Insights For Success

Strategy, Innovation, Leadership and Security


IOS 8 means Apple can't unlock your device for law enforcement

technologyEdward KiledjianComment

The slow and consistent Snowden leaks about how everything we do is monitored, recorded and analysed is freaking some people out. And this extra customer push may be what was needed to finally improve on-device security for our most personal devices (aka smartphones).

Apple announced (link) that IOS 8 is a big move for IOS device security because it is now "technologically impossible" to access data stored on a passcode or TouchID locked device. Apple says they can no longer bypass device security. It is important to note that this only applies for on device information (contact, pictures, recordings, etc), anything stored in the cloud is fair game and can be handed over to authorities with a warrant or NSL.

Obviously law enforcement isn't too thrilled about this new hurdle because it (they claim) makes it easier for criminals to perform their nefarious activities and hide.

Why did Apple do this? Because if they can't technically provide the information, then they can  no longer be compelled to do so by a court. It reduces workload for them and improves customer perception. 

Now for the bad news. Renown security analyst Jonathan Zdziarski discussed these new measures on his blog (link) but threw in an important caveat :

What’s left are services that iTunes (and Xcode) talk to in order to exchange information with third party applications, or access your media folder. Apple wants you to be able access your photos and other information from your desktop while the phone is locked – for ease of use. This, unfortunately, also opens up the capability for law enforcement to also use this mechanism to dump:

- Your camera reel, videos, and recordings
- Podcasts, Books, and other iTunes media
- All third party application data

Existing commercial forensics tools can still acquire these artifacts from your device, even running iOS 8. I have tested with my own private forensics tools, as well, and confirmed this. I dumped all of my third party application data (including caches, databases, screenshots, etc), as well as my camera reel and other media… all within a few minutes and from my locked iPhone running iOS 8 GM.

There is one big caveat though, but it’s not a big problem for law enforcement. This technique requires access to a trusted pairing record on a desktop / laptop machine that is paired with your phone, and as of iOS 8 requires physical access to the phone. What does this mean? This means that if your’e arrested, the police will seize both your iPhone and all desktop / laptop machines you own, and use files on the desktop to dump and access all of the above data on your iPhone. This can also be done at an airport, if you are detained.
— Jonathan Zdziaski

I don't want to undersell what Apple has done. Apple has helped make IOS users much safer by fixing many of the security issues present in IOS7. The above note by Jonathan is something to keep in mind. If you want to maintain the highest level of security protection, never connect your iPhone to a PC. 

Apple reveals TouchID secrets in new document

technologyEdward Kiledjian4 Comments

In a new document published by Apple (link), we finally learn the details about bout TouchID functions and the exact process of the TouchID finger recognition system.

Since the release of the iPhone 5s, we have seen a steady stream of information explaining TouchID and its security level. We know the scanned information is stored in a non-reversible fashion on a special "enclave" built into Apple's latest A7 chip. We know from experience that even the cable is authenticated with its paired TouchID sensor to prevent man-in-the-middle type attacks. This whitepaper takes our understanding to the next level.

They provide additional details about the secure enclave and how it separates the sensitive fingerprint information from the rest of the system's memory through encryption and a built in random number generator.

"Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space. 
Additionally, data that is saved to the file system by the Secure Enclave is encrypted 
with a key tangled with the UID and an anti-replay counter" Page 6

For the statistics junkies among you, Apple claims the possible rate of false positive is 1 in 50,000. This means there is a 1 in 50,000 chance a stranger will be able to unlock your device.

We know that even with TouchID, there are circumstances where the iPhone 5s still demands we enter our Apple ID (passcode). Apple clarifies when this happens:

"iPhone 5s has just been turned on or restarted
• iPhone 5s has not been unlocked for more than 48 hours 
• After five unsuccessful attempts to match a finger
• When setting up or enrolling new fingers with Touch ID
• iPhone 5s has received a remote lock command"

I found this document a good and interesting read. Of course I'm really into security so that might have something to do with it.

Apple iPad Mini 2 tablet specs leaked

technologyEdward KiledjianComment
Apple's iPad Mini

Apple's iPad Mini

I know you are really hoping for a retina equipped iPad mini but industry rumors aren't pointing in that visually appealing direction. Most unnamed industry insiders believe the retina iPad mini will only be released next year, so what will Apple's next mini iteration bring?

It's a safe bet to assume it will cone in the same form factor we know and love but will pack: 

  • a TouchID sensor
  • a 64-bit A7 chip
  • same color combinations as the iPhone 5s

Indeed leaked parts we have seen coming from China seem to show a ring around the home button which would indicate a TouchID sensor. Why would Apple jump from the A5 processor (powering the current crop of iPad minis) to the A7? simple... Apple wants to quickly change its mobile ecosystem to a 64-bit environment and is willing to bite the bullet and add it to almost everything it can. 

My biggest gripe with the iPad mini is the lack of retina display and simply adding this would entice most users to invest in the newer device but we aren't hearing any rumors of a 7.9" retina display being manufactured by any of the usual suspects. It is possible Apple has locked down the information and will shock everyone with a retina display but that looks like a very faint possibility way out in the future.

However if they manage to pack an A7, TouchID, slightly better battery performance, multi-band LTE and a retina display, I'll pre-order a device now.

Apple doesn't pre-announce launch events to early but most of us expect the announcement sometime around mid October.  

Right now, I wouldn't buy a Macbook Pro, iPad or iPad mini. Wait until mid-October to see what uncle Tim brings right before the holiday shopping period.