Apple's Questionable Victory Over the FBI

Apple has suffered one major casualty in its legal victory over the FBI: bragging rights over the iPhone’s security.

The FBI’s decision to abandon its effort to force Apple to help break into a terrorist’s handset marks a win for the company. Yet the agency’s claim that it found a way to hack into the device via an anonymous third party deals a blow to customers’ faith in the iPhone’s ability to protect their information.

“It’s not the best news for Apple,” said Chris McClean, a data-security researcher at Forrester Research Inc. “The Apple brand takes a little bit of a hit here. Because we don’t have details, customers are still going to question whether or not their device is safe. If one company can get into it then potentially that exploit is reusable for any device.”

The FBI backed down after six bruising weeks of public sparring with Apple, during which the technology community rallied behind the world’s most valuable company while politicians on both sides of the aisle advocated co-operation between the antagonists. Apple’s refusal to accede to the request ignited a debate over the balance between the needs of law enforcement and the importance of customer privacy.

“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” Apple said in an e-mailed statement.

IPhone Dangers

The iPhone maker has said that creating what amounted to a backdoor to the smartphone would set a dangerous precedent and endanger millions of iPhone users the world over. Though it won this round against the Justice Department, the fact that an external party managed to crack the device at the center of the controversy showed Apple devices may not be impervious to hackers.

Apple regularly updates the iOS software, which runs iPhones and iPads, and with each new generation it fixes security vulnerabilities. That was the case last week, when it rolled out iOS 9.3. Among the flaws plugged was an opening discovered by researchers at Inverse Path, a security consultancy in Trieste, Italy. The researchers said it might be possible to modify iOS and bypass security features via the USB port, while Apple itself acknowledged the vulnerability in a post on its website.

Closing the Door

Any weakness fixed last week wouldn’t prevent the FBI from hacking the San Bernardino shooter’s iPhone 5C, which runs an older version of the software. The agency has so far declined to reveal the exact method it’s using, leaving customers uncertain as to whether updating their operating system closes the backdoor.
 
The judge presiding over the case must now decide whether or not to accede to the FBI’s request to end the case. Apple’s lawyers said last week that they would expect the government to outline successful methods employed to crack the phone. Closing the case would impede the company’s ability to get that information. Under a relatively new process known as an equities review however, the FBI may be obligated to reveal the details unless it can show administration officials that there’s a substantial national security need to keep the flaw secret.

Whatever the judge decides, the debate over the priorities of law enforcement and personal privacy is likely to continue.

“I don’t foresee a scenario in which both sides are happy,” said Eric Berg, a former Department of Justice attorney who’s now a litigation partner at Foley & Lardner LLP in Milwaukee.

Information- Management: 

« Cars Really Are Increasingly Vulnerable To Cyberthreats
New Study Ranks Nations On Cyber Vulnerability »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

General Dynamics Information Technology (GDIT)

General Dynamics Information Technology (GDIT)

General Dynamics IT delivers cyber security services to defend critical information and infrastructure.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Innovent Recycling

Innovent Recycling

Innovent Recycling provides a secure IT recycling & data destruction service to all types of organizations across the UK.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

LANCOM Systems

LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking (WAN, LAN, WLAN) and firewall solutions for the public and private sectors.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

CRYPTIQ

CRYPTIQ

CRYPTIQ empowers businesses to navigate the ever-evolving cybersecurity landscape with confidence and clarity.