We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.


Apple to FBI: Weakening iPhone Security Could Make the Power Grid More Hackable

Apple’s claims that cooperating with the FBI would reduce iPhone security are a reminder of weaknesses that already exist.

Apple’s public assaults on the FBI’s demand that it help unlock an iPhone used in last year’s shootings in San Bernardino, California, keep getting louder.

The company’s head of software, Craig Federighi, argued in the Washington Post on Monday that the security features of the iPhone keep important things like U.S. government agencies and America’s power grid safe from malicious hackers. The software a California court has ordered Apple to make for the FBI would weaken a crucial protector of national security, he said.

“Once created, this software—which law enforcement has conceded it wants to apply to many iPhones—would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all,” he said in the article.

That argument has won the backing of many computer security experts. But it is also a reminder that Apple—like other major computing companies—already possesses a lot of software that criminals could use to wreak havoc on our privacy and safety.

The tool the FBI’s court order says Apple must make could only be used to switch off the passcode-guessing protections on an iPhone, and it would require physical access to the phone. By contrast, a criminal who got inside the computers of a large company such as Apple, Facebook, or Google could gain access to systems that allowed much larger-scale attacks on privacy.

A criminal who broke into Apple’s computer network could, for example, send out a software update with malware hidden inside that would end up on millions of iPhones. A breach of iCloud could spill contact information and photos from the iCloud backup service, which Federighi has said is used by almost 800 million people.

Indeed, iCloud has already suffered one security failure. In 2014 private photos taken from some celebrities’ iCloud backups—many including nudity—were leaked online. They were obtained by exploiting the fact that Apple permitted software to make unlimited guesses at an account’s password.

Apple fixed that flaw, but to this day data in iCloud is stored in a form readable by Apple or anyone else who gets hold of it—whether a criminal or the FBI with a warrant. Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, recommends that iPhone users disable iCloud for this reason (he backs Apple in its current stand against the FBI).

Apple’s argument that it could not keep the software the FBI wants from it secure is a reminder that it and other computing companies already struggle to guarantee the security of the software they have today.

(Read more: Washington Post, “In Apple vs. the FBI, There Is No Technical Middle Ground”)

Keep up with the latest in Apple at EmTech Digital.

The Countdown has begun.
March 25-26, 2019
San Francisco, CA

Register now
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivery each weekday to your inbox

    The MIT Technology Review App

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.