Apple's Questionable Victory Over the FBI

Uploaded on 2016-04-01 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

Apple has suffered one major casualty in its legal victory over the FBI: bragging rights over the iPhone’s security.

The FBI’s decision to abandon its effort to force Apple to help break into a terrorist’s handset marks a win for the company. Yet the agency’s claim that it found a way to hack into the device via an anonymous third party deals a blow to customers’ faith in the iPhone’s ability to protect their information.

“It’s not the best news for Apple,” said Chris McClean, a data-security researcher at Forrester Research Inc. “The Apple brand takes a little bit of a hit here. Because we don’t have details, customers are still going to question whether or not their device is safe. If one company can get into it then potentially that exploit is reusable for any device.”

The FBI backed down after six bruising weeks of public sparring with Apple, during which the technology community rallied behind the world’s most valuable company while politicians on both sides of the aisle advocated co-operation between the antagonists. Apple’s refusal to accede to the request ignited a debate over the balance between the needs of law enforcement and the importance of customer privacy.

“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” Apple said in an e-mailed statement.

IPhone Dangers

The iPhone maker has said that creating what amounted to a backdoor to the smartphone would set a dangerous precedent and endanger millions of iPhone users the world over. Though it won this round against the Justice Department, the fact that an external party managed to crack the device at the center of the controversy showed Apple devices may not be impervious to hackers.

Apple regularly updates the iOS software, which runs iPhones and iPads, and with each new generation it fixes security vulnerabilities. That was the case last week, when it rolled out iOS 9.3. Among the flaws plugged was an opening discovered by researchers at Inverse Path, a security consultancy in Trieste, Italy. The researchers said it might be possible to modify iOS and bypass security features via the USB port, while Apple itself acknowledged the vulnerability in a post on its website.

Closing the Door

Any weakness fixed last week wouldn’t prevent the FBI from hacking the San Bernardino shooter’s iPhone 5C, which runs an older version of the software. The agency has so far declined to reveal the exact method it’s using, leaving customers uncertain as to whether updating their operating system closes the backdoor.
 
The judge presiding over the case must now decide whether or not to accede to the FBI’s request to end the case. Apple’s lawyers said last week that they would expect the government to outline successful methods employed to crack the phone. Closing the case would impede the company’s ability to get that information. Under a relatively new process known as an equities review however, the FBI may be obligated to reveal the details unless it can show administration officials that there’s a substantial national security need to keep the flaw secret.

Whatever the judge decides, the debate over the priorities of law enforcement and personal privacy is likely to continue.

“I don’t foresee a scenario in which both sides are happy,” said Eric Berg, a former Department of Justice attorney who’s now a litigation partner at Foley & Lardner LLP in Milwaukee.

Information- Management: 

« Cars Really Are Increasingly Vulnerable To Cyberthreats
New Study Ranks Nations On Cyber Vulnerability »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

TSARKA

TSARKA

TSARKA (formerly the Center for Analysis & Investigation of Cyber Attacks - CAICA) is a leader in cybersecurity in Central Asia, playing a key role in protecting government and private IT assets.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

Prefactor

Prefactor

Prefactor was built because the problem of authenticating and authorizing users continues to be a battle engineers face globally.