Apple to FBI: Weakening iPhone Security Could Make the Power Grid More Hackable
Apple’s public assaults on the FBI’s demand that it help unlock an iPhone used in last year’s shootings in San Bernardino, California, keep getting louder.
The company’s head of software, Craig Federighi, argued in the Washington Post on Monday that the security features of the iPhone keep important things like U.S. government agencies and America’s power grid safe from malicious hackers. The software a California court has ordered Apple to make for the FBI would weaken a crucial protector of national security, he said.
“Once created, this software—which law enforcement has conceded it wants to apply to many iPhones—would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all,” he said in the article.
That argument has won the backing of many computer security experts. But it is also a reminder that Apple—like other major computing companies—already possesses a lot of software that criminals could use to wreak havoc on our privacy and safety.
The tool the FBI’s court order says Apple must make could only be used to switch off the passcode-guessing protections on an iPhone, and it would require physical access to the phone. By contrast, a criminal who got inside the computers of a large company such as Apple, Facebook, or Google could gain access to systems that allowed much larger-scale attacks on privacy.
A criminal who broke into Apple’s computer network could, for example, send out a software update with malware hidden inside that would end up on millions of iPhones. A breach of iCloud could spill contact information and photos from the iCloud backup service, which Federighi has said is used by almost 800 million people.
Indeed, iCloud has already suffered one security failure. In 2014 private photos taken from some celebrities’ iCloud backups—many including nudity—were leaked online. They were obtained by exploiting the fact that Apple permitted software to make unlimited guesses at an account’s password.
Apple fixed that flaw, but to this day data in iCloud is stored in a form readable by Apple or anyone else who gets hold of it—whether a criminal or the FBI with a warrant. Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, recommends that iPhone users disable iCloud for this reason (he backs Apple in its current stand against the FBI).
Apple’s argument that it could not keep the software the FBI wants from it secure is a reminder that it and other computing companies already struggle to guarantee the security of the software they have today.
(Read more: Washington Post, “In Apple vs. the FBI, There Is No Technical Middle Ground”)
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
How Rust went from a side project to the world’s most-loved programming language
For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Design thinking was supposed to fix the world. Where did it go wrong?
An approach that promised to democratize design may have done the opposite.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.