Apple has a secret security facility devoted to stress-testing iPhone components

Posted:
in General Discussion edited May 2019
Future iPhone processors and other chips are subjected to temperature changes from -40C to 110C in order to check their vulnerability to attack.

A worker inside one of Apple's testing facilities. (Photo: Brooks Kraft/Apple)
A worker inside one of Apple's testing facilities. (Photo: Brooks Kraft/Apple)


Apple has allowed journalists to see selected parts of a secret facility that it uses to help make processors and other components more secure against possible attacks. The facility is based somewhere near Apple Park and continually tests hundreds of components, all made for future Apple products, by first subjecting them to extreme temperature changes.

"The aim is to see if [the chips] misbehave in these kind of extreme scenarios," writes Andrew Griffin in the UK's The Independent newspaper.

"It might seem unlikely that any normal phone would be subjected to this kind of beating, given the chance of their owners going through an environment that chills them to -40C or heats them to 110C," continues the report. "But the fear here is not normal at all. If the chips were found to be insecure under this kind of pressure, then bad actors would immediately start putting phones through it, and all the data they store could be boiled out of them."

Using results from this facility, Apple refines processors to make them safer. The Independent says that the processors being tested today may be several years away from market. "There are notes indicating what chips they are," it says, "but there are little stickers placed on top of them to stop us reading them."

The Independent reports few details from its journalist's visit to the plant, but Griffin did speak at length about security with Apple's Craig Federighi.

"We know that there are plenty of highly motivated attackers who want... to break into these valuable stores of information on our devices," Federighi said.

"I can tell you that privacy considerations are at the beginning of the process, not the end," continued Federighi. "When we talk about building the product, among the first questions that come out is: how are we going to manage this customer data?"

Craig Federighi during an Apple presentation
Craig Federighi during an Apple presentation


Federighi emphasized that Apple's focus on security for its users is not solely about personal data.

"If I'm a worker at a power plant," Federighi said, "I might have access to a system that has a very high consequence. The protection and security of those devices is actually really critical to public safety."

The Independent pressed Federighi to explain how Apple can claim to provide privacy if it then bows to pressure from the Chinese government to have a state-owned company run Apple's local iCloud datacenter.

"Step one, of course, is the extent that all of our data minimization techniques, and our keeping data on device and protecting devices from external access, all of these things mean that data isn't in any cloud in the first place to be accessed by anyone," he replied.

Comments

  • Reply 1 of 11
    frantisekfrantisek Posts: 756member
    This the way Apple works. Not can we do that? But cane we do that without sacrificing safety/privacy. And it is difficult to explain to people that willingly use apps which purpose is to acquire data to be monetized that privacy and safety in this way is valuable asset.
    edited May 2019 GeorgeBMacSoli
  • Reply 2 of 11
    racerhomie3racerhomie3 Posts: 1,264member
    frantisek said:
    This the way Apple works. Not can we do that? But cane we do that without sacrificing safety/privacy. And it is difficult to explain to people that use apps which purpose is to acquire data to by monetized that privacy and safety in this way is valuable asset.
    It’s called 3rd party apps for a reason.
  • Reply 3 of 11
    MplsPMplsP Posts: 3,911member
    Here in Minneapolis we have actually reached -40° in the past, so it’s definitely not outside the realm of possibility! IME, when my iPhone gets cold, the battery quits working and it shuts off. It seems to work fine when plugged in in the car, though. 

    I seems odd that extreme temperatures would cause a malfunction that would allow the chip to function well enough to operate yet compromise security, but I guess that’s the point of these tests, to find unexpected glitches. I honestly am not surprised by this report - it’s what I expect of Apple, but it’s reassuring, nonetheless. Not sure why it has to be so secret, though. 
    watto_cobra
  • Reply 4 of 11
    GeorgeBMacGeorgeBMac Posts: 11,421member
    MplsP said:
    Here in Minneapolis we have actually reached -40° in the past, so it’s definitely not outside the realm of possibility! IME, when my iPhone gets cold, the battery quits working and it shuts off. It seems to work fine when plugged in in the car, though. 

    I seems odd that extreme temperatures would cause a malfunction that would allow the chip to function well enough to operate yet compromise security, but I guess that’s the point of these tests, to find unexpected glitches. I honestly am not surprised by this report - it’s what I expect of Apple, but it’s reassuring, nonetheless. Not sure why it has to be so secret, though. 
    Weirdly -40C is also -40F.   So yeh, I agree that's within the realm of possibility.  But it may be irrelevant because, once a phone reaches that temperature it's battery would likely be effectively dead anyway.

    I thought -40C was much colder till I checked.   I guess I'm used to the higher temperatures.   For instance 110C is 230F.
    frantisek
  • Reply 5 of 11
    1st1st Posts: 443member
    Good for Apple, std range most of semi are -20 to +80 C, with limited extreme -40 to 125 C.  Good to know apple treat extreme condition as norm and possibly have industrial muscle to pull it out from vendor.   
    watto_cobra
  • Reply 6 of 11
    frantisekfrantisek Posts: 756member
    MplsP said:
    ......- it’s what I expect of Apple, but it’s reassuring, nonetheless. Not sure why it has to be so secret, though. 
    Because: The Independent says that the processors being tested today may be several years away from market.
    watto_cobra
  • Reply 7 of 11
    Sounds like Apple using 4-corner or 8-corner testing to make sure their chips vulnerable to cold boot hacks.
    watto_cobra
  • Reply 8 of 11
    SoliSoli Posts: 10,035member
    MplsP said:
    Here in Minneapolis we have actually reached -40° in the past, so it’s definitely not outside the realm of possibility! IME, when my iPhone gets cold, the battery quits working and it shuts off. It seems to work fine when plugged in in the car, though. 

    I seems odd that extreme temperatures would cause a malfunction that would allow the chip to function well enough to operate yet compromise security, but I guess that’s the point of these tests, to find unexpected glitches. I honestly am not surprised by this report - it’s what I expect of Apple, but it’s reassuring, nonetheless. Not sure why it has to be so secret, though. 
    Weirdly -40C is also -40F.   So yeh, I agree that's within the realm of possibility.  But it may be irrelevant because, once a phone reaches that temperature it's battery would likely be effectively dead anyway.
    You're confusing a standard device setup v one used in a way to steal its data. A battery wouldn't have to be connected if they were exposing the RAM, CPU, parts of the SoC, SSD or another chips to extreme heat or cold to subvert security… as the article clearly stated.

    As noted by 1STnTENDERBITS:
    edited May 2019 watto_cobra
  • Reply 9 of 11
    22july201322july2013 Posts: 3,564member
    This is the internet so I have the right to my critical opinion. This reminds me of the bygone days when Henry Ford tested his new cars by personally taking a sledgehammer and wrecking one. I'd rather see Apple do something more methodical - something called Single Fault Analysis (SFA). An engineer does tests on paper to see if a single fault of a single wire, chip or component can cause the device to fail in an insecure way. Testing is to SFA what a random-route robot vacuum cleaner is to a route-planning robot vacuum cleaner. They certainly do SFA for airplanes and spacecraft. (I've seen SFA reports for less important things than those.) It would be nice if Apple did this for phones, considering how important Apple itself claims phones are for your security. I wouldn't expect Apple to do SFA on the internals of chips it doesn't control. E.g., Intel could be doing it for their CPUs: that means every one of the billion transistors has to be tested (on paper) to see if its failure would result in an insecure product. Such tests are usually done by human logic rather than by any physical testing. P.S. SFA can even be done on software, but that's asking a bit much for 1.21 Jigabytes of software.
    edited May 2019
  • Reply 10 of 11
    MplsP said:
    I seems odd that extreme temperatures would cause a malfunction that would allow the chip to function well enough to operate yet compromise security, but I guess that’s the point of these tests, to find unexpected glitches. I honestly am not surprised by this report - it’s what I expect of Apple, but it’s reassuring, nonetheless. Not sure why it has to be so secret, though. 
    Electrical and conductive properties of materials change with the temperature.  It's not outside the realm of possibility that one or more of those changes could affect some piece of the security hardware in such a way as to leave the system open or compromised in some way.
    watto_cobra
  • Reply 11 of 11
    JWSCJWSC Posts: 1,203member
    This is the internet so I have the right to my critical opinion. This reminds me of the bygone days when Henry Ford tested his new cars by personally taking a sledgehammer and wrecking one. I'd rather see Apple do something more methodical - something called Single Fault Analysis (SFA). An engineer does tests on paper to see if a single fault of a single wire, chip or component can cause the device to fail in an insecure way. Testing is to SFA what a random-route robot vacuum cleaner is to a route-planning robot vacuum cleaner. They certainly do SFA for airplanes and spacecraft. (I've seen SFA reports for less important things than those.) It would be nice if Apple did this for phones, considering how important Apple itself claims phones are for your security. I wouldn't expect Apple to do SFA on the internals of chips it doesn't control. E.g., Intel could be doing it for their CPUs: that means every one of the billion transistors has to be tested (on paper) to see if its failure would result in an insecure product. Such tests are usually done by human logic rather than by any physical testing. P.S. SFA can even be done on software, but that's asking a bit much for 1.21 Jigabytes of software.
    I imagine the fault tree of an iPhone could have thousands of potential fault elements.  Frequently, it is multiple concurrent faults that can have unpredictable outcomes.  Most of these fault elements can be tested for by modeling, simulation, and analysis.  But a subset will always require physical testing.  For software, oh don’t even go there.  It’s an impossible task to capture every single fault let alone test for it.
    watto_cobra
Sign In or Register to comment.