iCloud Keychain -- Will Apple hand your keys to the NSA?
Yesterday at WWDC, Apple announced iCloud Keychain. This is a password management service that utilizes Apple’s iCloud. It will allow users to sync their website login credentials, Wi-Fi passwords and credit card information across multiple devices (iOS and OS X) using 256-bit AES encryption. On the surface, it sounds like a great feature that would be very convenient for Apple users. However, the world has changed much since the PRISM scandal.
Ever since we learned that the US Government has allegedly infiltrated Apple, such a service is problematic. By storing all of your passwords with an NSA infiltrated company, you could be potentially compromising the security of all of your accounts. It could be especially bad to expose your Wi-Fi passwords as you could be compromising entire networks. While 256-bit encryption is a wonderful thing, it makes no difference if the NSA has direct non-encrypted access -- it would be understandable for users to be suspicious.
I am surprised that Apple would even announce such a service in the midst of the PRISM scandal. From a business standpoint, it would make sense to wait as you do not want to be scrutinized in the media. However, this brings up an even scarier thought -- Did the NSA push Apple to launch this service? What is the real purpose of iCloud Keychain? Convenience or spying?
Would you trust Apple with all of your passwords and credit card information? Tell me in the comments.