Conjecture: Isn't Apple's private signing key already a "master key to turn 100 million locks"?
I.e. the key they use to sign software updates. With that key, someone could create malware and sign it... Apple creating the malware just saves them a step. Ergo the "target on that piece" is already pretty high value, yet Apple is able to keep it secret / prepared for contingencies (like rotating the key..)
Well, this is true for any form of authentication. If you have information you need to update, you need to have a form of authentication, and authentication data can get lost. You just need to have good routines limiting the access to this data.
This is a problem for signing software, but also things like updating their webpage and content on the App Store. All these systems need to have authentication data exist, and if lost to people with malicious intent it could be lost.
So what does this say about Apple's claim that a "master key" is too dangerous to create? Don't they already have that.. something that hackers could use to unlock iPhones? Doesn't that danger already exist? (Again this is meant as thought-provoking conjecture.)
Yes, Apple has never denied that it is possible for Apple to create a signed build of iOS with some of the security stripped out. They just point out, rightly that it is not a good idea.
It follows that this is a pretty thin layer of security.
And it seems that Apple's signing keys are well-protected high value targets. Has Apple been "able to keep it secret" ? As far as we know, yes. But we don't know everything.
I.e. the key they use to sign software updates. With that key, someone could create malware and sign it... Apple creating the malware just saves them a step. Ergo the "target on that piece" is already pretty high value, yet Apple is able to keep it secret / prepared for contingencies (like rotating the key..)
Thoughts?