Skip to Content

Apple to FBI: Weakening iPhone Security Could Make the Power Grid More Hackable

Apple’s claims that cooperating with the FBI would reduce iPhone security are a reminder of weaknesses that already exist.
March 7, 2016

Apple’s public assaults on the FBI’s demand that it help unlock an iPhone used in last year’s shootings in San Bernardino, California, keep getting louder.

The company’s head of software, Craig Federighi, argued in the Washington Post on Monday that the security features of the iPhone keep important things like U.S. government agencies and America’s power grid safe from malicious hackers. The software a California court has ordered Apple to make for the FBI would weaken a crucial protector of national security, he said.

“Once created, this software—which law enforcement has conceded it wants to apply to many iPhones—would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all,” he said in the article.

That argument has won the backing of many computer security experts. But it is also a reminder that Apple—like other major computing companies—already possesses a lot of software that criminals could use to wreak havoc on our privacy and safety.

The tool the FBI’s court order says Apple must make could only be used to switch off the passcode-guessing protections on an iPhone, and it would require physical access to the phone. By contrast, a criminal who got inside the computers of a large company such as Apple, Facebook, or Google could gain access to systems that allowed much larger-scale attacks on privacy.

A criminal who broke into Apple’s computer network could, for example, send out a software update with malware hidden inside that would end up on millions of iPhones. A breach of iCloud could spill contact information and photos from the iCloud backup service, which Federighi has said is used by almost 800 million people.

Indeed, iCloud has already suffered one security failure. In 2014 private photos taken from some celebrities’ iCloud backups—many including nudity—were leaked online. They were obtained by exploiting the fact that Apple permitted software to make unlimited guesses at an account’s password.

Apple fixed that flaw, but to this day data in iCloud is stored in a form readable by Apple or anyone else who gets hold of it—whether a criminal or the FBI with a warrant. Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, recommends that iPhone users disable iCloud for this reason (he backs Apple in its current stand against the FBI).

Apple’s argument that it could not keep the software the FBI wants from it secure is a reminder that it and other computing companies already struggle to guarantee the security of the software they have today.

(Read more: Washington Post, “In Apple vs. the FBI, There Is No Technical Middle Ground”)

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.