25 February 2016

Apple, hitting back


The BBC has an article (and it usual unbloggable video) by Dave Lee about the Apple war with the FBI:
Apple boss Tim Cook (photo) has hit back at the FBI over the handling of a court order to help unlock the iPhone of San Bernardino, California killer Syed Rizwan Farook.
Cook told ABC that his company first learned of the controversial request when it was reported in the news media. "I don't think that something so important to this country should be handled in this way." However, a source close to the investigation told the BBC that Cook's claim was "simply not true", and that Apple's legal team was "the first to know". A spokeswoman for the FBI said she did not wish to comment on Cook's remarks.
Elsewhere, The New York Times reported that Apple had begun working on an upgrade to its devices which would make it impossible to break into an iPhone using the method proposed by the FBI in this case. Public option has been mixed, but some Apple users have rallied to the company's defense.
Cook was defending the company's refusal to comply with the FBI's order that it remove security blocks on Farook's device so data on it could be accessed. He said the FBI was asking the company to make "the software equivalent of cancer". Farook, along with his wife Tashfeen Malik, killed fourteen people in the attack in December of 2015.
"I think safety of the public is incredibly important," Cook told ABC. "The protection of people's data is incredibly important. And so the trade-off here is we know that doing this could expose people to incredible vulnerabilities."
When asked if he was concerned Apple may hinder investigations that could prevent a future attack, Cook said: "Some things are hard and some things are right. And some things are both. This is one of those things."
The FBI has argued that Apple is overstating the security risk to its devices. FBI Director James Comey (photo) said Apple did have the technical know-how to break into Farook's device only in a way that did not create a so-called "backdoor" into every Apple device.
Conflicting polls suggest the American public is divided. One, by the Pew Research Center, suggested the majority of those polled sided with the FBI, although researchers noted support for Apple grew among people who owned smart phones. A Reuters poll, conducted by Ipsos, said over half of respondents worried that the FBI would seek to use the backdoor to "spy on iPhone users".
Rico says that of course they'd use it to spy on iPhones; that's what they get paid for... (And someone should poll people on how they'd feel if the FBI wanted to break into their phone.)

In a related article by Matt Apuzzo and Katie Benner in The New York Times, there's this:
Apple engineers have begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.
If Apple succeeds in upgrading its security, and experts say it almost surely will, the company will create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, California rampage. If the Federal Bureau of Investigation wanted to get into a phone in the future, it would need a new way to do so. That would most likely prompt a new cycle of court fights and, yet again, more technical fixes by Apple.
The only way out of this scenario, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them.
“We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” said Benjamin Wittes, a senior fellow at the Brookings Institution.
Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward J. Snowden, companies have been retooling their products to protect against government intrusion.
For Apple, security is also a global marketing strategy. New security measures would not only help the company in its fight with the government, but also reassure investors and customers. “For all of those people who want to have a voice but they’re afraid, we are standing up, and we are standing up for our customers because protecting them we view as our job,” Apple’s chief executive, Timothy D. Cook, said in an interview with ABC News.
The company first raised the prospect of a security update last week in a phone call with reporters, who asked why the company would allow firmware, the software at the heart of the iPhone, to be modified without requiring a user password.
One senior executive, speaking on the condition of anonymity, replied that it was safe to bet that security would continue to improve. Separately, a person close to the company, who also spoke on the condition of anonymity, confirmed this week that Apple engineers had begun work on a solution even before the San Bernardino attack. A company spokeswoman declined to comment on what she called rumors and speculation.
Independent experts say they have held informal conversations with Apple engineers over the last week about the vulnerability. Exactly how Apple will address the issue is unclear. Security experts who have been studying Apple’s phone security say it is technically possible to fix.
Apple built its recent operating systems to protect customer information. As Cook wrote in a recent letter to customers; “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”
But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a passcode. Apple designed that feature to make it easier to repair malfunctioning phones.
In the San Bernardino case, the FBI wants to exploit that troubleshooting system by forcing Apple to write and install new software that strips away several security features, making it much easier for the government to hack into the phone. The phone in that case is an old model, but experts and former Apple employees say that a similar approach could also be used to alter software on newer phones. That is the vulnerability Apple is working to fix.
Apple regularly publishes security updates and gives credit to researchers who hunt for bugs in the company’s software. “Usually, bug reports come in an email saying, ‘Dear Apple Security, we’ve discovered a flaw in your product,’ ” said Chris Soghoian, a technology analyst with the American Civil Liberties Union. “This bug report has come in the form of a court order.”
The court order to which Soghoian referred was issued last week by a Federal judge, and tells Apple to write and install the code sought by the FBI. Apple has promised to challenge that order; Its lawyers have until Friday to file its opposition in court.
In many ways, Apple’s response continues a trend that has persisted in Silicon Valley since Snowden’s revelations. Yahoo, for instance, left its email service unencrypted for years but, after Snowden revealed the National Security Agency surveillance, the company quickly announced plans to encrypt email. Google similarly moved to fix a vulnerability that the government was using to hack into company data centers.
Apple’s showdown with the Justice Department is different in one important way: now that the government has tried to force Apple to hack its own code, security officials say, the company must view itself as the vulnerability.
“This is the first time that Apple has been included in their own threat model,” Zdziarski said. “I don’t think Apple ever considered becoming a compelled arm of the government.”
FBI director James B. Comey Jr. (photo, above), signaled this week that he expected Apple to change its security, saying that the phone-cracking tool the government sought in the San Bernardino case was “increasingly obsolete”. He said that supported the government’s argument that it was not seeking a skeleton key to hack into all iPhones.
Apple, though, says the case could set a precedent for forcing company engineers to write code to help the government break into any iPhone. “The government has asked us for something we simply do not have, and something we consider too dangerous to create,” Cook said in his letter.
The heated back-and-forth between the government and technology companies is, at least in part, a function of the Obama administration’s strategy. The White House has said it will not ask Congress to pass a law requiring tech companies to give the FBI a way to gain access to customer data. That has left the Justice Department to fight for access one phone at a time, in court cases that often go unnoticed.
While it is generally accepted that Silicon Valley can outgun the government in a technical fight, the companies do face one important limitation: security features often come at the expense of making products slower or clunkier.
Apple’s brand is built around creating products that are sleek and intuitive. A security solution that defeats the FBI is unworkable if it frustrates consumers. One of the impediments to encrypting all the data in Apple’s iCloud servers, for instance, has been finding a way to ensure that customers can easily retrieve and recover photos and other information stored there. “Telling a member of the public that they’re going to lose all the family photos they’ve ever taken because they forgot their password is a really tough sell,” Soghoian said. “A company wants to sell products to the public.”
The BBC has an article about an Apple supporter:

Facebook's chief executive, Mark Zuckerberg, (photo) has said he is sympathetic to Apple's position in its clash with the FBI, which has ordered Apple to disable the security software on a dead murderer's iPhone, but the tech giant has refused. Zuckerberg said he did not believe the authorities should have back doors to bypass encryption protection.
However, a lawyer representing some of the gunman's victims has backed the Federal bureau. Stephen Larson, a former judge, said he intended to file legal paperwork next month telling Apple to co-operate. "They were targeted by terrorists, and they need to know why and how this could happen," he added. He declined to say how many of the victims he was representing, but did add that he would not be charging them a fee.
Zuckerberg made his comments at the Mobile World Congress show in Barcelona, Spain. "I don't think that requiring back doors to encryption is either going to be an effective thing to increase security or is really the right thing to do," he said. "We are pretty sympathetic to Tim Cook and Apple." He added that Facebook was committed to doing all it could to prevent terrorism, but his company was in favor of encryption.
The social network had previously issued a statement saying that the court order could create a "chilling precedent". Leaders at Google and Twitter also voiced support for Apple last week.
Apple's chief executive, Tim Cook, has described the FBI's order as "dangerous" and "unprecedented". He has said the firm would have to build a new operating system in order to comply. "We strongly believe the only way to guarantee that such a powerful tool isn't abused and does not fall into the wrong hands is to never create it," the firm stated on the Apple website.
In a statement published Sunday, FBI Director James Comey said the demand was "about the victims and justice". "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly," the FBI director wrote. "That's it. We don't want to break anyone's encryption or set a master key loose on the land. "Maybe the phone holds the clue to finding more terrorists. Maybe it doesn't. But we can't look the survivors in the eye, or ourselves in the mirror, if we don't follow this lead." 
Last week, anti-virus creator John McAfee offered to unlock the iPhone for the FBI. "It will take us three weeks," he told Business Insider, adding that he would eat his shoe on national television if his team failed.
Rico says it may take a long time, but the Feebs aren't gonna win this one. (And Rico looks forward to watching McAfee eat his shoes...)

No comments:

Post a Comment

No more Anonymous comments, sorry.