Pradip Schmidt, who is a professor of computer science at the University of Bern in Switzerland, is convinced that Apple’s new OS will be able to play fair when it comes to data on customers’ phones. Schmidt thinks that a “more sophisticated encryption function can be built into iOS to be more reliable and prevent someone in possession of an encrypted phone from accessing those personal data stored on the phone.” He says that he understands that encryption can be used to mask customer data without compromising its privacy.
Apple has long used different encryption schemes to conceal or hide customer data, such as Secure Enclave. But these schemes have become more and more vulnerable to attacks by hackers, with one particular attack using a variant of the same encryption that is used on the iPhone. According to security consultants Fidelis, another popular encryption technique called “hashing” can also be used to hide customer information from hackers.
A new feature in iOS 8 that replaces Secure Enclave allows data to be stored without the need to use Apple’s “pre-defined keys” under the name Secure Enclave. “Secure Enclave can be set to a key (called AES) that is less vulnerable to attack from a simple decryption attack,” says Apple in a security note obtained by Forbes.
In an email exchange with Ars, Steve Jobs, Apple’s co-founder and CEO, refused to comment on what features might be included in iOS 8 when it becomes available next month. Apple declined to comment on what encryption features might be added to iOS 8. Schmidt is not convinced that Apple will be able to get around Apple’s encryption requirements because it appears to use so many different encryption layers. “I’m sure it will use whatever method best prevents it from being detected. I think it does it the wrong way,” Schmidt said. “It’s going to end up hiding data on more phones that it’s going to try to hide.”
Apple might also have to work to patch all the different versions of its operating system that operate on various smartphones. “They haven’t tested all their devices so far at Apple Worldwide,” according to Schmidt. He says that if such a feature was developed and released in a reasonable timeframe it’s likely that it wouldn’t require patching but would simply require a new version of iOS or a new iOS version to update.