As the battle between Apple and the FBI over breaking the encryption of the San Bernadino shooter’s iPhone 5c rages on, one cyber security expert is warning that a decision from the court against Apple could open Pandora’s Box.
In the case, a federal magistrate has ordered Apple to comply with a request from the FBI that it create software to help the agency successfully hack into the iPhone of San Bernadino shooter Syed Farook. Farook was one of two shooters – both of whom were later killed in a shootout with police – who carried out a Dec. 2 attack in California that killed 14 people.
According to Gary Miliefsky, CEO of cyber security company SnoopWall, Apple’s hypothetical consent to hack one of its devices would serve as a signal to criminals that a previously unknown way in exists.
“The FBI is asking for Apple to ‘break-into’ one of its devices,” Miliefsky said. “If they can do so, it proves they have a secret, hidden backdoor, that no one else knows about. Once that’s in the news, every top hacker, cyber criminal and cyber terrorist as well as nation state cyber actors are going to want access and will find a way to take advantage of this back door.”
Miliefsky’s comments reinforce a statement made by Apple CEO Tim Cook in a Tuesday letter to consumers. In that letter, Cook said Apple has “no sympathy for terrorists” and stressed that the company complies with “valid subpoenas and search warrants” but argued the FBI’s present request to tap into the shooter’s phone would set a dangerous precedent.
“Now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Cook wrote. “They have asked us to build a backdoor to the iPhone… In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”
For its part, the FBI has said the tool it is requesting would only be used once and would be specific to the device in question. Cook, however, said such technology would be the equivalent of a “master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes.”
Increased mobile threat
The case comes as mobile-directed cyber threats are becoming increasingly prevalent, creating an environment in which the slippery slope feared by Cook would be even more dangerous.
According to Hewlett Packard Enterprise’s (HPE) Cyber Risk Report released yesterday, the number of threats targeting Android devices rose 153 percent year over year to make the mobile operating system the second most targeted platform. Threats against Android last year totaled nearly 4.5 million, the report found, accounting for three percent of total malware samples discovered in 2015.
While the 70,000 threats against Apple remained an almost negligible percentage of the total number of malware samples discovered last year, HPE’s report noted a whopping 235 percent growth rate in the number of Apple-targeted attacks.
“Although the total number of IOS malicious apps is very low compared to all other popular malware platforms, the growth of 235% indicates that it should be a closely watched area in 2016,” the report said.
The HPE report also found that 2015 was the first year in which malicious apps managed to penetrate Apple’s App Store through an attacker’s modification of Apple’s Xcode. The information-stealing malicious code, known as XcodeGhost, was incorporated into more than 4,000 apps brought to the App Store by legitimate developers.
“The FBI’s request to a U.S. Magistrate for an order requiring Apple to disable the auto-wipe feature after 10 unsuccessful attempts represents the next step in the journey to find the holy grail of ‘back door”’unencryption, and the next salvo in the ever-escalating battle between law enforcement and tech companies,” said Robert Cattanach, a partner at international law firm Dorsey & Whitney and former trial attorney for the United States Department of Justice.
“To be sure, this is unchartered territory,” he continued. “One thing is certain: the decision of the Magistrate will not be the final word.”
Filed Under: Industry regulations