Apple Is Reportedly Working On Stronger iCloud Encryption In Light Of Its Dispute With FBI
According to a recent rumor, Apple engineers are working on strengthening the encryption methods for iCloud and iPhone, so that the company can no longer decrypt any data stored in them. The idea of Apple developing a non-hackable encryption method gains traction after an Apple executive said in a conference call with reporters that it was reasonable to expect the company to continue strengthening the security policies of its products in light of the Apple/FBI battle.
If Apple succeeds in upgrading its security, it would create a technical challenge for law enforcement agencies to decrypt the content or force Apple to do it. Currently the iPhone backup is stored in iCloud and a copy of the keys used to encrypt the content is stored with Apple. That is how in the San Bernardino case, Apple gave FBI iCloud backups for the iPhone until October 19. Unfortunately, the company could not provide any recent iCloud backups as the iCloud password for the iPhone was changed, while the phone is government possession. This means the phone could no longer communicate with the backup servers.
If the Federal Bureau of Investigation wanted to get into a phone in the future, it would need a new way to do so. Therefore, they are asking Apple to write a new iOS with a backdoor access and deliver it as an update. Apple has refused their proposal to provide an OS with backdoor access. Apple's decision was not well received by law enforcement agencies and Department of Justice calls Apple's refusal as "Marketing Strategy". Although many tech companies have declared their support for Apple, experts believe that the only way Apple can win this scenario is for Congress to get involved.
According to NY Times, anonymous sources claimed that Apple is working on a solution even before the San Bernardino attack. However, Apple declined to comment on what it called rumors and speculation. It is currently rumored that to prevent government from forcing to provide backdoor access in their software and device, Apple is investigating options involving storing encryption keys in the local device. Apple cannot provide copies of these backup to government as it could not decrypt the data as it will not have the encryption keys with them.
Similarly, in the hardware side, Apple is planning to make system storage to wipe itself on installing new firmware without a valid passcode. This means, if users tried to update their iOS without entering passcode or forget their passcode, then the system storage will be erased and they have to start afresh.
The above mention technique is not the only ones Apple is examining. The company is also having informal conversations with independent security researchers, to find a solution. According to Jonathan Zdziarski, a security researcher, "there are probably 50 different ideas we have all sent to Apple".
If Apple decides to make their devices in this manner, then it would cause a new round of legal disputes and average customers will not like the idea of losing the family photos and videos because they forgot their password.