on Wednesday afternoon in New Jersey, Pennsylvania, New York, Massachusetts, Connecticut, Rhode Island, New Hampshire, Maryland and Delaware was a very bright meteor. Source
  • Backyard chicken trend causes spike in infections, 1 fatal, CDC reports

    Tech & Science CBC News
    Luke Gabriele was a healthy 14-year-old football player in Pennsylvania when he began to feel soreness in his chest that grew increasingly painful. When his breathing became difficult, doctors detected a mass that appeared to be a tumour. Source