“Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw.,” Katie Benner, John Markoff and Nicole Perlroth report for The New York Times.
MacDailyNews Take: The United States government has claimed it’s cracked open an iPhone. We’ve seen no proof of that fact. Show us the cafeteria tray photos that we paid for, FBI!
“But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked,” Benner, Markoff and Perlroth report. “The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.”
“‘Apple is a business, and it has to earn the trust of its customers,’ said Jay Kaplan, chief executive of the tech security company Synack and a former National Security Agency analyst. ‘It needs to be perceived as having something that can fix this vulnerability as soon as possible,'” Benner, Markoff and Perlroth report. “‘There is very little debate that it is in everyone’s best interest that Apple find out about this vulnerability and everyone should be asking why that is not the case,’ said Alex Rice, the chief technology officer at HackerOne, a security company in San Francisco that helps coordinate vulnerability disclosure for corporations.”
Read more in the full article here.
MacDailyNews Take: The Islamic terrorist’s government-issued iPhone 5C lacks a Secure Enclave. Newer iPhones may indeed be uncrackable by the FBI’s claimed undisclosed method (NAND-mirroring) via an undisclosed third-party (Cellebrite).
Again, if the feds fail to disclose, as we wrote last week:
Apple should simply buy Cellebrite and other entities like it and task these newly acquired engineers with hardening iPhone to ridiculously hack-proof levels.
Furthermore, the simple act of Apple acquiring Cellebrite will be a marketing coup as any doubts about iPhone security will be immediately erased.
Did the FBI just unleash a hacker army on Apple? – March 29, 2016
Apple declares victory in battle with FBI, but the war continues – March 29, 2016
Apple vows to increase security as FBI claims to break into terrorist’s iPhone – March 29, 2016
U.S. government drops Apple case after claiming hack of terrorist’s iPhone – March 29, 2016
Meet Cellebrite, the Israeli company reportedly cracking iPhones for the FBI – March 24, 2016