Apple’s commitment to customer privacy includes extreme testing of Secure Enclave chips inside a top-secret lab, reveals a new report today.
The tests include ensuring that the chips remain secure even when subjected to extreme temperatures, whether low or high …
The Independent learned about the testing through an interview with Craig Federighi, Apple’s senior vice president of software engineering.
The aim as the chips are being stress tested is to see if they misbehave in these kind of extreme scenarios – and, if they do, to ensure that happens in this lab rather than once they are inside the phones of users. Any kind of misbehaviour could be fatal to a device.
It might seem unlikely that any normal phone would be subjected to this kind of beating, given the chance of their owners going through an environment that chills them to -40C or heats them to 110C. But the fear here is not normal at all. If the chips were found to be insecure under this kind of pressure, then bad actors would immediately start putting phones through it, and all the data they store could be boiled out of them.
If such a fault were found after the phones make their way to customers, there would be nothing Apple could do. Chips can’t be changed after they are in people’s hands, unlike software updates. So it looks instead to find any possible dangers in this room, tweaking and fixing to ensure the chips can cope with anything thrown at them.
Comprehensive testing of Secure Enclave chips is part of what has made the chip an achievement recognized by independent security experts.
“Biometrics aren’t perfect, as the people posting clever workarounds online to supposedly secure logins would attest,” said Chris Boyd, lead malware analyst at Malwarebytes. “However, there’s been no major security scare since the introduction of Apple’s Secure Enclave – and the release of a Secure Enclave firmware decryption key for the iPhone 5S in 2017 was largely overblown.”
Federighi rejected the accusation made by Google CEO Sundar Pichai that Apple is effectively selling privacy as a luxury good.
“I don’t buy into the luxury good dig,” says Federighi, giving the impression he was genuinely surprised by the public attack.
“On the one hand, gratifying that other companies in [the] space over the last few months seemed to be making a lot of positive noises about caring about privacy. I think it’s a deeper issue than then, what a couple of months and a couple of press releases would make. I think you’ve got to look fundamentally at company cultures and values and business model. And those don’t change overnight.
“But we certainly seek to both set a great example for the world to show what’s possible to raise people’s expectations about what they should expect the products, whether they get them from us or from other people. And of course, we love, ultimately, to sell Apple products to everyone we possibly could certainly not just a luxury, we think a great product experience is something everyone should have. So we aspire to develop those.”
Federighi also addressed widespread criticism of Apple’s decision to store iCloud data in China on servers run by GCBD, a company owned by the provincial government. While the move was required by law, some felt Apple should have taken the high road and ceased to offer iCloud in China rather than give in.
Federighi says that the location data is stored in matters [where the location] matters less when the amount of information collected is minimised, and any that is stored is in ways that stop people from prying into it.
“Step one, of course, is the extent that all of our data minimisation techniques, and our keeping data on device and protecting devices from external access – all of these things mean that that data isn’t in any cloud in the first place to be accessed by anyone,” he says. By not collecting data, there is no data for officials in China or anywhere else to read or abuse, Apple claims.
What’s more, Federighi argues that because the data is encrypted, even if it was intercepted – even if someone was actually holding the disk drives that store the data itself – it couldn’t be read. Only the two users sending and receiving iMessages can read them, for example, so the fact they are sent over a Chinese server should be irrelevant if the security works. All they should be able to see is a garbled message that needs a special key to be unlocked.
It should be noted, however, that iCloud backups of iPhones – which include a great deal of sensitive data – are not yet end-to-end encrypted. This means Apple holds encryption keys that can be used to access the data in response to law enforcement requests.
The lengthy interview also addresses the San Bernardino shooting case, and more on Apple’s belief that it is setting a privacy example to the rest of the industry. It’s well worth reading.