On Monday (3/28/16), the Justice Department withdrew its legal action against Apple after the FBI announced they have found their own way into the iPhone that belonged to one of the San Bernardino shooters. The FBI approached Apple and requested a ‘tool’ to bypass Apple’s security so they can impose what is called a ‘Brute-force attack’. A brute-force attack consists of a random generator that produces thousands of passwords a second and tests them until they are able to gain access. Apples current security systems on iPhones will delete all the information on an iPhone if the password is guessed wrong too many times.
Earlier this month, the FBI was approached by an unidentified outside entity which gave investigators the ability to break through the security function without erasing the information on the iPhone. The entity was not named, and neither was the technique that was used to gain access. Even though this particular lawsuit has passed, the discussion surrounding cyber security is still very much alive.
“This lawsuit may be over, but the Constitutional and privacy questions it raised are not,” Congressman Darrell Issa (R-Calif.), who was against the Justice Department’s legal effort against Apple. http://usat.ly/1XZ0Fhd
The Justice Department is now reviewing the information on the phone. The FBI has not shared how they cracked the security features with Apple as of yet. Now that the lawsuit is over, Apple cannot request that information from the court. Apple is very interested in understanding exactly how the FBI bypassed their security and in a statement they made it very clear that they will continue to increase the security of their devices.
“This case should never have been brought,” the company said. http://bit.ly/1Mz7uFw
If Apple complied to the FBI’s request, it could have set a very dangerous precedent down the road for other technology companies. This is even more dangerous because of how much of the world relies on software and hardware that is offered by these technology providers. It wouldn’t just be our phones at risk, the floodgates would have been thrown open for any business or home software. The FBI would be able to retrieve any information from anyone they want on demand.
It’s not just a fear of the FBI having access to personal and private data. When a tool like this is created, it is nearly impossible to keep it out of the hands of those who wish to do harm. Cyber threats and attacks have been on the rise and these hackers are only becoming more sophisticated. If a tool to bypass the security of an iPhone is out there, you can be sure it will fall into the wrong hands eventually.
This is not just an isolated issue, this will have a profound impact on how governments and the public look at cyber security in the future.
There are still concerns that a smaller company would not have the means to fight off another request of this kind by any government agency. Much of the software developed for businesses are sourced by smaller software providers that would have no choice but to fold under the same pressure the FBI put on Apple. Again, these backdoors have no chance of only staying in law enforcement’s hands, which could leave ERP, CRM, or any other software that manufacturers rely on inherently flawed and vulnerable. Cyber security is necessary to keep attackers out, but if governments create, and inevitably lose control of, sensitive software that can break through firewalls and other cyber security measures, data will never stay truly safe. There is a lot to think about when it comes to cases such as this one. For now, it seems Apple has won this battle, but the war on cyber security vs. public safety will rage on.