Good Essay On Mobile Phone Technology
Mobile devices such as smartphones have increasingly become an integral part of many people’s lives. In fact, these phones have become more than simple communication gadgets. Human beings increasingly rely upon these devices as virtually a means of running their lives. These devices offer great convenience since they allow people such as employees to keep up with their work while on the move. However, this gives rise to new risks in terms of safeguarding the privacy of personal information. Mobile devices continue to become even more powerful and hence they have the capability to hold even more amounts of personal information. These devices are also small and hence, it is rather easy to lose them or have them stolen. Just like other devices, they are also vulnerable to the threat of spyware and software viruses. Compromised personal information can be used in ways that can lead to harm both financially or personally. The issue of government access to personal information is also an emotive one. Many people do not take kindly to knowing that government organizations collect and monitor their personal information. Thus, customers who take privacy considerations seriously are likely to greet Apple’s new iPhone data encryption with plenty of optimism. This is because the basis of data encryption on the phone is a complex mathematical algorithm that uses a unique code. This means that institutions such as the NSA and law enforcement agencies could find it almost impossible to decode the phone’s contents, which could severely hamper their investigative capabilities. This paper discusses the technology behind this new encryption and gives an opinion on the adoption of this new technology. It also discusses why one may not want to move from a free email service that collects data to a secure, but billable one that does not collect data. Finally, it looks at the potential benefits of Apple allowing users to make a decision on their privacy.
In the new iOS 8, Apple closes grave security vulnerability in the iPhone. The phone’s previous encryption only protected a small amount of data. Hence, Apple had the ability to bypass the security on the rest of the phone. This building of a backdoor into the system was in order to comply with legal requirements for the provision of information in order to facilitate investigations by law enforcement agencies.
In the new iOS 8, all the data on the phone is protected. Even Apple itself cannot access this encrypted data since no backdoor has been built into the system. Hence, this data is out of the reach of the government, which can only decode the data using a specific code that is only obtainable from the phone’s owner.
One of the technologies applied in this new level of encryption is password-based encryption. Ordinary password-based encryption systems take a user’s password and utilize a key derivation function in order to convert the password into an encryption key. This does not require any specialized hardware and hence, it can be implemented in software securely as long as the software is written well, and a strong password is chosen. However, people rarely choose strong passwords hence hackers can crack them using special hardware that utilizes parallelization.
One defense against this is the use of a scrypt, which is a slow key derivation function. However, even these can be bypassed using more hardware. Apple does not employ the use of scrypt. Instead, they have added a 256-bit secret key, unique to the device. This key is known as a UID. This key is stored in the phone’s hardware hence it is difficult to extract. Apple neither records nor has access to these keys. On devices with A7 chips, the key and mixing process protection occurs inside a cryptographic co-processor known as the Secure Enclave.
Apple’s Key Derivation Function tangles the UID key and the password through running them through PBKDF2-AES, and with an iteration count tuned to need approximately 80 ms on the device. The result is the passcode key, used as an anchor to secure much of the phone’s data. Only the phone itself knows the UID, and this cannot be obtained from the Secure Enclave.
Hence, any attempt to crack the password must run on the phone itself. Thus, it is not possible to use firmware to crack the passwords.
Even if a custom firmware were built to crack it, the task would take a lot of time because of the timing. Estimates range at around five and a half years if a random password, with a mix of six lowercase numbers and letters, is used.
Development of the Secure Enclave is in order to guard against exfiltration of the UID key. This key was located in the application processor in previous versions. Hence, the Secure Enclave acts as an extra protective layer even in cases where the phone is jail broken.
However, Apple controls the Secure Enclave firmware-signing key. Using this key, it may be possible to come up with a unique firmware that extracts the UID, and that potential crackers could use for running their attacks.
However, Apple may have ways of avoiding the backdoor signing key that would facilitate the extraction of the UID. One of these methods is the absence of software capable of extracting the UID. That is; the software is only capable of seeing the output encrypted with UID.
The second probability is that whereas Apple may be capable of extracting UID’s, but this is not regarded as a back door. This is because with a strong password the negation of the advantage of having the UID occurs.
The third option is the absence of firmware upgrades, but while this is inconvenient, it means law enforcement cannot unlock the phones with the aid of Apple. The final option is the existence of a nuclear option in which the Secure Enclave allows updates to the firmware but first it destroys the intermediate keys. Hence, upon requesting an update, all data on the phone at present is lost.
In my opinion, the adoption of the encryption is a good move and one that should be encouraged. I feel this way because of the increased protection that this encryption offers.
Whereas law enforcement officers may express concern about not being able to obtain information from phones, this is negated by the advantage this move brings. The backdoors built into previous security systems were a significant security risk. This is because, one cannot regulate who will use the backdoor and to what ends. Whereas police may use these backdoors, criminals such as hackers are also able to access this information. Hence, closing these backdoors ensures any potential threat is kept at bay.
Another reason for my support of this data encryption is in light of the abuses to surveillance exposed by Edward Snowden. The revelation of how the government collects information it has no authority to have only gives me greater impetus to ensure protection of my data
If I were a full time cyber-security professional, I would not prefer a paid email service to a free one. This is because, despite the fact that the free email service provider collects data, there are safeguards and laws that the providers must comply with to ensure they do not misuse this data. Secondly, the advantages of the paid email provider can still accrue to me even using a free email provider.
One of these advantages is the protection of the privacy and security of data. As a cyber-security professional, I am conversant with some methods I can use to obtain the same results and hence I would be in a position to apply them. One of these methods is ensuring the encryption of the connection between my computer and my email server. The major free email service providers all offer TSL or SSL encryption hence, having a paid email service would not necessarily be advantageous in this regard.
Another step I could take is the encryption of email content. This I can do using either symmetric or asymmetric encryption that would guarantee privacy while also not compromising usability. If I used a paid email service, I would be paying for these same advantages. The fact that I can obtain those free means I need not incur the additional expense of paying for an email.
Potential benefits of Apple allowing users to make decisions on its privacy
The first potential benefit that may arise from allowing users to decide on privacy is an increased market share. In a smartphone market separated by increasingly fine margins, the decision to put privacy decisions in consumers’ hands may prove to be a masterstroke. Consumers in the market are increasingly sensitive about privacy. This is especially true in the wake of the Snowden confessions, which exposed the government’s misuse of its right to collect data. The NSA has been collecting metadata even when this has no relationship to an ongoing investigation. Hence, the decision by Apple to allow customers to control their privacy provides relief to people who are sensitive about their private information. These could see these customers rush out to procure iPhones and hence Apple will have an increased market share and higher sales. The idea that the encryption on iOS 8 is so secure that even Apple cannot access it is a major selling point.
The other benefit of this decision accrues to the consumers, and this is improved security. To understand how the decision to allow the users to determine privacy decision will improve security, we must understand the provisions Apple has made. The company’s latest operating system, iOS8, makes use of a password based encryption system. This password is unique, and even Apple themselves have no access to the password. The aim of the removal of the backdoor that was previously existent in the system was to improve privacy for the customers. This was through ensuring that the phone’s data was only accessible with the owner’s consent. However, the elimination of this backdoor also means that the iPhone is less prone to attacks by hackers. This is because the level of encryption employed is extremely difficult to hack. The backdoor in the past had provided an easy route for hackers to obtain a phone’s contents.
The other advantage is the higher chances of recovery of a lost phone. Using applications such as Find My iPhone, the consumer is able to locate their phone on a map. Hence, this boosts the odds of the phone's traceability.
Through allowing consumers control of privacy using such technology as remote wiping, the company ensures that the phone if it is unrecoverable, does not expose the customer’s personal information. The customer can also make use of the Activation Lock application, which is a part of the iPhone privacy controls.
This application allows the customer to prevent the reactivation of the iOS device that has been misplaced or stolen. This ensures the maintenance of the integrity of data stored on the customer’s device. That is; the data on the phone will not be misused, which may be detrimental to the consumer’s welfare.
It is evident that Apple has put in place various measures all aimed at safeguarding the privacy of customer data. Apple employs different methods to do this, and these methods are mainly user oriented. The decision to allow most of the responsibility for safeguarding privacy to be in the hands of the customer has various potential benefits. These benefits accrue to both the company, and the user of the products.
Apple. (2014, 0ctober). iOS Security Guide - Apple. Retrieved April 9, 2015, from Apple: http://www.apple.com/business/docs/iOS_Security_Guide.pdf
Apple. (n.d.). We’ve given you tools to manage your privacy. Retrieved April 9, 2015, from Apple: https://www.apple.com/privacy/manage-your-privacy/
Green , M. (2014, October 4). Why can't Apple decrypt your iPhone? Retrieved April 9, 2015, from A Few Thoughts on Cryptographic Engineering: http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
Sanger, D. E., & Chen, B. X. (2014, September 27). Post-Snowden iPhone 6 draws ire of US security agencies. New York Times .