Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple's iPhone Already Has a Backdoor

Posted by timothy on from the hidden-driveway-too dept.

Nicola Hahn writes: As the Department of Justice exerts legal pressure on Apple in an effort to recover data from the iPhone used by Syed Rizwan Farook, Apple's CEO has publicly stated that "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." But, as one Windows rootkit developer has observed, the existing functionality that the FBI seeks to leverage is itself a backdoor. Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector. Update features marketed as a safety mechanism can just as easily be wielded to subvert technology if the update source isn't trustworthy. Something to consider in light of the government's ability to steal digital certificates and manipulate network traffic, not to mention the private sector's lengthy history of secret cooperation. Related: wiredmikey writes: Apple said Monday it would accept having a panel of experts consider access to encrypted devices if US authorities drop efforts to force it to help break into the iPhone of a California attacker. Apple reaffirmed its opposition to the US government's effort to compel it to provide technical assistance to the FBI investigation of the San Bernardino attacks, but also suggested a compromise in the highly charged legal battle.

In his first public remarks since Apple CEO Tim Cook said he would fight the federal magistrate's order, FBI Director James Comey claimed the Justice Department's request is is about "the victims and justice."

10 of 401 comments (clear)

  1. There's a lesson here by Jawnn · · Score: 5, Insightful
    ...and that is that you should not trust the security of your stuff to a third party. Not Apple, not "the cloud", and definitely not the government. Don't get me wrong. I am not some foil hat wearing paranoid when it comes to "the government", but I damn sure don't consider them trustworthy enough to manage my crypto keys. I'd trust a handful of cloud operators before I'd trust the government, and none of them get my keys either.

    Listen up, law enforcement, DoJ, et al. I am more afraid of your incompetence than I am any dark "world domination" motive on your part, but I am nowhere near as afraid of :"teh terrorists" as I am of you, regardless of your motive. So hands off my crypto. M'kay?

    1. Re:There's a lesson here by FlyHelicopters · · Score: 4, Insightful

      And that's all fine. Remind me again why Apple has to provide said help?

      A Judge can order a safe broken into, the FBI can hire a safecracker to break into it. If that safecracker doesn't want to do the job, they'll get someone else.

      What DOESN'T happen is the Judge directly ordering a SPECIFIC safecracker to do the job against their will, and in the process, damage their reputation for ALL safes.

      No one is disputing the FBI's right to inspect this phone. More power to them, crack away... Why exactly does Apple have to help again? Have we become slaves?

  2. The title of this article is wrong! by NicholFD · · Score: 5, Insightful

    Nicola Hahn is incorrect. No one has stated that Apple has the ability to, "remotely update code on a device automatically, without user intervention". The method the device would be updated requires DFU (Device Firmware Upgrade) mode, physical possession of the device and a USB connection to a PC/Mac: https://www.theiphonewiki.com/... Way to grab a headline, though...

  3. What more? by NetNed · · Score: 4, Insightful

    The cell provider gave them their info and Apple gave the FBI the last iCloud back-up for the device, so what more could they actually find on the phone that would be of such a great use? I mean, I have a hard time believing that a couple of people that think throwing a hard drive in to a lake destroys the data on it would have the info on their phone not back-up to iCloud or have used something that is only obtainable from the unlocked phone itself. Add to that the story of the phones pass code changing while in FBI possession, which would be easy to track, and that the reports were that they threw their phones in the lake too. So you can find a 18 year old downloading illegal movies, but you can't track who changed the phone's lock code?? Ahhh yeahhhh, all of it together seems like some overwhelming bullshit.

  4. Re:Cluster Fuck by suutar · · Score: 5, Insightful

    from what I've read the FBI prefers the latter but would accept the former. However, Cook has said that law enforcement around the country has already said they have hundreds of iPhones they want appel to unlock if the FBI wins; if that's so, I don't think destroying the tool is going to be a viable option.

  5. Re:Cluster Fuck by AK+Marc · · Score: 4, Insightful

    There are piles of backdoors into iPhones. Apple keeps them locked up and secure. The government wants the tools, not the phone. They are using "terrorism" as the reason to demand the tools.

    --
    Learn to love Alaska
  6. Re:Tim Cook's letter by Tablizer · · Score: 5, Insightful

    I especially like this quote:

    "...we strongly believe the only way to guarantee that such a powerful tool isn't abused and doesn't fall into the wrong hands is to never create it."

    --
    Table-ized A.I.
  7. Re:Cluster Fuck by Jason+Levine · · Score: 5, Insightful

    The demands would never stop from US law enforcement agencies. And then they would roll in from governments around the world. And then some hacker group would get their hands on the "unlock" tool and repurpose it to break into any iPhone at any time.

    If Apple breaks the encryption, there is no way that it will be just for this one phone and that's it.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  8. Re:Tim Cook's letter by FlyHelicopters · · Score: 5, Insightful

    It seems like the plan is proceeding nicely. We getting into the "public debate" phase. Soon it will move on to the trade-off phase decided on by a panel of private and governmental experts.

    Yea, but part of the challenge is that not everything in the world can be "compromised" or "traded-off".

    Encryption either works or it doesn't. Your info is either secure or it isn't. If the government can access it, then it isn't secure.

    There just isn't any give-and-take here, either you can make your info private, or you cannot.

  9. Re:Cluster Fuck by Lord_Jeremy · · Score: 5, Insightful

    They already did that. The secure enclave in the iPhone 6 and 6s serves all those functions. It's essentially a black box, and itself is responsible for the unlock attempt counter and the storage hardware encryption keys.