Apple's Questionable Victory Over the FBI

Apple has suffered one major casualty in its legal victory over the FBI: bragging rights over the iPhone’s security.

The FBI’s decision to abandon its effort to force Apple to help break into a terrorist’s handset marks a win for the company. Yet the agency’s claim that it found a way to hack into the device via an anonymous third party deals a blow to customers’ faith in the iPhone’s ability to protect their information.

“It’s not the best news for Apple,” said Chris McClean, a data-security researcher at Forrester Research Inc. “The Apple brand takes a little bit of a hit here. Because we don’t have details, customers are still going to question whether or not their device is safe. If one company can get into it then potentially that exploit is reusable for any device.”

The FBI backed down after six bruising weeks of public sparring with Apple, during which the technology community rallied behind the world’s most valuable company while politicians on both sides of the aisle advocated co-operation between the antagonists. Apple’s refusal to accede to the request ignited a debate over the balance between the needs of law enforcement and the importance of customer privacy.

“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” Apple said in an e-mailed statement.

IPhone Dangers

The iPhone maker has said that creating what amounted to a backdoor to the smartphone would set a dangerous precedent and endanger millions of iPhone users the world over. Though it won this round against the Justice Department, the fact that an external party managed to crack the device at the center of the controversy showed Apple devices may not be impervious to hackers.

Apple regularly updates the iOS software, which runs iPhones and iPads, and with each new generation it fixes security vulnerabilities. That was the case last week, when it rolled out iOS 9.3. Among the flaws plugged was an opening discovered by researchers at Inverse Path, a security consultancy in Trieste, Italy. The researchers said it might be possible to modify iOS and bypass security features via the USB port, while Apple itself acknowledged the vulnerability in a post on its website.

Closing the Door

Any weakness fixed last week wouldn’t prevent the FBI from hacking the San Bernardino shooter’s iPhone 5C, which runs an older version of the software. The agency has so far declined to reveal the exact method it’s using, leaving customers uncertain as to whether updating their operating system closes the backdoor.
 
The judge presiding over the case must now decide whether or not to accede to the FBI’s request to end the case. Apple’s lawyers said last week that they would expect the government to outline successful methods employed to crack the phone. Closing the case would impede the company’s ability to get that information. Under a relatively new process known as an equities review however, the FBI may be obligated to reveal the details unless it can show administration officials that there’s a substantial national security need to keep the flaw secret.

Whatever the judge decides, the debate over the priorities of law enforcement and personal privacy is likely to continue.

“I don’t foresee a scenario in which both sides are happy,” said Eric Berg, a former Department of Justice attorney who’s now a litigation partner at Foley & Lardner LLP in Milwaukee.

Information- Management: 

« Cars Really Are Increasingly Vulnerable To Cyberthreats
New Study Ranks Nations On Cyber Vulnerability »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

ID Agent

ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

Ensighten

Ensighten

Ensighten is a leader in Website Security & Privacy Compliance. Protect your website from malicious attacks, monitor & detect vulnerabilities, protect consumer data.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.