Apple could make it even tougher to hack iPhones

SAN FRANCISCO -- Suppose the FBI wins its court battle and forces Apple to help unlock an iPhone used by one of the San Bernardino killers.

See Full Article

That could open all iPhones up to potential government scrutiny -- but it's not the end of the story.

Turns out there's a fair bit both individuals and Apple could do to FBI-proof their phones and shield private information from investigators and cybercriminals alike. Those measures include multiple passcodes and longer, more complex ones.

Of course, increased security typically comes at the expense of convenience. Most efforts to improve phone security would make the devices harder to use, perhaps by requiring you to remember more passwords.

Making it more difficult for law enforcement to crack open iPhones could also spur legal restrictions on phone security, something that neither Apple nor other technology companies want to see.

"They are walking a tightrope," says Mark Bartholomew, a law professor at the State University of New York at Buffalo who specializes in privacy and encryption issues. Requiring longer passcodes might annoy most Apple users, he says, while boosting phone security "sort of amplifies the whole argument that Apple is making things too difficult and frustrating law enforcement officials."

Apple had no comment on any future security measures. In a recent letter to customers, it noted that it has routinely built "progressively stronger protections" into its products because "cyberattacks have only become more frequent and more sophisticated."

In the current fight, the FBI aims to make Apple help it guess the passcode on the work phone used by Syed Farook before he and his wife killed 14 people at an office party in December. The FBI wants Apple to create special software to disable security features that, among other things, render the iPhone unreadable after 10 incorrect guesses.

Apple has resisted, maintaining that software that opens a single iPhone could be exploited to hack into millions of other devices. The government insists that its precautions would prevent that, though security experts are doubtful.

Should the FBI prevail, it would take computers less than a day to guess a six-digit passcode consisting solely of numbers, the default type of passcode in the latest version of the iPhone operating system. Even with security features disabled, each passcode guess takes 80 milliseconds to process, limiting the FBI to 12.5 guesses per second.

For security-conscious individuals, the simplest protective move would be to use a passcode consisting of letters and numbers. Doing so would vastly increase the amount of time required to guess even short passcodes. Apple estimates it would take more than five years to try all combinations of a six-character passcode with numbers and lowercase letters. Adding capital letters to the mix would extend that further.

Changing to an alphanumeric code is as simple as going into the phone settings and choosing "Touch ID & Passcode," then "Passcode options."

Another option is simply to pick a much longer numeric code. An 11-character code consisting of randomly selected numbers -- that means no references to birthdays or anniversaries that could be easily guessed -- could take as long as 253 years to unlock.

But longer, more complex codes are harder to remember, and that's probably why Apple hasn't yet required their use. It could, however, easily do so. In fact, iPhones moved to six-digit passcodes from four last September.

Apple may have other tricks up its sleeve. For instance, the company could add additional layers of authentication that would thwart the security-bypassing software the FBI wants it to make, says computer security expert Jonathan Zdziarski.

Apple phones rely on a feature known as the "secure enclave" to manage all passcode operations. The software demanded by the FBI would alter the secure enclave, Zdziarski says. But the software couldn't do so if the secure enclave required the user passcode to approve any such changes.

"This is probably the best way to lock down a device," Zdziarski says.

Apple could also require a second passcode whenever the phone boots up; without it, the phone wouldn't run any software, including the tool the FBI is requesting. "It would be like putting a steel door on the phone," Zdziarski says. Currently, iPhones automatically load the operating system before asking for a passcode.

For now, Apple CEO Tim Cook is focusing on winning the current battle with the FBI in a Southern California federal court while also trying to sway public opinion in the company's favour. The skirmish could go all the way to the U.S. Supreme Court.

In the meantime, Apple is probably already working on security improvements for the next version of the iPhone operating system that it will probably announce in June and release in September.



Advertisements

Latest Tech & Science News

  • Invasive bloody red shrimp discovered in Lake Superior

    Tech & Science CTV News
    MINNEAPOLIS -- An invasive species with a jarring name has turned up in Lake Superior: the bloody red shrimp. Researchers found a single specimen of the tiny shrimp in a sample collected from the Duluth-Superior harbour last summer as part of routine surveillance for invasive species, the U.S. Source
  • Venezuela's digital coin makes debut

    Tech & Science CTV News
    CARACAS, Venezuela -- Venezuela on Tuesday was set to become the first country to launch its own version of bitcoin, a move it hopes will provide a much-needed boost to its credit-stricken economy. Officials say the so-called petro is backed by Venezuela's crude oil reserves, the largest in the world, though it hasn't released any details on how this will be guaranteed. Source
  • Ancient human, giant sloth remains found in world's biggest flooded cave

    Tech & Science CBC News
    Archaeologists exploring the word's biggest flooded cave in Mexico have discovered ancient human remains at least 9,000 years old and the bones of animals that roamed the earth during the last Ice Age. A group of divers recently connected two underwater caverns in eastern Mexico to reveal what is believed to be the biggest flooded cave on the planet, a discovery that could help shed new light on the ancient Maya civilization. Source
  • Quebec restricts use of pesticides linked to honeybee deaths

    Tech & Science CTV News
    Quebec has announced new restrictions on pesticides that many say have been destroying honeybees. But farmers say the new rules will make it even harder to them to protect their crops, and their livelihoods. The tighter rules announced Monday target three nicotine-based pesticides known as neonicotinoids, or "neonics,” which are used on everything from field crops to fruit orchards to keep them free from aphids, spider mites and stink bugs. Source
  • How vampire bats survive on an 'extreme' diet of just blood

    Tech & Science CBC News
    If you want to know how vampire bats can survive on a diet that — as everyone knows — consists exclusively of blood, the answer is simple. It's in their genes. Scientists on Monday said they have mapped for the first time the complete genome of a vampire bat, finding that this flying mammal boasts numerous genetic traits that help it thrive on an exotic food source that offers nutritional disadvantages and exposes it to blood-borne pathogens. Source
  • Canada bleeding aerospace talent by not embracing rocketry: expert

    Tech & Science CTV News
    Canada is experiencing a brain drain on its top aerospace talent, because there are no homegrown rocketry programs they can contribute to, an expert says. That’s not to say Canada is falling behind in the space industry in general, but it has lost ground in some areas by focusing on other endeavours such as satellites and robotics, according to Jeremy Wang, chief technology officer for an Ontario drone company called The Sky Guys. Source
  • Vampire bat's blood-only diet 'a big evolutionary win'

    Tech & Science CTV News
    At first glance, the cost-benefit ratio of a blood-only diet suggests that vampire bats -- the only mammals to feed exclusively on the viscous, ruby-red elixir -- flew down an evolutionary blind alley. Blood is not only teaming with bacterial and viral disease, it is also very poor in nutrients -- too few carbs and vitamins, way too much salt. Source
  • Lobster emoji gets 2 more legs following design complaints

    Tech & Science CTV News
    AUGUSTA, Maine -- After an outcry, the organization that controls the release of emojis has added two more legs to the forthcoming lobster emoji to make it correct. The Portland Press Herald reports soon after the Unicode Consortium released proposed images of 157 new emojis to be made available this year, Maine residents took umbrage at the lobster emoji's eight legs instead of the correct 10. Source
  • Archeologists find fossils, Mayan relics in giant underwater cave in Mexico

    Tech & Science CTV News
    Archeologists who have been exploring the world's largest underwater cave -- recently discovered in Mexico -- presented their findings Monday, including fossils of giant sloths and an elaborate shrine to the Mayan god of commerce. Source
  • 'It is very troubling': microplastics, other pollutants to be focus of studies funded by Ottawa

    Tech & Science CBC News
    The federal government announced $2.7 million in funding on Monday towards studying how contaminants like pesticides, anti-sea lice drugs and microplastics impact aquatic life. That announcement is good news to the vice-president of research for Ocean Wise seafood program, who says research in ocean environments has been cash-strapped for years. Source