Apple could make it even tougher to hack iPhones

SAN FRANCISCO -- Suppose the FBI wins its court battle and forces Apple to help unlock an iPhone used by one of the San Bernardino killers.

See Full Article

That could open all iPhones up to potential government scrutiny -- but it's not the end of the story.

Turns out there's a fair bit both individuals and Apple could do to FBI-proof their phones and shield private information from investigators and cybercriminals alike. Those measures include multiple passcodes and longer, more complex ones.

Of course, increased security typically comes at the expense of convenience. Most efforts to improve phone security would make the devices harder to use, perhaps by requiring you to remember more passwords.

Making it more difficult for law enforcement to crack open iPhones could also spur legal restrictions on phone security, something that neither Apple nor other technology companies want to see.

"They are walking a tightrope," says Mark Bartholomew, a law professor at the State University of New York at Buffalo who specializes in privacy and encryption issues. Requiring longer passcodes might annoy most Apple users, he says, while boosting phone security "sort of amplifies the whole argument that Apple is making things too difficult and frustrating law enforcement officials."

Apple had no comment on any future security measures. In a recent letter to customers, it noted that it has routinely built "progressively stronger protections" into its products because "cyberattacks have only become more frequent and more sophisticated."

In the current fight, the FBI aims to make Apple help it guess the passcode on the work phone used by Syed Farook before he and his wife killed 14 people at an office party in December. The FBI wants Apple to create special software to disable security features that, among other things, render the iPhone unreadable after 10 incorrect guesses.

Apple has resisted, maintaining that software that opens a single iPhone could be exploited to hack into millions of other devices. The government insists that its precautions would prevent that, though security experts are doubtful.

Should the FBI prevail, it would take computers less than a day to guess a six-digit passcode consisting solely of numbers, the default type of passcode in the latest version of the iPhone operating system. Even with security features disabled, each passcode guess takes 80 milliseconds to process, limiting the FBI to 12.5 guesses per second.

For security-conscious individuals, the simplest protective move would be to use a passcode consisting of letters and numbers. Doing so would vastly increase the amount of time required to guess even short passcodes. Apple estimates it would take more than five years to try all combinations of a six-character passcode with numbers and lowercase letters. Adding capital letters to the mix would extend that further.

Changing to an alphanumeric code is as simple as going into the phone settings and choosing "Touch ID & Passcode," then "Passcode options."

Another option is simply to pick a much longer numeric code. An 11-character code consisting of randomly selected numbers -- that means no references to birthdays or anniversaries that could be easily guessed -- could take as long as 253 years to unlock.

But longer, more complex codes are harder to remember, and that's probably why Apple hasn't yet required their use. It could, however, easily do so. In fact, iPhones moved to six-digit passcodes from four last September.

Apple may have other tricks up its sleeve. For instance, the company could add additional layers of authentication that would thwart the security-bypassing software the FBI wants it to make, says computer security expert Jonathan Zdziarski.

Apple phones rely on a feature known as the "secure enclave" to manage all passcode operations. The software demanded by the FBI would alter the secure enclave, Zdziarski says. But the software couldn't do so if the secure enclave required the user passcode to approve any such changes.

"This is probably the best way to lock down a device," Zdziarski says.

Apple could also require a second passcode whenever the phone boots up; without it, the phone wouldn't run any software, including the tool the FBI is requesting. "It would be like putting a steel door on the phone," Zdziarski says. Currently, iPhones automatically load the operating system before asking for a passcode.

For now, Apple CEO Tim Cook is focusing on winning the current battle with the FBI in a Southern California federal court while also trying to sway public opinion in the company's favour. The skirmish could go all the way to the U.S. Supreme Court.

In the meantime, Apple is probably already working on security improvements for the next version of the iPhone operating system that it will probably announce in June and release in September.



Advertisements

Latest Tech & Science News

  • 'Every plant and animal is useful to us': Indigenous professor re-thinking how we deal with invasive species

    Tech & Science CBC News
    When invasive species show up, Western science tells us they should be dealt with. But Nicholas Reo wonders whether we should instead ask why they're here in the first place. Reo, an anthropology professor at Dartmouth College, researches how invasive species mitigation could be approached differently — and as a citizen of the Sault Ste. Source
  • Police try to unlock phone with dead man's finger in Florida

    Tech & Science CTV News
    LARGO, Fla. - Florida authorities went to a funeral home and used a dead man's finger to try to unlock his cellphone as part of their investigation. Thirty-year-old Linus Phillip was killed by a Largo police officer last month after authorities say he tried to drive away before an officer could search him. Source
  • New Brunswick Liberal calling for study on Canada's endangered whales

    Tech & Science CTV News
    FREDERICTON -- A New Brunswick member of Parliament is calling for a federal study to take a closer look at the state of Canada's endangered whales. Karen Ludwig, the Liberal member for New Brunswick Southwest, has tabled a private member's bill that is expected to be debated in the House of Commons on Monday. Source
  • Russia adds Google IPs to registry of banned sites

    Tech & Science CTV News
    MOSCOW -- Russia's communications watchdog agency says it is adding some Google IP addresses to the state register of banned sites, as a dispute over a banned messaging app intensifies. Russia has ordered the popular Telegram messaging app to shut down because it won't share its encryption key with intelligence agencies. Source
  • 'Greening' project could end use of fossil fuel for Centennial Flame

    Tech & Science CBC News
    Will the Centennial Flame monument on Parliament Hill, with its dancing fires lit by natural gas, become the Centennial LED? The federal government has launched a study of options to cut the flow of natural gas from Western Canada to the popular monument, and replace it with a more eco-friendly energy source. Source
  • Hubble's 28 years marked by shot of wild stellar nursery

    Tech & Science CTV News
    CAPE CANAVERAL, Fla. — NASA is marking the 28th anniversary of the Hubble Space Telescope’s launch with a peek into a wild stellar nursery. Scientists released the picture Thursday in advance of next week’s milestone. Source
  • Musk's LA transport tunnel proposal gets environmental review exemption

    Tech & Science CTV News
    FILE - In this Feb. 6, 2018 file photo, Elon Musk, founder, CEO, and lead designer of SpaceX, speaks at a news conference after the Falcon 9 SpaceX heavy rocket launched successfully from the Kennedy Space Center in Cape Canaveral, Fla. Source
  • After Facebook scrutiny, is Google next?

    Tech & Science CTV News
    MENLO PARK, Calif. -- Facebook has taken the lion's share of scrutiny from Congress and the media for its data-handling practices that allow savvy marketers and political agents to target specific audiences, but it's far from alone. Source
  • Ribbonsnake DNA detective work being used to track elusive creatures

    Tech & Science CBC News
    A snake researcher is using DNA analysis to learn more about one of Nova Scotia's most elusive and threatened snakes. The eastern ribbonsnake is 70 centimetres long and in the same genus as the common garter snake. "They look very much like garter snakes to the uninitiated, but a dead giveaway is they have a crescent-shaped white scale right in front of their eye," said Steve Mockford, associate professor of biology at Acadia University and co-chair of the Ribbonsnake Recovery Team. Source
  • Prescription to slow worsening myopia in Canadian kids? Head outdoors

    Tech & Science CBC News
    Seven-year-old Jaclyn recently chose bright blue-framed glasses with red dots "because they're a splash of colour." Jaclyn was diagnosed with myopia, or nearsightedness, at the age of age four. "I was surprised to learn that she needed glasses," recalled her mother, Ellen Rosenberg, in Toronto. Source