Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple cites iPhone, Mac security problems in rebuttal to FBI demands

Gregg Keizer | March 17, 2016
DOJ has 'fundamental misunderstanding' and 'reckless disregard' of security risks, Apple lawyers argue.

In a lengthy legal rebuttal to the U.S. government, Apple yesterday deployed an unusual defense -- that its devices are susceptible to attack -- to counter arguments that it should help the Federal Bureau of Investigation (FBI) crack a terrorist's iPhone.

Apple's brief, the last submitted to a federal magistrate before she holds a hearing next week, focused on the government's use of a 1789 law, the All Writs Act, to compel the company to assist law enforcement in breaking into a passcode-locked iPhone 5C.

But the brief also ranged elsewhere, including responses to assertions by the Department of Justice (DOJ) that Apple not only should be forced to aid the FBI, but that the task would be simple and the code could safely be entrusted to Apple, which would store it at its HQ.

The iPhone in question was an employer-issued device used by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif. on Dec. 2, 2015. The two died in a shootout with police later that day.

The government has labeled the attack an act of terrorism, and last month obtained a court order requiring Apple to write software that would let the FBI electronically blast the iPhone with passcode guesses in the hope of unlocking it, then extracting data from the device.

Apple has contested the order on multiple grounds, including its argument that creating such software would be an extraordinary burden.

Among the government's prior contentions: Apple could jumpstart its work on the purported one-of-a-kind iOS by using security vulnerabilities and third-party hacking tools, including one created by the FBI, to ease that burden.

Eric Neuenschwander, Apple's manager of privacy, dismissed those avenues as not only unrealistic, but also as proof that creating a special version of iOS for Farook's iPhone would open a veritable Pandora's Box.

"The historical security vulnerabilities and jailbreak incidents Mr. Perino identifies underscore the constant battle Apple is engaged in to identify and close off security vulnerabilities," Neuenschwander said in an affidavit, referring to an earlier declaration by Stacy Perino, an electronics engineer with the FBI. Last week, Perino suggested that Apple leverage vulnerabilities and embed third-party code to create a customized version of iOS destined for Farook's phone.

"I believe that Apple's iOS platform is the most-attacked software platform in existence," Neuenschwander said. "Each time Apple closes one vulnerability, attackers work to find another. This is a constant and never-ending battle. Mr. Perino's description of third-party efforts to circumvent Apple's security demonstrates this point."

Neuenschwander also argued that creating what he slyly dubbed "GovtOS" -- a nod to the naming conventions Apple uses for its iOS, watchOS and tvOS operating systems -- would not only be an unwarranted burden on the company and threaten all iPhone owners with criminal attack, but would also put Apple's engineers in personal jeopardy.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.