Apple is taking steps to ensure that the encryption on iOS devices and iCloud backups is so strong that it couldn’t hack itself, even if it wanted to.
In complementary reports today, The New York Times and Financial Times are detailing that Apple engineers are now actively developing new encryption methods for iCloud backups and iPhone hardware, so that Apple couldn’t even hack itself … if it was asked to again like in San Bernardino iPhone backdoor/unlock case.
Such a move would prevent the company from being compelled to cooperate with the FBI, as it is being ordered to in the current San Bernardino shooter iPhone case. Plus, it would also close an iCloud backups security hole that has been exploited by law enforcement agencies a number of times in the past.
Currently, even though iCloud backups are encrypted, the encryption key is also stored on Apple’s servers, meaning law enforcement agencies can ask for the data to be supplied from those servers. (If the FBI hadn’t changed the iCloud password on the iPhone 5c used by shooter Syed Farook, it could have used this loophole to access the most recent backups form the device in question. instead, in light of the password change, Apple was only able to supply iCloud backups up to October 19th.)
The report from the Financial Times indicates Apple is developing new encryption for iCloud backups, where the encryption keys are tied to the local user device. Apple would be unable to decrypt these backups, and could no longer comply with law enforcement requests. However, it isn’t clear what Apple could do to help a user who has forgotten their iCloud password, which could lead to the user being permanently locked out of their own data.
The New York Times report says Apple is re-evaluating its iOS security, with the idea such security needs to be impervious to everyone, not the least of all, Apple itself. Such an approach would prevent Apple from being forced to create a “backdoor” to an encrypted device, such as the current case where the FBI seeks to force the Cupertino firm to create special iOS software that would allow the Bureau to use a “brute-force” technique to unlock the device used by terrorist Farook.