Apple’s commitment to customer privacy includes extreme testing of Secure Enclave chips inside a top-secret lab, reveals a new report today.
The tests include ensuring that the chips remain secure even when subjected to extreme temperatures, whether low or high …
The Independent learned about the testing through an interview with Craig Federighi, Apple’s senior vice president of software engineering.
Comprehensive testing of Secure Enclave chips is part of what has made the chip an achievement recognized by independent security experts.
It might seem unlikely that any normal phone would be subjected to this kind of beating, given the chance of their owners going through an environment that chills them to -40C or heats them to 110C. But the fear here is not normal at all. If the chips were found to be insecure under this kind of pressure, then bad actors would immediately start putting phones through it, and all the data they store could be boiled out of them.
If such a fault were found after the phones make their way to customers, there would be nothing Apple could do. Chips can’t be changed after they are in people’s hands, unlike software updates. So it looks instead to find any possible dangers in this room, tweaking and fixing to ensure the chips can cope with anything thrown at them.
Federighi rejected the accusation made by Google CEO Sundar Pichai that Apple is effectively selling privacy as a luxury good.
Federighi also addressed widespread criticism of Apple’s decision to store iCloud data in China on servers run by GCBD, a company owned by the provincial government. While the move was required by law, some felt Apple should have taken the high road and ceased to offer iCloud in China rather than give in.
“On the one hand, gratifying that other companies in [the] space over the last few months seemed to be making a lot of positive noises about caring about privacy. I think it’s a deeper issue than then, what a couple of months and a couple of press releases would make. I think you’ve got to look fundamentally at company cultures and values and business model. And those don’t change overnight.
“But we certainly seek to both set a great example for the world to show what’s possible to raise people’s expectations about what they should expect the products, whether they get them from us or from other people. And of course, we love, ultimately, to sell Apple products to everyone we possibly could certainly not just a luxury, we think a great product experience is something everyone should have. So we aspire to develop those.”
It should be noted, however, that iCloud backups of iPhones – which include a great deal of sensitive data – are not yet end-to-end encrypted. This means Apple holds encryption keys that can be used to access the data in response to law enforcement requests.
“Step one, of course, is the extent that all of our data minimisation techniques, and our keeping data on device and protecting devices from external access – all of these things mean that that data isn’t in any cloud in the first place to be accessed by anyone,” he says. By not collecting data, there is no data for officials in China or anywhere else to read or abuse, Apple claims.
What’s more, Federighi argues that because the data is encrypted, even if it was intercepted – even if someone was actually holding the disk drives that store the data itself – it couldn’t be read. Only the two users sending and receiving iMessages can read them, for example, so the fact they are sent over a Chinese server should be irrelevant if the security works. All they should be able to see is a garbled message that needs a special key to be unlocked.
The lengthy interview also addresses the San Bernardino shooting case, and more on Apple’s belief that it is setting a privacy example to the rest of the industry. It’s well worth reading.
Photo: Shutterstock
