Why can't Apple decrypt your iPhone?

There&#x27;s another technical surveillance method here that I feel more people should be talking about: monitoring iMessage communication.<p>iMessage is extremely secure[1], except for the fact that Apple controls the device list for iCloud accounts. The method would simply be for Apple to silently add another device to a target&#x27;s account which is under law enforcement&#x27;s control. I say &quot;silently&quot; in that they would need to hide it from the target&#x27;s iCloud management UI to stay clandestine, but that&#x27;s it, just a minor UI change. iMessage clients will then graciously encrypt and send a copy of every message to&#x2F;from the target to the monitoring device.<p>This would still work even with impossible-to-crack encryption. It wouldn&#x27;t allow access to old messages, just stuff after the monitoring was enabled. It&#x27;s the modern wiretap.<p>It mirrors wiretapping in that sufficiently sophisticated people could discover the &quot;bug&quot; by looking at how many devices iMessage is sending copies to when messaging the target (just inspecting the size of outgoing data with a network monitoring tool would probably suffice), but it would go a long way and probably be effective for a high percentage of cases.<p>The main thrust of the article is that encryption is not new, just the extent of it, particularly iMessage. Here&#x27;s a way around that.<p>[1] <a href="http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf" rel="nofollow">http:&#x2F;&#x2F;images.apple.com&#x2F;iphone&#x2F;business&#x2F;docs&#x2F;iOS_Security_Fe...</a>

&gt; The Secure Enclave is designed to prevent exfiltration of the UID key. On earlier Apple devices this key lived in the application processor itself, and could (allegedly) be extracted if the device was jailbroken and kernel patched.<p>Speaking as a jailbreaker, this is actually incorrect. At least as of previous revisions, the UID key lives <i>in hardware</i> - you can ask the hardware AES engine to encrypt or decrypt using the key, but not what it is. Thus far, neither any device&#x27;s UID key or (what would be useful to jailbreakers) the shared GID key has been publicly extracted; what gets extracted are secondary keys derived from the UID and GID keys, but as the whitepaper says, the passcode lock key derivation is designed so that you actually have to run a decryption with the UID to try a given passcode. Although I haven&#x27;t looked into the newer devices, most likely this remains true, since there would be no reason to decrease security by handing the keys to software (even running on a supposedly secure coprocessor).

Now if only it was possible to turn off remote installation of applications on both iOS and Android devices, this kind of security would actually mean something.<p>Right now, you can do full disk encryption on an Android device (which seems likely to become hardware-assisted on future devices similar to the solution mentioned in the article). If you pick a sufficiently strong passphrase, that should keep your data secure even on devices without hardware assistance. However, if the device is turned on and locked (the common case), it&#x27;s trivial to remote-install an arbitrary app, including one that unlocks the phone. (You can do this yourself with your Google account, which means anyone with access to that account can do so as well.)<p>It would help to be able to disable remote installation of any kind; that wouldn&#x27;t have to come at the expense of convenience, because the phone could just prompt (<i>behind the lockscreen</i>) to install a requested app.

If someone obtains your phone, and prevents you from initiating a remote wipe (perhaps they have you in custody, or perhaps they have isolate the phone so that it cannot receive the wipe command), it sounds like this technology will do a good job of preventing them from decrypting your data from the phone if you have a decent passcode. They cannot throw GPUs or FPGAs or clusters or other custom hardware at the problem of brute forcing your passcode because each attempt requires computation done by the Secure Enclave using data only available in the Secure Enclave. That limits them to trying to brute force with no parallelization and 80ms per try [1].<p>However, assuming they have an appropriate warrant, can&#x27;t they get your iCloud backups and try to brute force those? Maybe I&#x27;m being an idiot and overlooking something obvious, but it seems to me the encryption on the backups CANNOT depend on anything in the Secure Enclave.<p>That&#x27;s because one of the use cases that iCloud backup has to support is the &quot;my phone got destroyed, and now I want to restore my data to my new phone&quot; case. To support this, it seems to me that the backup encryption can only depend on my iCloud account name and password. They can throw GPUs and FPGAs and all the rest at brute forcing that.<p>My conclusion then is that when I get a new iPhone, I should view this as a means of protecting my data on the phone only. It lets me be very secure against an attacker who obtains my phone, but not my backups, provided I have a good passcode, where &quot;good&quot; can be achieved without having to be so long as to be annoying to memorize or type. A passcode equivalent to 32 random bits would take on average over 5 years to brute force.<p>To protect against someone who can obtain my backups, I need a good password on iCloud, where &quot;good&quot; means something considerably more than equivalent to 32 bits.<p>[1] I wonder if they could overclock the phone to make this go faster?

<p><pre><code> 1. [...] 2. [...] 3. [...] 4. [...] 5. The manufacturer of the A7 chip stores every UID for every chip. </code></pre> I&#x27;m a total layman, but the UID has to be created at some point and so it can be known by someone. Wouldn&#x27;t it be the easiest way to just record it for every chip? Apple wouldn&#x27;t even have know about it.

&gt; (Apple pegs such cracking attempts at 5 1&#x2F;2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!)<p>Do not use simple pin passwords on your phone. In particular, if you use fingerprint access, there is no reason not to have a long, complex password.

I read through the article - including the hand wavey &quot;Apple has never been cracking your data conclusion&quot; - but I don&#x27;t understand what has changed since previous versions of iOS other than more data being encrypted.<p>Apple claims they can&#x27;t decrypt data, but, the article suggests that they can simply run the decryption on the local phone with custom firmware. Most people chose a 4 digit pin, and, @80 millisecond&#x2F;guess, that means Apple should be able to crack your phone in 12 minutes.<p>If you use a longer passcode, your data is more secure - but I thought that was <i>always</i> the story with Apple.<p>So what, if anything, has changed (other than more data being encrypted?)

Invasive attacks for extracting the UID depend on exactly how it&#x27;s &#x27;implemented in hardware&#x27;.<p>It could be a total lie, and hardwired or masked-rom per-revision (but I doubt that, too easy to discover)<p>It could be in a one-time programmable block somewhere that gets provisioned during manufacture - a flash block&#x2F;eeprom with write-only access (externally at least), or a series of blowable fuses, or even laser&#x2F;EB-trimmed traces.<p>All of those 1-time prog methods are susceptible to the person operating the programmer to record the codes generated, although managing and exfiltrating that much data would make it rather tricky.<p>The method of storage also influences how hard it is to extract through decapping and probing&#x2F;inspection.<p>If I had to design something like this (note: not a crypto engineer), I&#x27;d have some enclave-internal source of entropy run through some whitening filters, and read from until it meets whatever statistical randomness&#x2F;entropy checks, at which point it is used to seed &amp; store the UID into internal EEPROM. That way, there&#x27;s no path in <i>or</i> out for the key material, except when already applied via one of the supported primitives.<p>Then you need to protect your secrets! Couple of layers of active masks (can they do active resistance&#x2F;path-length measurements instead of just continuity yet? That would annoy the &#x27;bridge &amp; mill&#x27; types :)) Encrypted buses, memory, and round-the-houses-routing is also pretty standard for the course, but I&#x27;m sure it too could be improved on.<p>IIRC there was someone on HN who was working for a TV smartcard mfgr who was reasonably confident they&#x27;d never been breached. Curious what he&#x27;d have to say (without an NDA :) )

&gt; Apple doesn&#x27;t use scrypt. Their approach is to add a 256-bit device-unique secret key called a UID to the mix, and to store that key in hardware where it&#x27;s hard to extract from the phone. Apple claims that it does not record these keys nor can it access them.<p>Technically, this is where it breaks down. As in &quot;Trust me I don&#x27;t store the keys.&quot;<p>If that hypothesis is true(they don&#x27;t store these keys), then they&#x27;ll have a hard time breaking your encryption indeed. But you must trust Apple at that point.<p>If there was a way to buy an anonymously replaceable chip with this cryptographic key in it and replace it on the phone like a SIM, then we&#x27;d be much closer to stating &quot;Apple can&#x27;t decrypt your phone&quot;.

&gt; Secure Enclave allows firmware updates -- but before doing so, the Secure Enclave will first destroy intermediate keys. Firmware updates are still possible, but if&#x2F;when a firmware update is requested, you lose access to all data currently on the device.<p>Given that the end-user has entered the passcode it shouldn&#x27;t be hard to retain the data: after upgrading the Secure Enclave firmware simply unencrypt all data using the old key and reencrypt it using the new key (derived from same passphrase but a new UID).<p>You can also use a &quot;two stage&quot; approach where the encryption key derived in hardware is only used to protect a secondary key. In this case you just reencrypt this secondary key which in turn protects the data.

Is Apple&#x27;s &quot;Secure Enclave&quot; anything more than ARM&#x27;s TrustZone?<p><a href="http://www.arm.com/products/processors/technologies/trustzone/index.php" rel="nofollow">http:&#x2F;&#x2F;www.arm.com&#x2F;products&#x2F;processors&#x2F;technologies&#x2F;trustzon...</a>

What&#x27;s stopping Apple from being coerced by the PTA (Peeping Tom Agencies) from installing an update to bypass the lock for specific targets?

&gt; <i>Apple has built a nuclear option. In other words, the Secure Enclave allows firmware updates -- but before doing so, the Secure Enclave will first destroy intermediate keys. Firmware updates are still possible, but if&#x2F;when a firmware update is requested, you lose access to all data currently on the device.</i><p>That seems ideal. Let&#x27;s hope Apple actually does that (probably not).

So the key is derived from passcode? isn&#x27;t that 5 digits that are easy to brute force?

Two questions:<p>* Regarding the fixed 80ms timing: has there been study on the average time needed (aside from the WHY 80ms instead of 70ms or 90ms). I also want to ask for clarification: where is the entire PBKDF2-AES is done? On the AES engine (which I believe is part of the A7 chip)? On a TPM chip (which might be a NO based on unauthenticed source [1])?<p>* So this UID created in every device and stored in Secure Enclaved which there is a dedicated path between SE and AES engine. But can we conduct any side-channel attack? I am pretty noob with hardware security.

I wonder, is it in the realms of possibility for big-budget organizations like the NSA to simply read the UID from the silicon by means of physical analysis (e.g. a scanning tunneling microscope)?

The security is based on the premise that Apple is unable to decrypt as they do not keep a record of the devices unique ID that is the base of all the cryptography.<p>What if that is not true? What if the device has a built-in keylogger to just get all the crypto from the user input? be it a passcode or a fingerprint.<p>Wouldn´t it be partly better if this were based on a trully public key cryptography with a randomly generated private key generated each time the device is factory reset?

With all the talks about supper crypto tech use in the Iphone, isn&#x27;t cloning phone&#x27;s data as simple as declaring your phone is loss and paying a mobile phone store clerk a new phone and reset the password for the I-Account? The new iphone would have access to all your info, pictures, msg logs in 1-2 hours?<p>Is this any reasonable PI, police, FBI, hackers can easily social engineer via legal and&#x2F;or illegal means?

What about iCloud? It used to be that a user could reset their password and then restore from iCloud backup on a new phone... Is this no longer true?

If you&#x27;re wondering when Secure Enclave first appeared, I looked up the A7 processor. It&#x27;s in the iPhone 5S, the iPad Air, and the iPad Mini (2nd generation).

So the article&#x27;s answer to &quot;Why can&#x27;t Apple decrypt your iPhone?&quot; is: &quot;Because Apple says that no software can extract the UID&quot;.<p>In our post-Snowden world this is just ridiculous and intellectually insulting. The author is either naive beyond belief or he got paid to write this PR shill piece.<p>cf. <a href="https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands/" rel="nofollow">https:&#x2F;&#x2F;gigaom.com&#x2F;2014&#x2F;09&#x2F;18&#x2F;apples-warrant-canary-disappea...</a>

And what about a backdoor? Code is not open-source. Just saying..

Dont worry, the NSA can.

All the criticisms I&#x27;ve yet seen of Apple&#x27;s iMessage security comes down to &quot;yes it&#x27;s probably completely locked down now and for all historical messages, but here&#x27;s this obscure way they could open it up for messages in the future therefore it&#x27;s not secure&quot;.<p>Well duh! It&#x27;s their software. Of course they could backdoor it in future, such as if required to by the government. That&#x27;s true of any software. Apple are asserting that right now there are no such backdoors and iMessages are secure. I&#x27;ve not seen any credible argument that this is not the case other thst &quot;maybe they&#x27;re lying&quot;. Ok. What&#x27;s the alternative? Run everything through OpenSSL? That didn&#x27;t worm out do well. Maybe we should run everything on Linux using Bash scripts. Oops again!<p>Maybe Apple are lying. Maybe they will sell us all out. But if they do these things always have a tendency to come out in the open eventually. So far they&#x27;ve had a pretty good track record of being on the level. In the end it&#x27;s tfag reputation, and their appreciation of its value, that is the best and really the only guarantee we have, as with anyone else we rely on.