Apple is already thinking about ways to make it harder to hack iPhones, reports say. According to the New York Times, the company wants to prevent passcode-free recovery mode in future iPhones. According to the FT, Apple also wants to encrypt iPhone backups on iCloud.
These two reports are related to the current fight between Apple and the FBI. The FBI found an iPhone that used to belong to one of the suspects in the San Bernardino terrorist attack. When the FBI asked for a backdoor to access data on this phone, Apple’s Tim Cook wrote a letter saying that Apple is protesting the order.
In particular, the FBI has looked at an iCloud backup of the phone in question and wants Apple to create a new firmware that would let the FBI make as many tries as possible to unlock the iPhone. And the best way to refuse complying to these orders would have been to make those things technically impossible. This is exactly what Apple plans to do.
In future iPhones, Apple wants to find a way to disable “DFU mode,” or at least limit it. DFU stands for device firmware update. Jailbreakers know this mode quite well as it was used to install a special version of iOS to bypass some of Apple’s features.
Apple has created DFU mode for troubleshooting purposes. Let’s say your iPhone doesn’t work anymore because iOS is completely broken. If such a big crash happens, Apple lets you boot your iPhone into DFU mode so that you can reinstall a fresh version of iOS without having to boot iOS or enter a passcode.
DFU mode is at the center of the debate because its current design makes the FBI requests possible. If Apple requires that you enter your passcode to enter into DFU mode, Apple wouldn’t be able to create a special firmware that would let the FBI attempts as many passcodes in as little time as possible.
For now, Apple can resist making this change because the company needs to sign the special version of iOS with these changes. Otherwise it won’t work.
When it comes to iCloud security, Apple encrypts its data on its servers but still owns the decryption keys. So if the FBI asks Apple for iCloud data, Apple can decrypt iPhone backups and hand them to the FBI.
According to the FT, Apple is thinking about giving the private key to its customers so that the company wouldn’t be able to decrypt backups. There are some implementation challenges as customers who would lose this key or password wouldn’t be able to access their iCloud data ever again. Apple wouldn’t be able to help them.
But with a bit of education and regular security checks, Apple could make the switch for all existing iCloud users. Since the Snowden revelations, Apple has made its devices and services more secure to make it harder to hack iPhones. The current case is accelerating this process.