Connectivity

Apple to FBI: Weakening iPhone Security Could Make the Power Grid More Hackable

Apple’s claims that cooperating with the FBI would reduce iPhone security are a reminder of weaknesses that already exist.

Apple’s public assaults on the FBI’s demand that it help unlock an iPhone used in last year’s shootings in San Bernardino, California, keep getting louder.

The company’s head of software, Craig Federighi, argued in the Washington Post on Monday that the security features of the iPhone keep important things like U.S. government agencies and America’s power grid safe from malicious hackers. The software a California court has ordered Apple to make for the FBI would weaken a crucial protector of national security, he said.

“Once created, this software—which law enforcement has conceded it wants to apply to many iPhones—would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all,” he said in the article.

That argument has won the backing of many computer security experts. But it is also a reminder that Apple—like other major computing companies—already possesses a lot of software that criminals could use to wreak havoc on our privacy and safety.

The tool the FBI’s court order says Apple must make could only be used to switch off the passcode-guessing protections on an iPhone, and it would require physical access to the phone. By contrast, a criminal who got inside the computers of a large company such as Apple, Facebook, or Google could gain access to systems that allowed much larger-scale attacks on privacy.

A criminal who broke into Apple’s computer network could, for example, send out a software update with malware hidden inside that would end up on millions of iPhones. A breach of iCloud could spill contact information and photos from the iCloud backup service, which Federighi has said is used by almost 800 million people.

Indeed, iCloud has already suffered one security failure. In 2014 private photos taken from some celebrities’ iCloud backups—many including nudity—were leaked online. They were obtained by exploiting the fact that Apple permitted software to make unlimited guesses at an account’s password.

Apple fixed that flaw, but to this day data in iCloud is stored in a form readable by Apple or anyone else who gets hold of it—whether a criminal or the FBI with a warrant. Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, recommends that iPhone users disable iCloud for this reason (he backs Apple in its current stand against the FBI).

Apple’s argument that it could not keep the software the FBI wants from it secure is a reminder that it and other computing companies already struggle to guarantee the security of the software they have today.

(Read more: Washington Post, “In Apple vs. the FBI, There Is No Technical Middle Ground”)

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.