Apple’s Best Defence Against The FBI Is The One It Can’t Admit

Uploaded on 2016-03-11 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms, NEWS-Cybersecurity News

With Apple vowing to resist all the way to the Supreme Court the FBI’s demands for an iPhone backdoor in the San Bernardino case, many people assume the company is motivated purely by principles and concern for their customers.

No doubt these are key reasons for Apple’s stand, and many have expressed  great admiration for CEO Tim Cook’s leadership on this matter.

At the same time, it’s important to recognize another motivation at play. It’s one that Apple and the other tech giants supporting Cook against the FBI all share but, for understandable reasons, cannot discuss in public. Unfortunately, their silence on this topic only contributes to public confusion around what’s at stake now.

To put it briefly and bluntly: The iPhone is already vulnerable to hackers around the world. So are Android-based devices and other smart-device platforms. In fact, the US government is late to a party long dominated by black hat hackers working for themselves or even more nefarious parties. The FBI’s order has only brought this sensitive issue to a head.

Here’s why:
The iPhone already has backdoors Apple hasn’t yet closed. I’m aware of at least one instance where black hat hackers have been able to extract data from an iPhone with a recent OS by directly accessing it through critical flaws that enable a backdoor into, and data extraction from, a designated device.

I cannot publicly share specific details beyond this, other than to say, that this breach, was uncovered by a member of the hacker community. I’m also unable to confirm whether the hacking method would work on the latest iOS operating system.

However, as suggested by the recent New York case, in which Apple was able to access data on a device running an older OS, dedicated hackers are bound to find workarounds to backdoor the latest version, too.

And this is just one potential backdoor among many. Indeed, there’s a veritable underground market for 0 day iPhone vulnerabilities found by hackers and put on sale to the highest bidder — or secretly kept in reserve, to use as a potential cyber weapon against Apple down the road.
With these, hackers can, for instance, quietly connect and extract data from a user’s device without their knowledge, control it remotely or even spy on their daily activities.

Apple has said that creating a backdoor for the FBI would put iPhone owners on a slippery slope of security intrusions. It is more accurate to say that the iPhone has been careening down that slope for quite some time.

Which brings up to a related point:
The U.S. government lost the backdoor race long ago. It is ironic that many in the tech community decry the FBI’s court-ordered request for an Apple-produced backdoor, because it’s the only government body to make this request to the company through official channels.

Meanwhile, many foreign governments have long been secretly working with black hat hackers to create unauthorized backdoors into the iPhone, usually without Apple’s knowledge or control, seeking the ability to access documents of officials from rival governments. (Senator Bernie Sanders may not care about Secretary Clinton’s damn emails, but I can assure him that many people in the black hat underground surely do.)

This raises another irony: With so many trying so hard to access the iPhone already, an FBI-ordered backdoor will only assist their efforts. Once created, black hats will surely increase their attacks on the FBI and Apple, hoping to ferret out clues to this entrance route. It is almost certain they will eventually succeed.

Given all of this, it’s much easier to understand why Apple is fighting with such tenacity to prevent the iPhone’s security from becoming even weaker.

A system is only as secure as its most vulnerable link, and becomes geometrically less secure with each additional vulnerability. Devices and software associated with Google, Facebook and Microsoft are just as vulnerable as the iPhone (if not more so), which I believe partly motivates the amicus briefs they have filed on behalf of Apple.

A majority of Americans understandably assume the U.S. government’s demand for a backdoor is a reasonable request to make us safer from terrorist attacks. If they understood how profoundly insecure and under threat all their devices already are, I believe their thinking on the topic would instantly change.

It is a final irony that the FBI has inadvertently exposed the U.S. tech industry’s Achilles’ heel — and threatens to make our devices even more vulnerable to those who wish to do us harm.
TechCrunch: http://tcrn.ch/1LWySgo

« UK Bosses - Heads In The Sand Over Cybercrime
China Cracks Down On Top Hong Kong Newspaper »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.