“When federal prosecutors announced Monday that an outside party had come forward with a technique that might unlock the iPhone used by San Bernardino terrorist Syed Rizwan Farook without Apple’s cooperation, the tech giant could have reason to view it as a major victory — and a major risk,” David Pierson reports for The Los Angeles Times. “What would be worse for a company that has insisted privacy is core to its identity — and whose marquee device is among the safest on the market? Caving to government pressure and writing its own decryption software, or conceding its phones are not as secure as some believed [?]”
“Apple, civil liberty groups and digital privacy advocates say the first option would be far more damaging,” Pierson reports. “Attorneys for Apple, speaking on the condition that they not be named or directly quoted, said the company has never claimed its software is unbreakable. They said combating hackers and criminals requires constant diligence and that the potential of a third-party hack underscores how difficult the company’s job is.”
Pierson reports, “The company is already reportedly working on even tougher security tools for its products and software.”
Read more in the full article here.
MacDailyNews Take: Hacks are good for responsible companies because they result in stronger operating systems.
It also doesn’t hurt Apple that the alternatives available on the market are absolute security nightmares.
SEE ALSO:
Millions of Android phones open to ‘permanent device compromise’ attack – March 23, 2016
Android malware hits Aussie bank customers, iOS users unaffected – March 10, 2016
Android malware steals one-time passcodes, a crucial defense for online banking – January 14, 2016
New Android malware is so bad, you’d better off buying a new phone – November 6, 2015
Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
Something is only unshakeable until it is hacked, but just because something might eventually be hacked doesn’t mean you don’t keep trying to improve the security. More importantly it definitely doesn’t mean you purposely weaken the security to make it easier to get through.
So long as the hack is difficult to do, requires specialist equipment and a great deal of patience, Apple will have nothing to fear as it will only be used when it really must be used.
On the other hand and unlocking tool loaded into a laptop and entrusted to the FBI would be a nightmare.
It seems to me that a modified OS has a lot more chance of escaping into the wild and being adapted to installation remotely than a solution which requires possession of my iPhone. If the FBI has figured out a way into the iPhone, they aren’t going to sell it to China. I’d bed the Chinese government is working on the same problem and they aren’t the “outside party” that offered to help the FBI.
The GovOS option would be the nightmare scenario because it would be naive in the extreme to believe that it would not get widely circulated, partly because it would be easy to duplicate.
If the reports turn out to be true that the hack is being performed by an Israeli firm, then they could be free to sell their services to any government and I would imagine that any technically advanced country would be able to do this procedure too, given enough time to develop the precise technique.
It seems to me that this is going to be a way to gather clues rather than to gather evidence that can be used in court. The practice of making modified copies of evidence before analysing it is going to be pulled apart by the defence legal team.
I really wish Apple had decided to call it fbiOS.
Any flaw that allows iOS to be hacked should raise some concern. If a criminal enterprise thought the reward for accessing the personal data of millions of people more enticing that the effort to retrieve it anyone is at risk. Criminals are not necessarily stupid and lazy, some are highly intelligent and determined.
If the FBI does find a hack they will be just “no comment.” And if they do not find a way, “no comment” will be be used to imply they did.
The Feds won’t have to go into excruciating detail how they hack digital devices (these methods will be classified), but it is certain the Feds will have to supplement these data with other corroberative evidence. The Feds cannot make up a story, this would be perjury.
And nothing the FBI does on iPHones will likely halp anything to do with “burners” which the EU ISIS terrorists used!
Of course the FBI has ways into burner phones, but the fact that burner phones get used only for a day or a week means that the real bad guys are ahead of the intelligence services and nothing will change it unless all governments ban burner phones.
I’ld love to see the detailed debate on this.
“Hacks are good for responsible companies because they result in stronger operating systems.”
But not for a irresponsible government. The government should never mention the security of a Apple iPhone again. Big Brother should not want anyone to know whether they hack in or not so no one knows what their capabilities are. But the fb1 will try to get a jab in or go back against Apple; they have no idea of the big picture involving security and privacy.
Real terrorists use burner phones, not expensive phones. At least that was the report out of Brussels last week when the authorities were hunting for the Paris attacker.
This was the biggest and most unforgivable mistake the FBI made. They went public without talking to the other agencies first or thinking through the consequences of a public discussion.
These amateurs need early retirement.
🌟🌟🌟🌟🌟
It wasn’t founded in logic. The White House Chief of Staff got his panties in a bunch when earlier this year Tim Cook said “I think there has been a lack of leadership in the White House on this.”
The guy snapped, ended the meeting, and not long after came this. Petty, vindictive and juvenile. While that may well be the way government actually works, it’s exactly the opposite of how it’s supposed to. Shameful.
Farook used burner phones too and destroyed them prior to the attack, which pretty well guarantees that the FBI won’t find anything important on this iPhone.
Real terrorists? The San Bernardino killers where not real terrorists because they had an iPhone? How stupid are you?
Some people are talking as if every iPhone is now instantly hackable. I’m guessing that if it is some sort of NAND mirroring it will only work on non secure enclave phones and they obviously need physical access to the phone along with plenty of time, money and expertise.
From what I’ve seen, this third-party solution requires physical possession of the phone. If that’s the case, then it’s considerably more likely that appropriate warrant procedures have been followed. I don’t have nearly the problem with that solution. It’s the FBI skeleton key that’s scary. That’s only a step away from forcing vulnerable software onto every phone.
All (security) bets are off when the attacker has physical control of the device. If someone walked out of my server room with a box I’d be looking at all mitigation strategies related to what *could* be compromised.
If that someone was a gov’t entity…
This is tell tale comment:
“This confrontation between Apple and the government is going to affect businesses the same way [NSA leaker] Edward Snowden affected businesses,” said Daniel Castro, vice president of the Information Technology and Innovation Foundation. “It’s going to force them to take a close look at their vulnerabilities. Apple will invest more in security, and other companies will too.””
It’s tell tale because it says nothing as to how this particular government does its business and how this sort of business as Snowden described shows a total disregard towards others. Yes, there are now people above the law that have it in their own hands.
A sure sign of a crumbling empire.
Roadkill, I don’t mind you’re comments when they stick to the specific subject at hand. But your continued diatribe against the “evil” US Government is churlish and tiresome. Yea, the US Government has done some really dumb things. Iraq #2 – major F@#& up on many levels. No argument.
But when you ignore all the crap that goes on routinely in the rest of the world to focus on the US exclusively it comes across as being unbalanced, lacking context, and absent critical thinking skills. Your focus on the evils of the US is almost pathological.
You demonize the US national security apparatus as if everyone who works in that role is evil. By and large, these are good people who are very much trying to prevent their own citizens, as well as citizens of other nations, from being killed by dumb-ass whacky brain assholes who are stupid enough to believe they’re doing God’s work by slaughtering as many non-believers as possible. (Surely, they’re going to hell, if there is any such place. And there’ll be no virgins boys!)
You ignore the fact that the rest of the world goes on spying and in many cases has far more invasive surveillance than the US. They just don’t talk about it much, which is smart. Why weren’t the Germans and the French more upset with the revelation about the US wiretapping their leadership? Because they ALL do it!
Less vitriol and more balance please.
Apologies to everyone else. Go Apple!
This whole saga of a special spooks iOS version leads me to think of a future James Bond movie where all the Spooks are chasing around in fast boats, top of the range cars with fast women, trying to locate the spooks iOS version that has escaped into the wild; only problem, there are now over 2 billion iPhones that could contain this rogue iOS, so how to identify the villain?
Of course, Apple inc. would simply use a special version of Find my iPhone to find the rogue iOS and shut it down!!
You couldn’t make this stuff up if you tried!!
I could not make it up as well as you did !-)
e
__________________________________________
1959 Li 125 Series I w/200CC stage 4 tuned, 32mm carb, electronic ignition, halogen and LED lighting, etc…
wot hav u?
I would think there’s a big difference between remote hacking and having the physical iPhone device in your hand to hack. Same with Macs.
Not a failure of security even if hackable as most hackers aren’t willing to spend lots of cash and time on one iPhone. Law enforcement on a terrorist or otherwise quest however will happily do that.
Isn’t that really the best way? It would have to be worth it for government to go through the effort.
Interesting change of position. Most Apple fanatics have spend decades bragging about their security, despite the fact that regular Apple security updates just keep coming. Apple went public with iOS9 claiming their OS was secure and private, and now we find that it has chinks in its armor that a 3rd party could hack. The Apple fanboy club says “no big deal, you would need physical access”. That ignores the fact that most Apple products are portable today and regularly lost or stolen. So you speculate that hackers would need special skills and training to gain access to your lost iPhone. Here’s where that argument breaks down: the common thread at MDN since this story broke was that as soon as a back door was created, it would be released to the wild and every hacker would have access. So apply the same argument to iOS 9.2.x today. Some 3rd party company has found a way in — don’t you now automatically assume that every hacker on the planet now has that capability?
Bottom line: terrorism is such a big deal in the world today that no amount of cost or inconvenience is going to stop global security agencies from sniffing around for data. What is needed is legislative reform that stops mass data gathering and clarifies exactly what services a cell phone manufacturer must provide to law enforcement authorities. As it stands today, it’s very unlikely that Congress would allow a company to create warrant-free data archives of any kind, whether on phone or in cloud. Knowing that Google essentially owns all the congressional pawns in WA-DC, Apple needs to be much better prepared on this matter. Apple needs to give users the ultimate control over VPN and encryption. If Apple automates data transfer and encryption, then it’s leaving itself liable for any data access that law enforcement may want in the future.
Computers of all platforms are always in the process of writing new code and then debugging that code for efficiency and security. I wouldn’t every hacker would have the information to hack devices the government would no doubt keep secret. Not that many phones are physically stolen and when they were it was for reselling hot merchandise. Apple makes that much harder now. It’s super doubtful thieves would take the time if the procedure was time intensive (and even worked). I agree rules of conduct need to be decided on by Congress and tell law enforcement agencies what they can and cannot do.
Thanks JWSC you make a valid point but I don’t think I ignore all the crap that routinely goes on with the rest of the world. In fact I made a very global comment yesterday in my opinion under the title of “Stocks edge higher in cautious trading after Islamic terrorist attacks in Brussels.”
You think my diatribe is tiresome? Gee then pray tell what do you think of MDN’s constant and redundant posting of that photo of a nuclear atomic bomb going off that shows nearly every time an article with a certain name comes up. It’s a constant reminder of at least 129,000 people that died in the two explosions of Hiroshima and Nagasaki. I think that’s way more pathological that what I have to say.
So on the one side I have a diatribe, which is a focus on the evils of one particular nation yet I’ve written here a variety of posts that have nothing to do with that. Stock response, dance with trolls, Jay Morrison, Zune Thang, and a diverse number of topics. Sometimes I don’t even mention the lovely and tell tale Guantanamo on the Bay.
I don’t demonize that country, it’s doing a fine job in it’s own, and yes I realize that there are a great number of good people there, in fact I’m hopeful that one day that they will wake up and realize that torture is not a characteristic of a modern day civilized nation.
I simply am including this nation in the group of dumb-ass whacky brain assholes as you call them, except that this nation should and does know better. They are certainly not a good role model and unfortunately as you point out they give way to other governments to do the same. Spying has been around for a long time and yes there are a lot that actively do it. Torture, while also around for a long time is a different kettle of fish, there is a sweeping international rejection of most if not all aspects of the practice. I’d sure hope that France and Germany doesn’t descend into that quagmire and so far I don’t think they do.
I’m just pointing out the vitriol that emanates from that nation….constantly. If and when that nation comes to its senses I’ll be happy to give my support to that nation as I have in the past.
In the recent debate of the FBI and Apple, I’ve been impressed by the post of the MDN community and I’m a go Apple person. I think I’ve made some quite balanced comments in that regards, and have enjoyed reading the insights offered here.
I’m very supportive of MDN for 95% of the topics and slants that they have. I’ve never posted about their nuclear bomb photo because I’d have some real vitriol to unleash if that topic were open to me because that’s a source of real pathological vitriol.
So your point is taken. You want to nourish different commentary, then nurture the posts I make that are devoid of the topic I bring up often. Or don’t read my commentary. Plus extending the common courtesy of using my proper handle would be a show that you are looking for some intelligent discourse. I mean you say am vitriolic after you call me Road Kill? Uh huh, right yet, let me give you a nod on that diplomatic move.
I was following you there and agreed with some of what you said especially about torture – until you mentioned Hiroshima and Nagasaki. OMG!!! I’ve got a cousin like you in the UK. Wait! Is that you? OK. Everyone else ignore the rest of this post. Except you cous.
—
So let’s talk about Hiroshima and Nagasaki. The civilian deaths of Hiroshima and Nagasaki, which I’m sure you’re upset about, were but one facet of a very large and very bloody war in which over 60 million people were killed.
Go read about the Rape of Nanking, the Bataan Death March or how the Japanese treated POWs – military and civilian alike. There’s a long list of massacre after massacre after massacre, mostly against civilians. My wife is from that part of the world and her family suffered directly under the Japanese occupation. Civilians were involved in that war from the get-go and it was the Japanese, and not anyone else, who made it so.
The atomic bombs, horrible as they were, shortened the war and saved lives. If the Americans had been forced into a land invasion it is widely believed that much of the Japanese civilian population would have fought and perished along with additional American lives lost. Most reasonable people who have looked at the numbers acknowledge this to be a likely outcome. To ignore the human costs of a land invasion is to stick one’s head in the sand and enter fantasyland.
Furthermore, the American leadership did not take this decision lightly. They had to weigh all the facts and all the possible outcomes, including the human cost of a land invasion. It was one of the hardest decisions they ever had to make. Their decision, upsetting as it might be to you some 70 years after the fact, reduced the overall number of dead by the end of the war. How anyone can claim the moral high ground yet argue against a choice that spared more lives is beyond me.
Finally, you have to look at it from the context of the time. Except for a core group of scientists, no one really understood the effects of radiation, let alone its long term effects which no one understood back then. You’re trying to place the moral values of today, where we have much better information and where we are not in a desperate fight for our lives, on those American leaders back then. It’s utterly preposterous! The cost of blood and treasure had been staggering and the bomb was seen as a way to end the carnage once and for all. And it did.
If Hiroshima and Nagasaki are your prime beefs with America, I don’t know how to have a reasonable conversation with you. Your worldview is that of a naive and petulant child. Sorry, but we don’t have common ground here.