Apple's Questionable Victory Over the FBI

Uploaded on 2016-04-01 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

Apple has suffered one major casualty in its legal victory over the FBI: bragging rights over the iPhone’s security.

The FBI’s decision to abandon its effort to force Apple to help break into a terrorist’s handset marks a win for the company. Yet the agency’s claim that it found a way to hack into the device via an anonymous third party deals a blow to customers’ faith in the iPhone’s ability to protect their information.

“It’s not the best news for Apple,” said Chris McClean, a data-security researcher at Forrester Research Inc. “The Apple brand takes a little bit of a hit here. Because we don’t have details, customers are still going to question whether or not their device is safe. If one company can get into it then potentially that exploit is reusable for any device.”

The FBI backed down after six bruising weeks of public sparring with Apple, during which the technology community rallied behind the world’s most valuable company while politicians on both sides of the aisle advocated co-operation between the antagonists. Apple’s refusal to accede to the request ignited a debate over the balance between the needs of law enforcement and the importance of customer privacy.

“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” Apple said in an e-mailed statement.

IPhone Dangers

The iPhone maker has said that creating what amounted to a backdoor to the smartphone would set a dangerous precedent and endanger millions of iPhone users the world over. Though it won this round against the Justice Department, the fact that an external party managed to crack the device at the center of the controversy showed Apple devices may not be impervious to hackers.

Apple regularly updates the iOS software, which runs iPhones and iPads, and with each new generation it fixes security vulnerabilities. That was the case last week, when it rolled out iOS 9.3. Among the flaws plugged was an opening discovered by researchers at Inverse Path, a security consultancy in Trieste, Italy. The researchers said it might be possible to modify iOS and bypass security features via the USB port, while Apple itself acknowledged the vulnerability in a post on its website.

Closing the Door

Any weakness fixed last week wouldn’t prevent the FBI from hacking the San Bernardino shooter’s iPhone 5C, which runs an older version of the software. The agency has so far declined to reveal the exact method it’s using, leaving customers uncertain as to whether updating their operating system closes the backdoor.
 
The judge presiding over the case must now decide whether or not to accede to the FBI’s request to end the case. Apple’s lawyers said last week that they would expect the government to outline successful methods employed to crack the phone. Closing the case would impede the company’s ability to get that information. Under a relatively new process known as an equities review however, the FBI may be obligated to reveal the details unless it can show administration officials that there’s a substantial national security need to keep the flaw secret.

Whatever the judge decides, the debate over the priorities of law enforcement and personal privacy is likely to continue.

“I don’t foresee a scenario in which both sides are happy,” said Eric Berg, a former Department of Justice attorney who’s now a litigation partner at Foley & Lardner LLP in Milwaukee.

Information- Management: 

« Cars Really Are Increasingly Vulnerable To Cyberthreats
New Study Ranks Nations On Cyber Vulnerability »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

ALTR

ALTR

ALTR provide software-embedded solutions for data security and privacy.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.

Halo Security

Halo Security

Halo Security is a fast, easy, and scalable external attack surface management platform that gives security leaders deep visibility into their internet-facing assets.

St Fox

St Fox

St. Fox is a leading consultancy helping enterprises secure their Cloud, Data, endpoints, and applications.

NVT Phybridge

NVT Phybridge

NVT Phybridge is a global leader in Power over Ethernet (PoE) switches and extender solutions.