Today I read a blog post about why Apple technically can't do it, and another about why they can. Both seemed equally convincing/confusing.
Conversation
they can absolutely do it, but it would require creating a hostile OS update and signing it with their privileged key
3
5
12
on 6-and-up devices too? I definitely read an article that said "nope" (also, I still don't get what that "key" is)
1
1
on 6-and-up the enclave enforces timing, but its software can be updated too if you can prove you’re apple (that’s what the key does)
1
5
7
it's possible that the timing rules are implemented in a way which cannot be updated (white paper doesn't say), but unlikely
1
3
4
Thanks! This is helping. Next q: can you force a locked iPhone to update its OS?
2
1
yes, if you're apple (ie. have their crypto keys). sometimes people finds a hole in this (jailbreak). none publicly known in enclave.
2
3
4
Ok that first part broke my understanding of encryption again. So Apple ALREADY has the metaphorical "master key"…?
1
1
they can update the system software, but the user data on the phone is encrypted with a key the phone does not have.
2
6
what's to stop Gov from just asking for the key Apple uses to sign updates. So gov could create OS updates...
1
Replying to