now browsing by tag
#nationalcybersecuritymonth | Security experts explain why unlocking the Pensacola shooter’s iPhones would unleash a privacy nightmare for iPhone owners
- Apple’s decision not to unlock or create a backdoor into the iPhones used by a gunman in a Florida shooting last month puts the tech giant at odds with the United States government yet again.
- Security experts agree, however, that circumventing the iPhone’s security poses a significant risk to iPhone users since it would provide a means to obtain private data that even Apple can’t presently access.
- There’s a risk that such a tool could fall into the wrong hands, some experts warn.
- Visit Business Insider’s homepage for more stories.
Attorney General William Barr recently called on Apple to help unlock the iPhones used by a gunman in Pensacola, Florida last month – a situation that once again requires the tech giant to balance protecting consumer privacy with its legal obligation to assist in investigating a shooting that’s resulted in the loss of American lives.
But security experts agree that providing access to the shooter’s iPhone could jeopardize the security of the millions of iPhones in use around the world.
„In essence, you’re trying to make a weapon that can only be used on a single target,“ Jacob Doiron, an information systems lecturer at San Diego State University, said to Business Insider. „But that’s not the nature of weapons, or exploits. They are applicable to any device that has that profile or configuration.“
On Monday, Barr said that Apple had not provided any „substantive assistance“ in getting access to two iPhones belonging to the shooter, Mohammad Alshamrani, who killed three people at a naval airbase last month. But Apple has since refuted that characterization, saying that it had provided iCloud backups, information, and other data from Alshamrani’s account in cooperating with the investigation. Now, Apple is reportedly gearing up for a legal battle with the Department of Justice to defend its position, according to The New York Times.
„We have always maintained there is no such thing as a backdoor just for the good guys,“ Apple said in a comment to Business Insider. „Backdoors can also be exploited by those who threaten our national security and the data security of our customers.“
Apple took a similar position in 2016 when it was caught in a stand-off with the Federal Bureau of Investigation over whether it should unlock an iPhone linked to a shooting in San Bernardino, California. Apple refused to unlock the iPhone, and the FBI ultimately ended up working with a private companyto gain access to the device.
The crux of the issue when it comes to unlocking an iPhone or bypassing its encryption , according to privacy experts, is that once Apple creates a backdoor, there’s a risk that it can be used in unpredictable and in some cases harmful ways.
„I would say the chances of it falling into the wrong hands are 100%,“said Mark Nunnikhoven, vice president of cloud research for cybersecurity firm Trend Micro.
There’s also the question of why Apple couldn’t just create the tool for the purposes of the investigation and then push an update to iPhones that would render it obsolete. For that to work, the backdoor would have to be tied to the software only, not the iPhone’s hardware, says Doiron. „Sometimes these vulnerabilities take place on the hardware, level,“ he said. „That’s not something that could be fixed via software.“
„We’re on your side“
The broader issue, however, may be that creating such a tool would put private, encrypted data from iPhone users in the hands of Apple and its employees – a privilege the company doesn’t want to begin with. Such a move that would be in stark opposition to Apple’s stance on consumer privacy.
„You are not our product,“ Apple CEO Tim Cook said in an interview with ABC News last year. „Our products are iPhones and iPads. We treasure your data. We want to help you keep it private and keep it secure. We’re on your side.“
Foto: Apple CEO Tim Cook.sourceREUTERS/Toru Hanai
Theoretically, if Apple were to create some type of tool or key that would provide backdoor access to encrypted iPhone data, employees from Apple would have access to that information as well since they would likely be assisting in the investigation. What’s to prevent an Apple worker from going rogue and possibly leaking iPhone user data, or using the tool for nefarious purposes?
Nunnikhoven pointed to EternalBlue as an example of how a tool built for specific purposes could fall into the wrong hands. EternalBlue was a National Security Agency hacking tool that leaked to the public in 2017 that was linked to the WannaCry ransomware attack that infected computers all over the world during that same year.
Creating the tool in general would also require a significant effort on Apple’s part. It’s not simply about cracking the passcode of the device, but would likely require that a dedicated team at Apple create a piece of software capable of accessing the data stored on the device, says Nunnikhoven. The government, in other words, is asking Apple to enable something that isn’t even possible on iPhones today.
Unlocking these iPhones for the Pensacola investigation would also likely set a precedent for law enforcement agencies to request similar treatment for future cases as well, says Matt Wilson, chief information security advisor at BTB Security.
„It’s just more evidence to prove this isn’t just [cybersecurity experts] saying, ‚I don’t want to think about it,’“ said Wilson. „It’s [experts] saying we’ve thought about it very long and very hard, and we don’t see a viable way that addresses all of these issues.“
The post #nationalcybersecuritymonth | Security experts explain why unlocking the Pensacola shooter’s iPhones would unleash a privacy nightmare for iPhone owners appeared first on National Cyber Security.
View full post on National Cyber Security
After anxious days awaiting Iran’s response to the US assassination of Qasem Soleimani, the country sent missiles flying at two Iraqi military that housed US troops—who knew about it well in advance, thanks to an early warning system that dates back to the Cold War. In a rare reversal from the norm, Donald Trump followed up by using Twitter to defuse tensions rather than escalate them further. Iran’s still on a path to developing nuclear capabilities, but they won’t get there any time soon.
As far as anyone knows, Iran hasn’t countered the US directly with a cyberattack, but a new report shows that they’ve spent the last year probing US critical infrastructure. All of which is to say, let’s hope both parties stick with deescalation.
On the home front, Amazon swatted at money-saving extension Honey just in time for the holidays, warning users that it was a security risk without specifying how. Google welcomed alleged spy app ToTok back into the Google Pay Store, while the jury’s still out for Apple. And TikTok recently patched bugs that could have let attackers take over a victim’s account. (No, that doesn’t mean it’s spying on you.)
It was an active week for Facebook; the company made its Privacy Checkup feature a wee bit more granular, acknowledged that encrypting Messenger end-to-end by default will take years, and suffered a bug that doxxed the admins of Pages. Otherwise all good, though.
And while you may have heard that Russia disconnected itself from the internet over the holidays, that’s not quite right. But the Kremlin’s efforts to censor the internet are very real, and increasingly broad.
Stop us if you’ve heard this one before: The FBI has asked Apple to unlock the iPhone of a mass shooter. As it did when the agency did the same in the San Bernadino investigation, Apple has declined. The Cupertino company regularly complies with subpoenas for data stored in its cloud, but argues that breaking into a locked iPhone would be require undermining its own encryption, which in turn would make all iPhones less safe. The prolonged fight in 2016 ended in something of a draw, when the FBI found a way to unlock the iPhone on its own. While its request hasn’t escalated to a court fight yet, it’s only a matter of time before it tries for a rematch.
[A Comprehensive Look at How SMS Two-Factor Authentication Gets Abused](https://www.issms2fasecure.com/
We’ve written about the risks inherent in using SMS-based two-factor authentication since 2016. Since then, the plague of so-called SIM-swap attacks that it enables have only grown, hitting even Twitter CEO Jack Dorsey. This week, researchers at Princeton University’s Center for Information technology detailed the many, many ways that SMS 2FA can go wrong, including multiple failings on the part of carriers to vet SIM-swap requests. If this doesn’t convince you to switch to an authenticator app, nothing will.
By now it’s no longer surprising that every voice assistant has a small army of human contractors behind it, transcribing recordings to improve accuracy. (Or did, until the public backlash.) Skype, however, reportedly hit an impressive low by not only using contractors in China but letting them listen to recordings through a Chrome web browser, and were encouraged to all long in through the same account and password. In other words, it would have been almost comically easy to compromise the sensitive data. Microsoft told The Guardian that it has since moved its transcription efforts out of China and into “secure facilities.” It’s unclear exactly what that means, but the bar appears to be extremely low.
To continue the theme: In a letter to US senators this week, Ring acknowledged that four employees sought improper access to video taken by its customers’ cameras over the last four years. The company says that of them were fired for violating company policy, and that currently only three employees can access stored customer videos.
More Great WIRED Stories
View full post on National Cyber Security
When the U.S. government couldn’t force Apple to give it access to the iPhone used by the shooter in the San Bernardino massacre, it reportedly paid $1 million for a secret software vulnerability that gave it full access to the … View full post on National Cyber Security Ventures
How to check IMEI ESN status of iPhone’s & Android’s – Blacklisted or not? – Missing Computer AlertMissing Computer Alert
missingcomputeralert.com – We offer unlocking and repair services! Visit our website: http://www.cellularproz.com/unlock This is a video on how to check the status of your cell phone’s…
View full post on Hi-Tech Crime Solutions Weekly
If your app has a serious security vulnerability, you’d better hope that an enthusiast finds it before a malicious hacker does. An Instagram user recently unearthed a serious flaw in the iOS version, and possibly the Android version as well, […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
View full post on National Cyber Security