Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

'Serious risk' that Apple-made iPhone cracking code will leak

Gregg Keizer | March 7, 2016
Security experts warn that once made, Apple's custom code will be 'very valuable' to authoritarian governments and criminals.

If the U.S. government succeeds in compelling Apple to do the work, other nations' authorities will follow, and could demand that Apple hand it over without supervision, pressuring the company with threats to its in-country employees or its right to do business. And once the code left Cupertino, the safe room-style protection would be moot. "Given the Custom Code's value, unscrupulous government officials in corruption-plagued jurisdictions could foreseeably sell the Custom Code to third parties," the experts speculated.

Apple employees might not be immune to hacking, blackmail or simply the dollars dangled in front of them. "Those technicians responsible for using the Custom Code to comply with access demands will likely be targeted by phishing attacks -- emails carefully designed to seem legitimate but which contain malware -- that seek to steal the Custom Code," the filing read. "The same technicians will be approached with offers to buy the software. The price offered could be irresistibly high, as the Custom Code will be worth a lot to foreign national security officials and organized crime syndicates, and can be sold to multiple customers."

While Apple has made some of the same general arguments -- specifically that once the tool was created, it's impossible to foresee how things will shake out in the end -- it has not gone into the dark details that the security experts laid out.

The seven amici curiae included some well-known iOS researchers, among them Charlie Miller, the first to find a vulnerability in Apple's mobile operating system; Dino Dai Zovi, who along with Miller wrote The iOS Hacker's Handbook; and Jonathan Zdziarski, a prominent forensics researcher. Others included Bruce Schneier, who designed the Blowfish encryption algorithm; Dan Boneh of Stanford; Dr. Hovav Shacham of the University of California at San Diego; and Dan Wallach of Rice University.

"As experts experienced in both analyzing and building security functionality on iOS-based devices, amici believe that any such Order poses a public-safety risk," the seven concluded.

This amicus brief was just one of many filed with the court this week -- others were submitted by the ACLU, privacy groups such as the Electronic Frontier Foundation, and a host of technology companies that included Facebook, Google, Microsoft, Twitter and Yahoo.

The court will hear oral arguments from Apple and the government on March 22.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.