Apple and Encryption
Last updated: 2 months ago
Almost all of the Apple devices and services you use today use encryption. This means that everything you do from communicating with friends to storing your health data is safely done on your iPhone. Apple encrypts this data and stores it in a way that only you, with your passcode or biometrics, are able to access it. In the event someone tries to break into your device, they will find it nearly impossible to accomplish. Governments and agencies worldwide have questioned the need for such security at the consumer level, and has caused much controversy along the way.
● AES-256 encryption
● Secure Enclave
● End-to-end encryption
● Encryption in transit
● Secure data erasure
● T2 chip
● Secure boot
Apple claims to be the home of privacy and security; a place where users can feel safe just using their devices without a prying eye. All modern iOS and macOS devices are capable of hardware encryption by design. The debate surrounding Apple and encryption is a long one, but comes down to a simple concept– security and privacy for the user.
Your iPhone or Mac, when configured correctly, will keep all but the worst bad actors out of your data. This also means the good guys can't see your data either, and government agencies are not so happy about this consumer-level protection.
First, let's cover encryption and what your devices are doing to protect you, then there will be information about the encryption debate and where it all stems from.
Data encryption is a cryptographic process that makes data unintelligible to anyone who doesn't have the proper keys. This ensures that only the person with the correct passwords can access and read data, otherwise the data accessed is just a mess of characters.
All of this security happens without user input, besides the occasional password or biometric, and is designed to get out of the way as much as possible.
Data can exist in transit or at rest, and so does encryption. Generally, data in transit is or should be encrypted, which means anyone spying in on your traffic will not see what is passing through.
Data at rest is usually only encrypted if need be, but Apple encrypts the entire device when locked if it is iOS or iPadOS. macOS users can opt to encrypt their computers using FileVault, and those who own a Mac with a T2 chip will have encrypted drives automatically.
Total device encryption can be a very processor-demanding task. This often meant users used to have to choose between total device encryption and speed.
Ever since the iPhone 4, this hasn't been the case. iOS devices have benefitted from hardware encryption for nearly a decade now, and Apple uses AES-256, which is what banks use for transactions.
When data is encrypted no matter the state, and the key is generated and stored on-device, it is called end-to-end encryption. This means that the data is secure unless the decryption key is presented. Data like this is usually locked behind the user's Apple ID and Password.
End-to-end encrypted data on iOS includes:
- iMessage and FaceTime
- QuickType Keyboard vocabulary
- Health and Home Data
- Screen Time
- iCloud Keychain
- Siri information
- Payment information
- WiFi passwords
Encryption in the Cloud
While things like iMessage and FaceTime are end-to-end encrypted, other information is not. End-to-end encryption requires that only the party who owns the information has access to the keys, like with device encryption.
When saving data to iCloud, however, things change considerably. Apple always encrypts data in transit and encrypts data stored on its servers, but when it comes to iCloud backup its encryption keys are stored with Apple.
When a user has iCloud Backup turned on for a device, information like iMessages, photos, health data, and app data are all saved in an encrypted bundle on iCloud. The key to unlocking this bundle stays with Apple to prevent a user from inadvertently losing their secret key, and thus all of their backed up data.
This means, though, that Apple does have reasonable access to data when properly warranted by a government investigation.
If and when Apple complies with a government data request, it is often the iCloud backup data that provides the most useful information. Apple doesn't always hand over every bit of data they have, however, but only portions of data specific to the warrant.
Only specific cases ever demand total access to data, and Apple will deny those requests if deemed data requested is not part of the case.
Apple started storing iMessage data in the cloud for syncing. This data is normally end-to-end encrypted when on-device and in transit between users, but if a user elects to have their messages sync across devices, their history is saved to the cloud.
While that history is fully encrypted in the cloud, an encryption key is saved inside of the iCloud backup to prevent data loss. This means that if Apple decrypted the backup, pulled the key from it, then used it to open the synced messages, they could do so.
All iCloud data is managed by the user. If you deem it unnecessary or unsafe to use certain iCloud syncing or backup features, you can toggle each one. Local backup using Finder is also an option, which will let the user encrypt the backup locally, as well.
Users will be aware of their own circumstances and need to determine where they want to store data.
Remember, there is no such thing as a perfectly secure system. Convenience will always reduce overall security, so using iCloud tools can improve your life, but introduce scenarios where your data can be accessed under certain conditions.
Hardware Encryption: T2 and the Secure Enclave
The introduction of the Secure Enclave to the iPhone 5s changed things again. Not only were devices encrypted, but the keys were also stored in a chipset completely separate from the device OS.
This meant that remote attacks were rendered nearly impossible and anyone trying to get information would likely need physical access to the device to even begin a brute force attack.
For any device newer than the iPhone 5s with Touch ID, and devices with Face ID, the Secure Enclave handles all generated encryption keys. A notable exception is the iPhone 5c, which released after the iPhone 5s, and didn't have the Secure Enclave.
This was the phone used by the San Bernardino shooter, which sparked the entire encryption battle with the US government.
The Secure Enclave acts as a gatekeeper to all of your sensitive information. It holds onto encryption keys, like those used for iMessage until presented with proper authorization like a passcode or biometric.
Even the biometric data used for Face ID and Touch ID are stored using encryption, so there isn't even any record of your face or fingerprint used by the system.
MacBooks with a TouchBar have Touch ID built-in, which means a dedicated Secure Enclave as well. The first generation T1 chipset held the Secure Enclave and handled key generation just like its iOS counterpart. The T1 chipset runs completely independent of macOS and boots separately for added security.
Apple then introduced T2, which breaks away from needing Touch ID as a prerequisite and allows users to enjoy its functionality on other devices. Not only does the T2 hold the Secure Enclave, it manages FileVault encrypted storage and Secure Boot also.
Secure Boot is a very important security enhancement, which prevents illegitimate software or operating systems from loading at startup. It also prevents booting from external media, thus thwarting hackers who might attempt stealing information using alternative booting methods.
Apple versus The US Government
San Bernardino 2015 (iPhone 5c)
One of the deadliest mass shootings on record occurred in San Bernardino on December 2, 2015. There were 14 people killed and 22 seriously injured during the attack. One of the perpetrators, Syed Rizwan Farook, left behind his company iPhone, leaving investigators wanting what was inside.
February 16th, 2016 a judge ordered Apple to break into the phone's encryption using special software to be developed by Apple. The iPhone 5c in question was running iOS 9 and did not have all of the security capabilities of the more modern iPhone 6s, and had no Secure Enclave, which would have made access even more unachievable if it had.
What the judge, and ultimately the FBI, was asking for was a new iOS update that would defeat the encryption using a back-door provided to the FBI. Because of this approach, any iPhone running this OS would be vulnerable to such decryption, and the keys given to the good guys likely wouldn't stay in their hands forever.
Apple CEO Tim Cook said as much in his open letter to the US Government the next day.
Apple asserted that they had handed over all of the requested data 3 days after the shooting occurred. They even offered advice on how to force the phone to back up to the cloud, which was ignored.
It was later found out that the Apple ID associated with the iPhone was changed while in government custody, ruining any chance of a backup.
This tit-for-tat battle continued in a very public debate, and shed a lot of light on exactly how much the US Government, and more specifically FBI director of the time, James Comey, knew about technology and encryption. Damaging public exposition continued for the following month, leaving Americans to watch as their personal security was debated on a national scale.
On one side, the DA asserted that "evidence of a dormant cyber pathogen" could be found on the iPhone. The husband of a former co-worker and survivor of the shooter said the company phone "unlikely to contain useful information."
A hearing was set for March 22, so prosecutors could present and cross-examine witnesses over the encryption matter. This was supposed to be the FBI's last chance to convince Congress to force Apple's hand, but the hearing never came to pass.
On the 21st, the DOJ asked for a delay to the hearing. An "outside party had come forward with a potential unlock method that would negate the need for Apple's assistance."
Israeli firm Cellebrite was said to be helping the FBI attempt to unlock the iPhone. This raised several concerns over the tool, the government's willingness to work with foreign companies, and the taxpayer dollars spent on the hack.
On March 28th the DOJ withdrew their legal action against Apple, citing that they had successfully gained access to the device. Rumors continued to speculate that Cellebrite helped, citing a $218,000 contract the company made with the FBI on the same day of the hack.
It was never officially confirmed if the data from the terrorist's iPhone 5c was informative or useful in any way, but seeing as there's been little word about the data, it likely wasn't useful. The FBI Director did reveal, however, that the tool was useless for any phone newer than the iPhone 5c.
Thus, the battle to weaken Apple encryption continued.
In April, unnamed sources cited that the iPhone in question didn't provide actionable intel, it did however give investigators more insight into the attackers.
James Comey wouldn't rest, however, declaring the "encryption war far from over."
In December of that year, the U.S. House Judiciary Committee's Encryption Working Group issued a report. It stated "any measure that weakens encryption works against the national interest." This seemingly, finally, put the encryption debate to bed.
Sutherland Springs 2017 (iPhone SE)
A new administration and new FBI director brought new challenges to the encryption debate, which had nearly a year of quiet before being reignited. Only a few weeks before the Sutherland Springs shooting, the new FBI Director Christopher Wray made his stance clear.
"To put it mildly, this is a huge, huge problem." Wray said. "It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation."
On November 5, 2017, another tragedy wracked America as shooter Devin Kelley killed 26 people at a church in Sutherland Springs Texas. The FBI moved quickly, and made practically the same mistakes as during the San Bernardino shooting.
Reportedly, the FBI refused to seek help, took the phone from the site to a remote FBI facility, did not ask Apple for information, or perform the iCloud backup procedure defined by Apple previously. 48 hours passed and the critical window for direct help from Apple closed.
On November 9th, Texas Rangers secured warrants for files stored in the shooter's iPhone SE and served them to Apple.
For whatever reason, not even a rumor has appeared about what happened next with this case. Speculation can assume that Apple handed over what data they had, as usual, and told them that unlocking the phone was impossible.
Given that it was an older iPhone even then, the FBI likely was able to procure a way to get inside and avoided another public debate.
Outside of, or perhaps because of the Sutherland Springs case; Apple began educating law enforcement and the FBI on how to access data from iPhones, Macs, and iCloud. This wasn't a class on hacking into devices, but a basic course of understanding how to request data, handle it after receiving it, and how best to deal with devices.
Apple wasn't done with its fight however, with each new update to iOS and macOS, Apple doubled down on security and encryption protocols. The FBI Director and forensics examiner both stated similar angst towards the company at a Cyber Security Conference in January 2018.
They called Apple "jerks" and compared them to "evil geniuses" that were thwarting the good guys at every turn.
While the "good guys" kept pushing for legislation to weaken encryption, other companies were pushing for new tools that took advantage of known exploits. One such company was GrayKey, which said had a tool that could crack a six-digit passcode in 11 hours.
Companies like GrayKey and Cellebrite tend to sell their hacks for a lot of money, so regular consumers never needed to fear them much. A GrayKey box was sold for $15,000 to $30,000 usually, and Cellebrite hacks were even more expensive.
What complicates this more is that once Apple can patch an exploit used by these tools, they do, and push the patch within weeks to nearly every Apple user on the market.
Pensacola 2019 (iPhone 5 and 7 Plus) to 2020
A gunman killed three people in Pensacola, Florida while in the possession of two iPhones. The shooter, Mohammed Saeed Alshamrani, fired a bullet into one of the devices before being killed himself.
Apple handed over all of the data they had associated with the devices, but the FBI became persistent, again asking Apple to unlock iPhones.
Vocal US Attorney General William Barr made a public request to Apple, stating that they had yet to provide "substantive assistance" to law enforcement. The DOJ was determined to get into the iPhones, claiming that they may determine if the shooter had conspirators.
Barr had been vocal earlier in the year on the subject, saying there must be a way to create backdoors without weakening encryption.
Apple provided an official statement in response to the Attorney General.
"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," Apple said in the statement. "Our responses to their many requests since the attack have been timely, thorough and are ongoing."
"We responded to each request promptly, often within hours, sharing information with FBI offices in Jacksonville, Pensacola, and New York," the statement asserted. "In every instance, we responded with all of the information that we had."
"We have always maintained there is no such thing as a backdoor just for the good guys," Apple concluded. "Backdoors can also be exploited by those who threaten our national security and the data security of customers."
The letter reiterated many of the same arguments that Apple and Tim Cook had been stating for years. The President even chimed in with a tweet, telling Apple to "step up to the plate" and unlock the iPhones.
An update to the Pensacola case came on February 5th where the FBI stated they still cannot access the data on the phone. The phone was finished being reconstructed after being shot by the perpetrator, which may have something to do with the data not being accessible.
In May, the Pensacola shooter was tied to Al Qaeda using data pulled from one of the iPhones. While the shooter was in contact with the terrorist group, there was no evidence that the attack was an order.
The FBI gained access to this data with "no help from Apple," which means some third party resource was used. The FBI did not reveal which iPhone was accessed, but a comment from Secretary of Defense William Barr told us that both phones were indeed unlocked.
Apple followed up Barr's comments stating that the Justice Department made "false claims" surrounding Apple's help in the investigation.
Where encryption stands
The debate is far from over. Legislation threatens to fight customer level encryption in many countries, like in Australia. Giving a key to "the good guys" would mean an eventual leak of such a key to the bad guys too. Then all Apple security would be rendered nearly worthless.
A breach of the CIA hacking tools in 2017 made this reality all to clear, because if the CIA can't keep their tools safe, how will the government protect this backdoor?
According to a January 2020 report, Apple may have been planning to end-to-end encrypt iCloud backup data but decided not to based on FBI demands. Apple has stated publicly before, that encrypting backups might overly complicate security for users, and added that a user who loses their secret key would lose access to all of their data.
Until Apple can find a way to prevent users from losing everything from a silly mistake, it is unlikely that iCloud backups will be end-to-end encrypted.
For the over 1.5 billion Apple device users out there, things are still looking up. Device security is as strong as ever, and all but the most skilled or money lined hacker can breach that security; even then under only very specific conditions.
Set a strong passcode, utilize device biometrics, and use password managers so you can rest easy knowing your data and privacy is safe with Apple and encryption. For now.