Monday’s Technology Review carries a glowing tribute to Apple iPhone security according to its author, Simson Garfinkel, a contributing editor who works in computer forensics and is highly regarded as a leader in digital forensics. He says Apple has passed a threshold “Today the Apple iPhone 4S and iPad 3 are trustworthy mobile computing systems that can be used for mobile payments, e-commerce, and the delivery of high-quality paid programming,” thanks to Apple’s heavy investment in iPhone security. That is where “threshold” comes in. Apple has crossed it. Even law enforcement cannot perform forensic examinations of Apple devices seized from criminals, he said.
iPhone has a security architecture that is so sturdy and so tightly woven into its hardware and software that it is easy for consumers to use encryption on their phones and difficult for someone else to steal the encrypted information, he stated.
The key to Apple’s security architecture strengths is the Advanced Encryption Standard algorithm (AES), a data-scrambling system adopted as a U.S.government standard in 2001. After over ten years of exhaustive analysis, he said, AES is still widely regarded as unbreakable.
(In August last year, AES was cracked, by a team of researchers from Microsoft, Research, KU Leuven and ENS Paris. It was a theoretical, or “academic” crack, with no practical implications. Despite being four times easier than other methods, the number of steps required to crack AES-128 was an 8 followed by 37 zeroes, said one of the team members.”To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key,” the Leuven University researcher added. Still, their attack unsettled some assumptions about AES.)