Hacker News new | ask | show | jobs
by jesseendahl 339 days ago
This is not just encryption in transit or simplistic client-side encryption.

It is end-to-end encryption, where each device's key generation is handled by your phone's Secure Enclave.

This article is a decent starting point in terms of what Advanced Data Protection is:

https://support.apple.com/en-us/102651

If you want a deeper dive into the security engineering of iCloud Keychain, the second half of this Blackhat talk by Apple's head of Security Engineering & Architecture (SEAR) is really great:

Synchronizing secrets: https://youtu.be/BLGFriOKz6U?si=cY94TYo28bRj4G7y&t=1357
2 comments
ath92 339 days ago
Does all of that matter if an attacker has access to your device and can take screenshots of your conversations, or read those conversations out of memory in their unencrypted state?
link
jesseendahl 339 days ago
No it doesn't — that's a totally different threat model.

Advanced Data Protection is mostly concerned with protecting data from attackers on the server and in transit.

If you're interested in protections when an attacker has physical access to your device, you should read the "Encryption and Data Protection" section of Apple's Platform Security Guide.

Web: https://support.apple.com/guide/security/welcome/web

PDF: https://help.apple.com/pdf/security/en_US/apple-platform-sec...

link
teleforce 339 days ago
In computer security if an adversary is having an unlimited physical access to hardware, it is considered a game over.
link
BobaFloutist 339 days ago
The difference is that if the NSA has physical access to my phone, I'm probably aware of it. It makes routine fishing expeditions across broad populations much harder and more expensive, as well as easier to oppose.

If they can fish remotely and automatically, accountability goes completely out the window.

link
heavyset_go 339 days ago
I'm aware of what E2EE is, all the encryption in the world does not matter if either end of the conversation is confiscated or pwned by adversaries.
link
jesseendahl 339 days ago
>all the encryption in the world does not matter if either end of the conversation is confiscated or pwned by adversaries.

Yes of course, but it's not so simple to bypass the hardware-enforced protections that exist both device side and server side. As far as I can tell, it seems effort was made to design/architect everything in such a way such that the protections can't be retroactively circumvented even under legal compulsion.

Disclosure: I previously worked for Apple, but not on the design/implementation of any of this stuff and this is all my own opinions, not those of Apple.

link