Security Market Segment LS
Wednesday, 30 March 2016 10:25

FBI stoush underlines Apple's concerns: security pro Featured


The fact that the FBI was able to access data on an iPhone without Apple's intervention, using a method provided by an outsider, underscores the risk that was initially outlined by Apple, according to a senior official at digital identity firm ThreatMetrix.

In refusing to obey a court order asking it to provide a modified version of iOS, its mobile operating system, so that the FBI could access data on an iPhone belonging to Syed Rizwan Farook, one of two people involved in killing 14 people in December, Apple chief executive Tim Cook had said that "compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us".

Vanita Pandey, vice-president of products at ThreatMetrix, told iTWire that what was more concerning was that the FBI had succeeded in cracking the iPhone by using a method suggested by an outsider.

"This underscores the risk initially outlined by Apple," she said. "There are people (both good and bad) who are looking for ways to find vulnerabilities in the platforms that can provide a gateway into user data. This case brought to light the fine balance that companies need to maintain between user privacy and national security."

Asked whether the FBI had committed perjury by swearing in court that it could not access the iPhone data without Apple's intervention and then doing exactly the opposite, Pandey (seen above) said: "I am not sure about the perjury claim. The two are mutually exclusive. The fact is that they were truthful - they had tried everything they could at the time of making the request to Apple and they ended up finding a way to unlock the phone later (as mentioned an approach suggested by an outsider)."

The iPhone in question belongs to the San Bernardino County Department of Health and was being used by Farook, an employee. He had destroyed two other iPhones belonging to him before he was shot dead.

The FBI had obtained a court order asking Apple to supply a new version of its mobile operating system, iOS, which did not have certain locking functions, so that the agency could attempt to guess the pass code by using a brute force method. When Apple resisted, the FBI came back with an order compelling the company to fall in line.

The matter was supposed to be heard in Court last Tuesday (March 22) but a day before this the FBI suddenly asked for a continuance until April 5 in order that a method proposed by an outside agency for breaking into the phone could be tested. On Monday, US time, the FBI called off the case, saying that an outside party had succeeded in cracking into the phone.

Pandey did not see the whole episode as setting a precedent for future requests from the FBI in solving cases, "but I do see it as being a landmark case for tech companies taking a stand on user privacy".

She said that, understandably, Apple would now seek to find out the method that ended up working for FBI.

"Apple will undoubtedly seek to understand and patch the vulnerabilities whereas the FBI will need to go through a process to decide if they would disclose the vulnerability," she said.

"The fact that an 'outsider' suggested this method is a bit scary as there is no doubt other folks are now increasing their efforts to understand and exploit this loophole."

Asked about the effect this case had had on the public at large, Pandey said overall it had drawn attention to the issue of balancing data privacy and national security.

"This has made people wonder how far are they willing to give on one for the sake of the other. Apple has received both criticism and support from multiple groups and so has the FBI. The big impact of this publicity has been on the fact that mobile devices have become central to our existence and can provide insights into one's behaviour, intent and activities like never before.

"This discussion has made people consider the possibility of using/exploiting this information and, while it has created awareness, it has probably also inspired fraudsters and cyber-criminals to renew their efforts to find and exploit vulnerabilities."

But Pandey said the whole episode would not have educated any sizeable portion of the US population about security or privacy to any great extent. "If I was to go by my Facebook news feed as a representation of user interest, I would report that a significant portion of the US population has not followed this as closely as those of us in the industry have," she said.

"An average consumer probably doesn't understand the long-term impact of this case and hence I don’t see a tangible impact on sales for Apple. Corporations may use this to favourably consider using Apple devices for their employees."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments