Safe to say we didn’t raise our hands
The kerfuffle between the FBI and Apple continues (raise your hand if you’re shocked).
First, there was the lengthy legal spat, as the government attempted to force Apple’s collaboration in an effort to hack into the phone of one of the terrorists responsible for the attack on San Bernardino last year. Then, the FBI confirmed they have found an alternative way to hack the phone. Now, as of April 27th, they won’t tell Apple how they hacked their device. What’s up with that?
“We don’t know how we did it”
In this case, the FBI claims they don’t know how the hack works. According to a statement made by assistant director for science and technology Amy Hess, the organization purchased the method, but not the rights to how it works, or the assumptions behind why it works.
Normally, when the FBI uncovers security holes like this, they submit them to the Vulnerabilities Equity Process, a review panel that decides whether they share that information with the company. In this case, due to the FBI’s lack of knowledge, any meaningful review to determine whether they should turn it over would be fruitless.
Exciting stuff, right?
FBI remains secretive (big surprise)
The FBI also asserts that the solution works on a narrow segment of iPhone 5c models running iOS 9. The reality is, even if the secret were to get out, it wouldn’t compromise the security of most iPhones in existence.
However, given how high-profile this case has been, it’s just easier for everyone involved to keep their mouths shut, as far as the public is concern. Even in lower-profile cases, this isn’t an unusual stance; the FBI leans towards secrecy when it comes to things like this, and for good reason. According to the LA Times, an Italian company that bought and sold security flaws found its entire database leaked onto the Internet in 2015. The security issue could explain why the FBI and the outside party are being so secretive about the process.
The saga continues
The secrecy does create some concerns. Jonathan Zdziarski, in a blog post published on April 26, criticized the FBI for knowing so little about the safety of the tool while still allowing it to access terrorist information on the phone. He called the behavior “reckless,” claiming it could have exposed sensitive information on the phone to others.
Furthermore, Zdziarski contends, without knowing how the tool works, it could threaten legal cases where evidence from the tool is used. That’s significant since the FBI is already lending out this solution to law enforcement agencies across the country.
Ultimately, only time will tell how this plays out. Here’s hoping that this dog-and-pony show keeps this contained. Or, hope that Tim Cook and company fix the hack before someone else finds it.
Or, if you’re thirsty for a conspiracy theory, this could all be a Wizard of Oz situation with Cook and Comey cooperating behind the curtain. We’ll never know.