Posted on 03/04/2016 3:14:56 PM PST by Swordmaker
With Apple vowing to resist the FBI’s demands for an iPhone backdoor in the San Bernardino case all the way to the Supreme Court, many people assume the company is motivated purely out of principle and concern for their customers.
No doubt these are key reasons for Apple’s stand, and I have great admiration for Tim Cook’s leadership on this matter.
At the same time, it’s important to recognize another motivation at play. It’s one that Apple and the other tech giants supporting Cook against the FBI all share but, for understandable reasons, cannot discuss in public. Unfortunately, their silence on this topic only contributes to public confusion around what’s at stake now.
To put it briefly and bluntly: The iPhone is already vulnerable to hackers around the world. So are Android-based devices and other smart device platforms. In fact, the US government is late to a party long dominated by black hat hackers working for themselves or even more nefarious parties. The FBI’s order has only brought this sensitive issue to a head.
Here’s why:
The iPhone already has backdoors Apple hasn’t yet closed.
Image: Bryce Durbin
I’m aware of at least one instance where black hat hackers have been able to extract data from an iPhone with a recent OS by directly accessing it through critical flaws that enable a backdoor into and data extraction from a designated device.
I cannot publicly share specific details beyond this, other than to say that this breach was uncovered by a member of the hacker community. I’m also unable to confirm whether the hacking method would work on the latest iOS operating system.
However, as suggested by the recent New York case, in which Apple was able to access data on a device running an older OS, dedicated hackers are bound to find workarounds to backdoor the latest version too.
And this is just one potential backdoor among many. Indeed, there’s a veritable underground market for 0 day iPhone vulnerabilities found by hackers and put on sale to the highest bidder — or secretly kept in reserve, to use as a potential cyber weapon against Apple down the road.
With these, hackers can, for instance, quietly connect and extract data from a user’s device without her knowledge, control it remotely, or even spy on her daily activities. Apple has said that creating a backdoor for the FBI would put iPhone owners on a slippery slope of security intrusions. It is more accurate to say that the iPhone has been careening down that slope for quite some time.
Which takes me to a related point:
The US government lost the backdoor race long ago.
It is ironic that many in the tech community decry the FBI’s court-ordered request for an Apple-produced backdoor, because it’s the only government body to make this request to the company through official channels.
Meanwhile, many foreign governments have long been secretly working with blackhat hackers to create unauthorized backdoors into the iPhone, usually without Apple’s knowledge or control, seeking the ability to access documents of officials from rival governments. (Senator Bernie Sanders may not care about Secretary Clinton’s damn e-mails, but I can assure him that many people in the blackhat underground surely do.)
This raises another irony: With so many trying so hard to access the iPhone already, an FBI-ordered backdoor will only assist their efforts. Once created, blackhats will surely increase their attacks on the FBI and Apple, hoping to ferret out clues to this entrance route. It is almost certain they will eventually succeed.
FBI forcing Apple to weaken iOS security could endanger lives, warns UN Former heads of NSA and Homeland Security unlikely Apple supporters in encryption battle Microsoft's Brad Smith stands with Apple while passionately defending encryption
Given all of this, it’s much easier to understand why Apple is fighting with such tenacity to prevent the iPhone’s security from becoming even weaker.
A system is only as secure as its most vulnerable link, and becomes geometrically less secure with each additional vulnerability. Devices and software associated with Google, Facebook, and Microsoft are just as vulnerable as the iPhone (if not more so), which I believe partly motivates the amicus briefs they have filed on behalf of Apple.
A majority of Americans understandably assume the US government’s demand for a backdoor is a reasonable request to make us safer from terrorist attacks. If they understood how profoundly insecure and under threat all their devices already are, I believe their thinking on the topic would instantly change.
It is a final irony that the FBI has inadvertently exposed the US tech industry’s Achilles’ heel — and threatens to make our devices even more vulnerable to those who wish to do us harm.
Kabuki Theater!
Kabuki Theater! Or is our intelligence still back in the early 60’s?
Bump
The Hacker Team Company has been offering a $1 million bounty for a hack that will open a locked iPhone so they can add the unjailbroken iPhone to their inventory of mobile device tools they sell to government agencies such as the FBI, NSA, CIA, MI5, and other police agencies, prosecutorial offices around the world. It has till gone unclaimed. If what article author Min Pyo Hong claimed were true, a hacker would be $1 million richer. It hasn't happened. Before someone posts a claim the bounty was awarded in October, that was another bounty for a hack to JAILBREAK iOS 9, not to hack the passcode system; that has not been claimed at all. — PING!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
"This raises another irony: With so many trying so hard to access the iPhone already, an FBI-ordered backdoor will only assist their efforts. Once created, blackhats will surely increase their attacks on the FBI and Apple, hoping to ferret out clues to this entrance route. It is almost certain they will eventually succeed."
Which admits he knows they haven't succeeded yet. He wants to have it both ways. They have it, but they need the clues Apple and the FBI will provide. Hilarious. Logic totally escapes Min Pyo Hong.
$1M prize claimed: http://motherboard.vice.com/read/somebody-just-won-1-million-bounty-for-hacking-the-iphone
$1M prize claimed: http://motherboard.vice.com/read/somebody-just-won-1-million-bounty-for-hacking-the-iphone
Sometimes just knowing that something has been done makes it far easier to do it yourself.
Do you have a reading comprehension problem? I even said someone would come in and post that the bounty had been awarded, and it would be for the WRONG bounty, the one for JAILBREAKING an iPhone. Thank you for validating my prediction!
From your link:
"The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple’s mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message.
The Hacker Team Bounty was to BREAK INTO a locked iPhone, defeating the passcode, and gaining access to the user's data.
It was NOT Zerodium's challenge to merely remotely jailbreak an already opened iPhone running iOS 9.1 or 9.2, because a user navigated to a website or received a message. Incidentally, those exploits were closed about a week after the hacker submitted his hack.
I rest my case.
No need to be nasty. I made a mistake. Sheesh.
Just like making a prediction that something will be done, makes it happen? LOL!
Also, can you post a link to the correct challenge? May want to play.
PS Sorry if I missed tha in your earlier posts. Just a lot of info there so may have overlooked it.
OK, I retract it. . . it was so just ironic, I couldn't resist the straight line, especially with the double post. Ya can't say I didn't warn you though.
That*
I think they've let it expire. They were trying to sell their company and wanted/needed it for a complete suite of mobile tools. Something happened to the sale offer and they either allowed the challenge to drop or decided that no one could do it. I think the take over went through without it.
Bummer. Thanks for the update.
Here's an article on how The Hacking Team works that came out just before they issued their record bounty offer for the iOS iPhone/iPad hack.
Hacking Team Leak Shows How Secretive Zero-Day Exploit Sales Work
The bounty was not hugely publicized publicly (is that redundant), it was in the underground black hat network.
I hope this helps.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.