Tim Cook had also explained during an interview with ABC News last month that if the iCloud password on Farook’s iPhone wasn’t reset, the device could have performed an automatic backup when connected to a recognized Wi-Fi network, and Apple could have granted access to that backup.
As Walt Mossberg of The Verge pointed out few days back, that’s because iCloud backups aren’t as secure as they aren’t encrypted the same way as data on your iOS device. Unlike the backups on your device, iCloud backups aren’t encrypted with the passcode. So Apple has the ability to decrypt them if required.
But Apple seems to have addressed the loophole in iOS 9.3. Reddit user vista980622 reports that if you’ve two-step authentication enabled then Apple has started encrypting iCloud backups with passcode as well in the latest iOS 9.3 beta.
As you can see from the screenshot, iOS will prompt you to enter the passcode if you try to restore from an encrypted iCloud Backup. It gives you an error message informing you that “Access to the account is protected by the passcode”. The error message also goes on to clarify “the passcode is encrypted and cannot be read by Apple.”
There were rumors that Apple was working on stronger iCloud backup encryption, but I didn’t expect it to be rolled out so soon. Apple seems to have added the iCloud passcode encryption in either beta 5 and beta 6.
Apple is widely expected to release iOS 9.3 just after its ‘Let us loop you in’ event on Monday, March 21. In addition to the iCloud passcode encryption, iOS 9.3 also includes new features and improvements such as Night Shift mode, ability to protect notes with a password or Touch ID, revamped News app, support for Apple Music in CarPlay, information about the data usage while using Wi-Fi assist, updated Health app and lots more.
Apple seems to have timed the release perfectly, as on Tuesday, March 22, Apple will head into court for the first major hearing in its battle with the FBI over the unlocking of the San Bernardino shooter’s iPhone 5c.