Apple could make it even tougher to hack iPhones

SAN FRANCISCO -- Suppose the FBI wins its court battle and forces Apple to help unlock an iPhone used by one of the San Bernardino killers.

See Full Article

That could open all iPhones up to potential government scrutiny -- but it's not the end of the story.

Turns out there's a fair bit both individuals and Apple could do to FBI-proof their phones and shield private information from investigators and cybercriminals alike. Those measures include multiple passcodes and longer, more complex ones.

Of course, increased security typically comes at the expense of convenience. Most efforts to improve phone security would make the devices harder to use, perhaps by requiring you to remember more passwords.

Making it more difficult for law enforcement to crack open iPhones could also spur legal restrictions on phone security, something that neither Apple nor other technology companies want to see.

"They are walking a tightrope," says Mark Bartholomew, a law professor at the State University of New York at Buffalo who specializes in privacy and encryption issues. Requiring longer passcodes might annoy most Apple users, he says, while boosting phone security "sort of amplifies the whole argument that Apple is making things too difficult and frustrating law enforcement officials."

Apple had no comment on any future security measures. In a recent letter to customers, it noted that it has routinely built "progressively stronger protections" into its products because "cyberattacks have only become more frequent and more sophisticated."

In the current fight, the FBI aims to make Apple help it guess the passcode on the work phone used by Syed Farook before he and his wife killed 14 people at an office party in December. The FBI wants Apple to create special software to disable security features that, among other things, render the iPhone unreadable after 10 incorrect guesses.

Apple has resisted, maintaining that software that opens a single iPhone could be exploited to hack into millions of other devices. The government insists that its precautions would prevent that, though security experts are doubtful.

Should the FBI prevail, it would take computers less than a day to guess a six-digit passcode consisting solely of numbers, the default type of passcode in the latest version of the iPhone operating system. Even with security features disabled, each passcode guess takes 80 milliseconds to process, limiting the FBI to 12.5 guesses per second.

For security-conscious individuals, the simplest protective move would be to use a passcode consisting of letters and numbers. Doing so would vastly increase the amount of time required to guess even short passcodes. Apple estimates it would take more than five years to try all combinations of a six-character passcode with numbers and lowercase letters. Adding capital letters to the mix would extend that further.

Changing to an alphanumeric code is as simple as going into the phone settings and choosing "Touch ID & Passcode," then "Passcode options."

Another option is simply to pick a much longer numeric code. An 11-character code consisting of randomly selected numbers -- that means no references to birthdays or anniversaries that could be easily guessed -- could take as long as 253 years to unlock.

But longer, more complex codes are harder to remember, and that's probably why Apple hasn't yet required their use. It could, however, easily do so. In fact, iPhones moved to six-digit passcodes from four last September.

Apple may have other tricks up its sleeve. For instance, the company could add additional layers of authentication that would thwart the security-bypassing software the FBI wants it to make, says computer security expert Jonathan Zdziarski.

Apple phones rely on a feature known as the "secure enclave" to manage all passcode operations. The software demanded by the FBI would alter the secure enclave, Zdziarski says. But the software couldn't do so if the secure enclave required the user passcode to approve any such changes.

"This is probably the best way to lock down a device," Zdziarski says.

Apple could also require a second passcode whenever the phone boots up; without it, the phone wouldn't run any software, including the tool the FBI is requesting. "It would be like putting a steel door on the phone," Zdziarski says. Currently, iPhones automatically load the operating system before asking for a passcode.

For now, Apple CEO Tim Cook is focusing on winning the current battle with the FBI in a Southern California federal court while also trying to sway public opinion in the company's favour. The skirmish could go all the way to the U.S. Supreme Court.

In the meantime, Apple is probably already working on security improvements for the next version of the iPhone operating system that it will probably announce in June and release in September.



Advertisements

Latest Tech & Science News

  • How Canadians are constructing North America's biggest green buildings

    Tech & Science CBC News
    In January, tenants will move into a six-storey Vancouver apartment building designed to be so energy efficient, you can heat each bedroom with a 100-watt light bulb. Boasting a total of 85 studio, one- and two-bedroom units, The Heights at 388 Skeena St. Source
  • Bitcoin's move to mainstream carries new financial risks

    Tech & Science CBC News
    Investing often descends into a kind of immoderate zeal, but there are signs the digital currency craze has the potential to threaten the wider global economy if left unchecked. Just as we've seen with the current passion for bitcoin, part of that single-minded enthusiasm includes the fierce rejection of criticism. Source
  • LA subway construction unearths more fossils

    Tech & Science CTV News
    LOS ANGELES -- As part of the crew digging a subway extension under the streets of Los Angeles, Ashley Leger always keeps her safety gear close by. When her phone buzzes, she quickly dons a neon vest, hard hat and goggles before climbing deep down into a massive construction site beneath a boulevard east of downtown. Source
  • N.S. community hopes rocket launch site will revitalize economy

    Tech & Science CTV News
    CANSO, N.S. -- Residents of a sleepy fishing village on Nova Scotia's eastern coast are looking to the stars to breathe new life into their economy as a proposal to install Canada's only commercial spaceport inches closer to becoming a reality. Source
  • Scholarship for Muslim women honours pioneering scientist

    Tech & Science CTV News
    DETROIT -- When it came to pursuing a scientific career, Tasneem Essader encountered forces pulling her in and pushing her away: She drew inspiration from her mother's work in chemistry, but initial discouragement from her engineer father, who thought she should do something else. Source
  • Nobel laureate fears U.S. politics could undermine science

    Tech & Science CTV News
    STOCKHOLM - An American scientist who shared this year's Nobel Prize for medicine bluntly criticized political developments at home in his address at the awards' gala banquet, saying that U.S. scientists are facing funding cutbacks that will hurt research. Source
  • Right whales could face extinction after deadly year: officials

    Tech & Science CTV News
    PORTLAND, Maine -- Officials with the U.S. government say it's time to consider the possibility that endangered right whales could become extinct unless new steps are taken to protect them. North Atlantic right whales are among the rarest marine mammals in the world, and they have endured a deadly year. Source
  • Police dashcam catches meteor streaking through sky

    Tech & Science CTV News
    MAYS LANDING, N.J. — A New Jersey police sergeant inadvertently captured footage of a large meteor streaking across the sky. Hamilton Township police Sgt. Michael Virga tells NJ.com he was on patrol early Sunday when his vehicle dashcam captured footage of a fireball just after 3 a.m. Source
  • First black astronaut honoured on 50th anniversary of death

    Tech & Science CTV News
    CAPE CANAVERAL, Fla. — America’s first black astronaut, Air Force Maj. Robert Lawrence Jr., finally got full honours Friday on the 50th anniversary of his death. Several hundred people gathered at Kennedy Space Center to commemorate Lawrence, who almost certainly would have gone on to fly in space had he not died in a plane crash on Dec. Source
  • Geminids meteor shower set to peak this week

    Tech & Science CTV News
    Planet Earth is about to pass through one of the most spectacular meteor showers of the year this week -- but it’s one that will likely go unnoticed by most of us. The Geminids meteor shower is due to peak on Wednesday night, as our planet passes through the biggest swath of a trail of cosmic debris left over by a long-extinct comet. Source