Comment by jl6
1 day ago
We are told the encryption keys reside only on your device. But Apple control “your” device so they can just issue an update that causes your device to decrypt data and upload it.
1 day ago
We are told the encryption keys reside only on your device. But Apple control “your” device so they can just issue an update that causes your device to decrypt data and upload it.
Apple has already fought US government demands that they push an update that would allow the US governmrnt to break encryption on a user's device.
> In 2015 and 2016, Apple Inc. received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789. Most of these seek to compel Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones running on operating systems iOS 7 and older" in order to assist in criminal investigations and prosecutions. A few requests, however, involve phones with more extensive security protections, which Apple has no current ability to break. These orders would compel Apple to write new software that would let the government bypass these devices' security and unlock the phones.
https://www.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_...
Would just upload the keys
Presumably these keys live in a hardware security module on your phone called “secure enclave” and cannot be extracted
From the Advanced Data Protection whitepaper [0], it appears the keys are stored in the iCloud Keychain domain, so not the Secure Enclave:
> Conceptually, Advanced Data Protection is simple: All CloudKit Service keys that were generated on device and later uploaded to the available-after-authentication iCloud Hardware Security Modules (HSMs) in Apple data centers are deleted from those HSMs and instead kept entirely within the account’s iCloud Keychain protection domain. They are handled like the existing end-to-end encrypted service keys, which means Apple can no longer read or access these keys.
[0]: https://support.apple.com/guide/security/advanced-data-prote...
4 replies →
Apple can push firmware updates to the HSM just like the device. So if they really wanted they could add an operation that extracted the keys (likely by encrypting them to a key that lives in Apple's cloud).
Is this module auditable though, or is "just trust us", like everything in the Apple world?
3 replies →
Ah yes, good point.
Apple do not remotely control devices, and automatic updates are not mandatory.