A hacker just proved that Apple was right to worry about creating a backdoor to the iPhone

“Last year, when the F.B.I procured a court order forcing Apple to unlock an iPhone belonging to one of the San Bernardino shooters, C.E.O. Tim Cook refused, sparking a months-long battle between the tech behemoth and the federal government,” Maya Kosoff writes for Vanity Fair.

“Building a back-door would set a ‘dangerous precedent’ and compromise the security of the iPhone, Cook argued in a public letter,” Kosoff writes. “After a tense showdown, the F.B.I. withdrew its case when it reportedly found another way to break into the iPhone: a private Israeli security firm called Cellebrite, which specializes in data extraction and had teamed up with the F.B.I. before. Cellebrite has received more than $2 million in purchase orders from the F.B.I. over the past four years.”

“Now, it appears Cook may have been right to worry about the iPhone’s security,” Kosoff writes. “A new report from Motherboard says Cellebrite has been hacked, and its data—including highly confidential customer information, databases, and technical details about Cellebrite’s products—has been stolen. The same technology built by Cellebrite to allow the F.B.I. to unlock iPhones could now be sold to the highest bidder.”

Read more in the full article here.

MacDailyNews Take: Again, encryption is binary; it’s either on or off.

You cannot have both. You either have privacy via full encryption or you don’t by forcing back doors upon Apple. It’s all or nothing.

There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys. — Apple CEO Tim Cook

Without strong encryption (meaning no back doors), U.S. companies’ tech products would be eschewed around the world.

Apple CEO Tim Cook touts encryption at Senator Orrin Hatch’s Utah Tech Tour – October 3, 2016
Feckless FBI unable to unlock iPhone, even with a ‘fingerprint unlock warrant’ – May 12, 2016
FBI’s Comey says agency paid more than $1 million to access San Bernadino iPhone – April 21, 2016
Nothing significant found on San Bernardino’s terrorist’s iPhone – April 14, 2016
FBI director confirms hack only works on older iPhones that lack Apple’s Secure Enclave – April 7, 2016
Apple responds to FBI: ‘This case should have never been brought’ – March 29, 2016


    1. Bravo! You triggered the mouth breathing idiots with no sense of humour, who can’t tell you’re poking fun even with a wink at the end. They have fallen into the “sarchasm”

  1. Too bad there wasn’t a ban on the Cellebrite technology for countries where basic freedoms are regularly quashed and where there is a systematic abuse of technology to suppress others, otherwise the FIB would still be trying to be obtain the data or may Tim Cook would be getting ready for an all expense paid trip at the luxurious Guantanamotrumpo on the Bay Resort.

  2. One would think that any data forensics company that has proprietary, system critical information and systems would keep those systems physically disconnected from the outside except when those systems need to connect to preform a function, and then have those temporary connections tightly monitored for the duration to ensure they were not being attached. But what do I know. Some jobs are just too sensitive to work from home.

    1. Yep.

      Ever since I heard of the first hack into a high-profile, critical system, I wondered why such a system was even connected to the outside world in any fashion. The FBI, the CIA, the Pentagon, various critical systems related to our power grid, healthcare providers, innumerable businesses, etc., etc., etc.

      It was completely foreseeable and just insane for anyone connected with the security of these systems (or their supervisors) to consider them immune.

      Isolation is the only solution.

  3. “The same technology built by Cellebrite to allow the F.B.I. to unlock iPhones could now be sold to the highest bidder.”

    As I recall, Cellebrite’s hack didn’t work in current iPhones.

  4. I want to add one more point to this.

    It’s reported today that the deepest NSA hacking team was itself, hacked. Their tools, mostly for Windows have been handed out over the course of two months and either today or recently a full kit of exploits was given out for free, because no one wanted to pay for them, in BiTCoin. Security analysts mentioned 61 unknown exploits were discovered. This information is worth millions on the black market, so it’s release is from a government agency that doesn’t care too much about money.

    There is no possible way for the US or any government to safely keep a back door secret.

    It’s simply insane. This info war is going to hurt a lot of people.

  5. It has become a theme that security expert servers get hacked. Here’s another example:

    Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’
    Stunned security experts tear strips off president-elect pick hours after announcement

    Giulianisecurity.com, the website for the ex-mayor’s eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities. Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server.

    This seemingly insecure system also has a surprising number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather old version of FreeBSD.

    Security gurus are right now tearing strips off Trump’s cyber-wizard pick. Top hacker Dan Tentler was first to point out the severely out-of-date Joomla! install.

    “It speaks volumes,” Tentler told The Register, referring to Giuliani’s computer security credentials, or lack of, and fitness for the top post.

    “Seventy-year-old luddite autocrats who often brag about not using technology are somehow put in charge of technology: it’s like setting our country on fire and giving every extranational hacker a roman candle – or, rather, not setting on fire, but dousing in gasoline.”

    I’m interested in how a ‘secure’ server gets hacked. But in the case illustrated above, clearly the ‘experts’ in charge of the server didn’t bother to keep it secure.

    Conclusions: If it’s software, it’s insecure. Modern coding methods aren’t good enough. Modern tech security methods are too complicated for even ‘expert’ modern humans to comprehend or maintain.

    We’ve got to get a lot better at this.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.