Subtext of the Apple vs FBI case was: “No one, not even the FBI can can decrypt an iPhone.”
Now that the FBI’s has found someone, (just who, they refuse to disclose) who can decrypt it, Apple will want to restore the reputation of its devices.
http://www.nytimes.com/2016/03/30/technology/apples-new-challenge-learning-how-the-us-cracked-its-iphone.html?mabReward=A1&moduleDetail=recommendations-0&action=click&contentCollection=Opinion®ion=Footer&module=WhatsNext&version=WhatsNext&contentID=WhatsNext&src=recg&pgtype=article
What does this mean for iPhone owners?
● rule of thumb for the security of any device, computing system, or premises – any sufficiently determined & resourced attacker will eventually overcome any security system
● if your iPhone has attracted the interest of an organisation as well resourced as the FBI, its security is under threat
● all other cases, assuming you have taken the appropriate measures, you device is secure, at least for now
● in time, Apple will upgrade iPhone security, but since the FBI isn’t saying how the San Bernardino shooter’s phone was decrypted, it is hard to see how it can ever be certain that this particular security hole has been closed
Caveat to the above: the iPhone in Apple vs FBI was a 5c – more recent devices may not be susceptible to the same hack.
View from Yahoo:
https://www.yahoo.com/politics/who-are-the-winners-and-losers-in-the-apple-v-fbi-192703478.html / United States government cracked open iPhone gunman San Bernardino California mass shooting Apple’s help tech company under pressure find fix flaw cases security vulnerabilities cropped up Apple higher set of hurdles repairing iPhone government hacked challenges start method law enforcement authorities third party break into iPhone Syed Rizwan Farook attacker San Bernardino rampage last year federal officials identify person organization helped crack the device declined specify procedure unlock decrypt hack open iPhone Apple obtain device reverse engineer hacking situations trickier Apple’s security operation in flux operation reorganized late last year manager responsible handling government’s data extraction requests left the team work in a different part of the company four current former Apple employees spoke on the condition of anonymity not authorized speak publicly changes employees tasks included hack Apple’s own products left the company cat-and-mouse game Apple engaged in with hackers hacking hacker United States government predicament for the company Apple business earn trust of its customers Jay Kaplan chief executive tech security company Synack former National Security Agency analyst fix this vulnerability as soon as possible Apple statement government filed to drop case demanding company help open Mr. Farook’s iPhone continue increase security our products threats attacks our data more frequent sophisticated Apple increase security devices company’s chief executive Timothy D. Cook Apple’s road map roadmap encrypt everything stored devices services information stored Apple’s cloud service iCloud customers back up data mobile devices Apple engineers begun developing new security measures tougher government open locked iPhone information flaw Farook’s iPhone 5C runs Apple’s iOS 9 operating system security experts how government broke into smartphone forensics experts government attacked Apple’s system method extract information protected area phone removing chip mechanism blocks password guessing user’s password unlock data authorities procedure mirrors phone’s storage chip NAND chip copied another chip NAND-mirroring F.B.I. FBI replace original NAND chip copy content tried 10 passcodes unlock phone failed generate a new copy phone’s content try another password guess restoring saved game Jonathan Zdziarski iOS forensics expert newer iPhone models less susceptible NAND-mirroring upgraded chip A7 security processor Secure Enclave unique numerical key not known essential secure securing information stored in the phone security vulnerabilities Apple products hackers mobile devices attacking Apple’s hardware software security teams Apple two main security teams group called Core OS Security Engineering product security team product security team privacy group examined data properly encrypted anonymized functions former Apple employees product security team reacted to vulnerabilities found people outside Apple proactive team RedTeam actively hack Apple products product security team broken up privacy group reporting to a new manager former employees product security proactive and reactive pieces absorbed Core OS Security Engineering team leader Core OS Security Engineering team Dallas DeAtley left security division Apple Mr. DeAtley employees government requests to extract data from iPhones Apple acquired a handful of security outfits LegbaCore found and fixed flaws for Apple departures market forces security professionals most sought-after engineers technology sector Apple’s security operation obtain information government hacked Mr. Farook’s iPhone proprietary to the company that helped the F.B.I. Stewart A. Baker lawyer at Steptoe & Johnson Department of Homeland Security’s security community researchers professionals Apple little debate everyone’s best interest Apple find out about this vulnerability Alex Rice CTO chief technology officer HackerOne security company San Francisco helps coordinate vulnerability disclosure corporations /
No comments:
Post a Comment