In a recent conference call with reporters, Apple iPhone engineers revealed that they still believe hackers are more pressing threat to user privacy than the government. As you may know by now that over the past few weeks, Apple and FBI are entangled in legal battle over unlocking of San Bernardino shooter’s iPhone. When Apple refused to create a new version of iOS capable of bypassing the iPhone’s built-in security mechanisms, FBI hired Grey Hat hackers to unlock the iPhone for them.
According to TechCrunch, Apple claims that their reluctance to assist the FBI had nothing to do with their lack of desire to help the FBI in their investigation, but rather due to broader concerns over mobile device security.
Senior Apple engineers feel that government intrusion is not their primary threat model when designing iPhone security and said they instead prefer to focus on fending off hackers.
The engineers also characterized Apple’s pushback against the FBI as motivated not by a desire to impede a terrorism investigation, but rather to defend its ability to protect users against non-governmental threats.
Apple engineers also disputed the theory that the tech giant’s security features enable criminals to evade law enforcement, saying that data security is essential to protect the data and sensitive information of hundreds of millions of iOS users across the globe. The engineers noted that internal security teams at Apple have been bolstered, and that the company is working hard to increase security measures for its line of products. Already, current iOS devices feature a Touch ID sensor, and this is far, far more secure than a passcode.
Especially interesting is that iPhone engineers on the call took some time to discuss how Apple’s ability to control both the software and the hardware on the iPhone makes for a much more secure device.
The security for iPhone involves multiple layers, some of which are industry-standard and others that are specific to Apple hardware. The protection starts with the chip inside of the phone, these Apple engineers said. The Boot ROM, or memory chip, includes a certificate or secret key that only Apple has access to. If an attacker wanted to try to take over an iPhone by taking a version of iOS and modifying it to run their own code, the software would not run because the attacker would not have access to that secret key, Apple said. This is the case for iPhones 3GS and later.
There’s also a chain-of-security-command built directly into the iOS mobile software, known in the tech industry as the boot chain. This, again, ensures that the certificate or key is validated before iOS even begins to boot up on the phone.
They also talked about how they are comfortable going against the government, but they do not want the public to perceive them as an anti-government company. Apple also revealed during the interview that it has revamped its security teams likely in a bid to further improve the level of security it offers on the iPhone and iPad.
For now, we can expect to hear more about security from Apple at its upcoming WWDC conference in June. You can read more detailed version of Apple’s call with reporters by visiting the source links.