Apple's battle with the FBI has put iPhone encryption in the spotlight. However, some might be surprised that the company's encryption efforts have evolved slowly and are not that different from those of other smartphone makers. Here's a look at the 5 phases of the process so far.
1 of 8
Despite the recent spotlight on Apple's iPhone encryption technology because of its fight with the FBI over providing access to data stored on a locked iPhone 5c used by one of the shooters in the San Bernardino terrorist attacks, the iconic computer and device maker's encryption efforts are not so different from those of other smartphone makers and software companies over the years, said one security expert.
"They are keeping up with the industry, but are not a pioneer," said Dan Schiappa, senior vice president and general manager of the Sophos Enduser Security Group, in an interview with InformationWeek. "But one thing that they have that the others don't is a proprietary messaging system that encrypts messages from end-to-end, so they have a leg up in encryption there compared to other smartphone makers."
Apple's inability to access encrypted information stored on the iPhone of the San Bernardino terrorist's device has prompted the FBI to seek the unprecedented use of the All Writs Act of 1789 to expand its authority and force Apple to build a backdoor into its iOS software. Apple is refusing to comply with this request. The company notes that once a backdoor is created it can also be used by malicious attackers should they get their hands on the code.
Nonetheless, a recent Pew Research study found that 51% of Americans say they believe Apple should unlock the iPhone used by the San Bernardino shooter. Microsoft cofounder Bill Gates has made statements that have been seen by some as being inline with that sentiment. However, other tech titans have backed Apple's position.
Interestingly, Apple's public key encryption method is not all that different from those that other companies are using. The iPhone was introduced in 2007, at a time when Microsoft was already using encryption in the 2005 release of Windows Vista, Schiappa said. Android smartphones, which later emerged commercially in 2008, also rely on device encryption.
Schiappa pointed to the importance of embedding the encryption key in the chipset, but security expert and hacker Jonathan Zdziarski said that encryption is all about the type of iOS used.
In particular, iOS 8, which was launched in 2014, was a significant development in Apple's encryption efforts because it linked the encryption keys to a user's passcode, or pin, according to Zdziarski. He speculated that Apple will likely further increase the strength of its encryption, which could possibly result in the device facing longer delays between tries to unlock the device.
Schiappa also noted that there is definitely a need for encryption, which is designed to ensure the bad guys don't get access to a user's information, such as credit card account information, bank account data, or even pictures stored on the device. But once a backdoor access is created for law enforcement officials, it becomes a backdoor for everyone -- including hackers and cyber-criminals.
Here is a look at the history of encryption on the iPhone and the views of Apple CEO Tim Cook and late cofounder Steve Jobs on the issue of encryption and privacy. Let us know where you stand in the debate by chiming in in the comments section.
Does your company offer the most rewarding place to work in IT? Do you know of an organization that stands out from the pack when it comes to how IT workers are treated? Make your voice heard. Submit your entry now for InformationWeek's People's Choice Award. Full details and a submission form can be found here.
Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.