{"id":45254,"date":"2023-10-20T15:42:10","date_gmt":"2023-10-20T15:42:10","guid":{"rendered":"http:\/\/startupsmart.test\/2023\/10\/20\/fbi-backs-off-from-its-day-in-court-with-apple-this-time-but-there-will-be-others-startupsmart\/"},"modified":"2023-10-20T15:42:10","modified_gmt":"2023-10-20T15:42:10","slug":"fbi-backs-off-from-its-day-in-court-with-apple-this-time-but-there-will-be-others-startupsmart","status":"publish","type":"post","link":"https:\/\/www.startupsmart.com.au\/uncategorized\/fbi-backs-off-from-its-day-in-court-with-apple-this-time-but-there-will-be-others-startupsmart\/","title":{"rendered":"FBI backs off from its day in court with Apple this time \u2013 but there will be others – StartupSmart"},"content":{"rendered":"
\"\"<\/div>\n

By Martin Kleppmann<\/p>\n

After a very public stand-off over an encrypted terrorist\u2019s smartphone, the FBI has backed down in its court case against Apple, stating that an \u201coutside party\u201d \u2013 rumoured to be an Israeli mobile forensics company \u2013 has found a way of accessing the data on the phone.<\/p>\n

The exact method is not known.<\/p>\n

Forensics experts have speculated that it involves tricking the hardware into not recording how many passcode combinations have been tried, which would allow all 10,000 possible four-digit passcodes to be tried within a fairly short time.<\/p>\n

This technique would apply to the iPhone 5C in question, but not newer models, which have stronger hardware protection through the so-called secure enclave, a chip that performs security-critical operations in hardware. The FBI has denied that the technique involves copying storage chips.<\/p>\n

So while the details of the technique remain classified, it\u2019s reasonable to assume that any security technology can be broken given sufficient resources. In fact, the technology industry\u2019s dirty secret is that most products are frighteningly insecure.<\/p>\n

Even when security technologies are carefully designed and reviewed by experts, mistakes happen.<\/p>\n

For example, researchers recently found a way of breaking the encryption of Apple\u2019s iMessage service, one of the most prominent examples of end-to-end encryption (which ensures that even the service provider cannot read the messages travelling via its network).<\/p>\n

Most products have a much worse security record, as they are not designed by security experts, and often contain flaws that are easily found by attackers.<\/p>\n

For example, internet-connected baby monitors that could be hacked and allow strangers to talk to their child at night. Insecure cars that could be controlled via an internet connection while being driven. Drug infusion pumps at US hospitals that could be hacked by an attacker to manipulate drug dosage levels.<\/p>\n

Even national infrastructure is vulnerable, with software weaknesses exploited to cause serious damage at a German steel mill, bring down parts of the Ukrainian power grid, and alter the mix of chemicals added to drinking water. While our lives depend more and more on \u201csmart\u201d devices, they are frequently designed in incredibly stupid ways.<\/p>\n

Insecure by design<\/h3>\n

The conflict between Apple and the FBI was particularly jarring to security experts, seen as an attempt to deliberately make technology less secure and win legal precedent to gain access to other devices in the future.<\/p>\n

Smartphones are becoming increasingly ubiquitous, and we know from the Snowden files that the NSA can turn on a phone\u2019s microphone remotely without the owner\u2019s knowledge. We are heading towards a state in which every inhabited space contains a microphone (and a camera) that is connected to the internet and which might be recording anything you say.<\/p>\n

This is not even a paranoid exaggeration.<\/p>\n

So, in a world in which we are constantly struggling to make things more secure, the FBI\u2019s desire to create a backdoor to provide it access is like pouring gasoline on the fire.<\/p>\n

The problem with security weaknesses is that it is impossible to control who can use them. Responsible researchers report them to the vendor so that they can be fixed, and sometimes receive a bug bounty in return.<\/p>\n

But those who want to make more money may secretly sell the knowledge to the highest bidder. Customers of this dark trade in vulnerabilities often include governments with repressive human rights records.<\/p>\n

If the FBI has found a means of getting data off a locked phone, that means the intelligence services of other countries have probably independently developed the same technique \u2013 or been sold it by someone who has.<\/p>\n

So if an American citizen has data on their phone that is of intelligence interest to another country that data is at risk if the phone is lost or stolen.<\/p>\n

Most people will never be of intelligence interest of course, so perhaps such fears are overblown. But the push from governments, for example through the pending Investigatory Powers Bill in the UK, to allow the security services to hack devices in bulk \u2013 even if the devices belong to people who are not suspected of any crime \u2013 cannot be ignored.<\/p>\n

Bulk hacking powers, taken together with insecure, internet-connected microphones and cameras in every room, are a worrying combination. It is a cliche to conjure up Nineteen Eighty-Four, but the picture it paints is something very much like Orwell\u2019s telescreens.<\/p>\n

Used by one, used by all<\/h3>\n

To some extent law enforcement has historically benefited from poor computer security, as hacking a poorly secured digital device is easier and cheaper than planting a microphone in someone\u2019s house or rifling their physical belongings.<\/p>\n

No wonder that the former CIA director loves the Internet of Things.<\/p>\n

This convenience often tempts governments to deliberately weaken device security \u2013 the FBI\u2019s case against Apple is just one example. In the UK, the proposed Investigatory Powers Bill allows the secretary of state to issue \u201ctechnical capability notices\u201d, which are secret government orders to demand manufacturers make a device or service deliberately less secure than it could be.<\/p>\n

GCHQ\u2019s new MIKEY-SAKKE standard for encrypted phone calls is also deliberately weakened to allow easier surveillance.<\/p>\n

But a security flaw that can be used by one can be used by all, whether legitimate police investigations or hostile foreign intelligence services or organised crime.<\/p>\n

The fears of criminals and terrorists \u201cgoing dark\u201d are overblown, but the risk to life from insecure infrastructure is real: fixing these weaknesses should be our priority, not striving to make devices less secure for the sake of law enforcement.<\/p>\n

Martin Kleppmann is a research associate at the University of Cambridge.<\/em>This article was originally published on The Conversation. Read the original article.<\/em><\/p>\n

Follow StartupSmart on<\/em> Facebook,<\/em> Twitter,<\/em> LinkedIn<\/em> and<\/em> SoundCloud.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

By Martin Kleppmann After a very public stand-off over an encrypted terrorist\u2019s smartphone, the FBI has backed down in its court<\/p>\n","protected":false},"author":1,"featured_media":58838,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/posts\/45254"}],"collection":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/comments?post=45254"}],"version-history":[{"count":0,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/posts\/45254\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/media\/58838"}],"wp:attachment":[{"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/media?parent=45254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/categories?post=45254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.startupsmart.com.au\/wp-json\/wp\/v2\/tags?post=45254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}