Apple's Questionable Victory Over the FBI

Uploaded on 2016-04-01 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

Apple has suffered one major casualty in its legal victory over the FBI: bragging rights over the iPhone’s security.

The FBI’s decision to abandon its effort to force Apple to help break into a terrorist’s handset marks a win for the company. Yet the agency’s claim that it found a way to hack into the device via an anonymous third party deals a blow to customers’ faith in the iPhone’s ability to protect their information.

“It’s not the best news for Apple,” said Chris McClean, a data-security researcher at Forrester Research Inc. “The Apple brand takes a little bit of a hit here. Because we don’t have details, customers are still going to question whether or not their device is safe. If one company can get into it then potentially that exploit is reusable for any device.”

The FBI backed down after six bruising weeks of public sparring with Apple, during which the technology community rallied behind the world’s most valuable company while politicians on both sides of the aisle advocated co-operation between the antagonists. Apple’s refusal to accede to the request ignited a debate over the balance between the needs of law enforcement and the importance of customer privacy.

“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” Apple said in an e-mailed statement.

IPhone Dangers

The iPhone maker has said that creating what amounted to a backdoor to the smartphone would set a dangerous precedent and endanger millions of iPhone users the world over. Though it won this round against the Justice Department, the fact that an external party managed to crack the device at the center of the controversy showed Apple devices may not be impervious to hackers.

Apple regularly updates the iOS software, which runs iPhones and iPads, and with each new generation it fixes security vulnerabilities. That was the case last week, when it rolled out iOS 9.3. Among the flaws plugged was an opening discovered by researchers at Inverse Path, a security consultancy in Trieste, Italy. The researchers said it might be possible to modify iOS and bypass security features via the USB port, while Apple itself acknowledged the vulnerability in a post on its website.

Closing the Door

Any weakness fixed last week wouldn’t prevent the FBI from hacking the San Bernardino shooter’s iPhone 5C, which runs an older version of the software. The agency has so far declined to reveal the exact method it’s using, leaving customers uncertain as to whether updating their operating system closes the backdoor.
 
The judge presiding over the case must now decide whether or not to accede to the FBI’s request to end the case. Apple’s lawyers said last week that they would expect the government to outline successful methods employed to crack the phone. Closing the case would impede the company’s ability to get that information. Under a relatively new process known as an equities review however, the FBI may be obligated to reveal the details unless it can show administration officials that there’s a substantial national security need to keep the flaw secret.

Whatever the judge decides, the debate over the priorities of law enforcement and personal privacy is likely to continue.

“I don’t foresee a scenario in which both sides are happy,” said Eric Berg, a former Department of Justice attorney who’s now a litigation partner at Foley & Lardner LLP in Milwaukee.

Information- Management: 

« Cars Really Are Increasingly Vulnerable To Cyberthreats
New Study Ranks Nations On Cyber Vulnerability »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

Quantum Squint

Quantum Squint

Quantum Squint is a cutting-edge cybersecurity company specializing in the use of advanced regression management techniques to detect, analyze, and prevent vulnerabilities in digital systems.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.