Apple could make it even tougher to hack iPhones

SAN FRANCISCO -- Suppose the FBI wins its court battle and forces Apple to help unlock an iPhone used by one of the San Bernardino killers.

See Full Article

That could open all iPhones up to potential government scrutiny -- but it's not the end of the story.

Turns out there's a fair bit both individuals and Apple could do to FBI-proof their phones and shield private information from investigators and cybercriminals alike. Those measures include multiple passcodes and longer, more complex ones.

Of course, increased security typically comes at the expense of convenience. Most efforts to improve phone security would make the devices harder to use, perhaps by requiring you to remember more passwords.

Making it more difficult for law enforcement to crack open iPhones could also spur legal restrictions on phone security, something that neither Apple nor other technology companies want to see.

"They are walking a tightrope," says Mark Bartholomew, a law professor at the State University of New York at Buffalo who specializes in privacy and encryption issues. Requiring longer passcodes might annoy most Apple users, he says, while boosting phone security "sort of amplifies the whole argument that Apple is making things too difficult and frustrating law enforcement officials."

Apple had no comment on any future security measures. In a recent letter to customers, it noted that it has routinely built "progressively stronger protections" into its products because "cyberattacks have only become more frequent and more sophisticated."

In the current fight, the FBI aims to make Apple help it guess the passcode on the work phone used by Syed Farook before he and his wife killed 14 people at an office party in December. The FBI wants Apple to create special software to disable security features that, among other things, render the iPhone unreadable after 10 incorrect guesses.

Apple has resisted, maintaining that software that opens a single iPhone could be exploited to hack into millions of other devices. The government insists that its precautions would prevent that, though security experts are doubtful.

Should the FBI prevail, it would take computers less than a day to guess a six-digit passcode consisting solely of numbers, the default type of passcode in the latest version of the iPhone operating system. Even with security features disabled, each passcode guess takes 80 milliseconds to process, limiting the FBI to 12.5 guesses per second.

For security-conscious individuals, the simplest protective move would be to use a passcode consisting of letters and numbers. Doing so would vastly increase the amount of time required to guess even short passcodes. Apple estimates it would take more than five years to try all combinations of a six-character passcode with numbers and lowercase letters. Adding capital letters to the mix would extend that further.

Changing to an alphanumeric code is as simple as going into the phone settings and choosing "Touch ID & Passcode," then "Passcode options."

Another option is simply to pick a much longer numeric code. An 11-character code consisting of randomly selected numbers -- that means no references to birthdays or anniversaries that could be easily guessed -- could take as long as 253 years to unlock.

But longer, more complex codes are harder to remember, and that's probably why Apple hasn't yet required their use. It could, however, easily do so. In fact, iPhones moved to six-digit passcodes from four last September.

Apple may have other tricks up its sleeve. For instance, the company could add additional layers of authentication that would thwart the security-bypassing software the FBI wants it to make, says computer security expert Jonathan Zdziarski.

Apple phones rely on a feature known as the "secure enclave" to manage all passcode operations. The software demanded by the FBI would alter the secure enclave, Zdziarski says. But the software couldn't do so if the secure enclave required the user passcode to approve any such changes.

"This is probably the best way to lock down a device," Zdziarski says.

Apple could also require a second passcode whenever the phone boots up; without it, the phone wouldn't run any software, including the tool the FBI is requesting. "It would be like putting a steel door on the phone," Zdziarski says. Currently, iPhones automatically load the operating system before asking for a passcode.

For now, Apple CEO Tim Cook is focusing on winning the current battle with the FBI in a Southern California federal court while also trying to sway public opinion in the company's favour. The skirmish could go all the way to the U.S. Supreme Court.

In the meantime, Apple is probably already working on security improvements for the next version of the iPhone operating system that it will probably announce in June and release in September.


Latest Tech & Science News

  • From election campaigns to dishonest monkeys: Why we're hard-wired to lie

    Tech & Science CBC News
    In what will likely be remembered as the most surreal election campaign in modern American history, one word has been thrown around more than most — liar. Whether it's Donald Trump accusing Hillary Clinton of being a "world-class liar" or Clinton saying that Trump's political career is "founded on [an] outrageous lie", dishonesty has been a major talking point of the 2016 presidential contest. Source
  • Bye, Bao Bao! Later, Mei Lun and Mei Huan! Pandas leaving U.S.

    Tech & Science CTV News
    WASHINGTON -- The panda population in the United States is dropping by three. Atlanta's zoo announced Thursday that its 3-year-old giant panda twins will leave the zoo Nov. 3. And the National Zoo in Washington said it will be saying bye-bye to panda cub Bao Bao in 2017. Source
  • Apple: Many 'genuine' Apple products on Amazon are fake

    Tech & Science CTV News
    SAN FRANCISCO -- Apple says it has been buying Apple chargers and cables labeled as genuine on and has found nearly 90 per cent of them to be counterfeit. The revelation comes in a federal lawsuit filed by Apple against a New Jersey company on Monday over what Apple says are counterfeit products that were sold on Amazon. Source
  • The science of lying: Why dishonesty has been a major part of the 2016 election

    Tech & Science CBC News
    In what will likely be remembered as the most surreal election campaign in modern American history, one word has been thrown around more than most — liar. Whether it's Donald Trump accusing Hillary Clinton of being a "world-class liar" or Clinton saying that Trump's political career is "founded on [an] outrageous lie", dishonesty has been a major talking point of the 2016 presidential contest. Source
  • Nintendo Switches things up

    Tech & Science Toronto Sun
    Talk about a wait and Switch. After many months of silence about their upcoming new video game console, Nintendo has taken the wraps off the Nintendo Switch, a games machine designed for use both at home and on the road. Source
  • 'Invulnerability illusion' leaves younger people exposed to web frauds

    Tech & Science CBC News
    If you're a younger person who thinks older people are more likely to get scammed online than you are, your dodgy prince awaits. A recent Better Business Bureau study found 69 per cent of online scam victims are under 45 — and millennials are more likely to get conned than baby boomers. Source
  • New collaboration features to be unveiled for Microsoft Office

    Tech & Science CTV News
    Microsoft is to hold a press event focused on the Office suite in New York on November 2, which will follow a briefing on the latest developments for Windows 10 a week earlier. Microsoft CEO Satya Nadella, along with Office corporate vice president Kirk Koenigsbauer, is set to announce new features for the Office suite and its online services. Source
  • Stephen Hawking opens British artificial intelligence research hub

    Tech & Science CTV News
    Professor Stephen Hawking on Wednesday opened a new artificial intelligence research centre at Britain's Cambridge University. The Leverhulme Centre for the Future of Intelligence (CFI) will delve into AI applications ranging from increasingly "smart" smartphones to robot surgeons and "Terminator" style military droids. Source
  • Amazon streaming TV devices won't be so Amazon-focused

    Tech & Science CTV News
    NEW YORK -- Amazon's own video store will no longer have the starring role on the company's Fire TV streaming devices. Software updates coming this year will give movies and TV shows from Netflix, HBO and other competitors equal prominence on the devices' home screen. Source
  • Nintendo NX: What to expect from the big reveal

    Tech & Science CTV News
    An Oct. 20 announcement from Nintendo brings with it the opportunity to confirm, deny, and add further material to the rumors that have surrounded the March 2017 console since its announcement. Its form and nature should be made known, and a relatively low price would help fans old and new plan around end-of-year spending. Source