Data breaches occur because good people, data and technologies are taken advantage of by malicious actors. The reality of the world we now live in, is that sooner than later technology created with good intentions is used for wrongful purposes.
Apple Inc. is now potentially facing this harsh reality. The United States government requested a court order demanding that Apple create a version of iOS that would allow the federal government to bypass built in security measures.
This new technology would significantly weaken the security of the iPhone.
What does this mean?
iPhone State of Security
The Apple iPhone is currently running one of the most sophisticated security operating systems in the world with iOS 9. According to Apple, this mobile operating system has security built around 8 different areas:
"System security: The integrated and secure software and hardware that are the platform for iPhone, iPad, and iPod touch.
Encryption and data protection: The architecture and design that protects user data if the device is lost or stolen, or if an unauthorized person attempts to use or modify it.
App security: The systems that enable apps to run securely and without compromising platform integrity.
Network security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
Apple Pay: Apple’s implementation of secure payments.
Internet services: Apple’s network-based infrastructure for messaging, syncing,and backup.
Device controls: Methods that prevent unauthorized use of the device and enable it to be remotely wiped if lost or stolen.
Privacy controls: Capabilities of iOS that can be used to control access to Location Services and user data."
Today, a cyber criminal can discover every detail about our lives by going through our iPhones. They can gain access to banking and financial information, health care records and even social security numbers. Due to the importance of the information available on our mobile devices, Apple and others like them have made security a cornerstone of all their products.
An Unsecure iPhone
According to Apple, “The [United States] government asked a court to order Apple to create a unique version of iOS that would bypass security protections on the iPhone Lock screen. It would also add a completely new capability so that passcode tries could be entered electronically.”
The latter removes a security feature that requires passcodes to be entered manually by the iPhone user. With the removal of the manual requirement, passcodes could now be entered by a modern super computer that attempts millions of password combinations in a short amount of time. The removal of the manual requirement feature makes the iPhone significantly less secure.
The United States Government is essentially requiring Apple to hack their own customers when they want or need information. Government officials want there to be a “Master Key” to unlock any iPhone running iOS. The U.S. government states that the FBI will only use such technology in circumstances of national security. While this may be well intended, once Apple creates a “Master Key” or a technology to reduce security protection, who is to say that it won’t fall into the wrong hands.
What hands you might ask?
The key could be used or stolen by a rogue Apple employee or malicious actor to access the personally identifiable information on your iPhone.
The U.S. government could use it incorrectly through the expansion of more privacy access. The technology could even be hacked and stolen from the U.S. Government as other information has in the past, notably the IRS breach.
Once the government possesses this key, one does not know where these types of powers will lead. If devices are lost or stolen, or if an unauthorized person attempts to use or modify your device, Apple will be significantly limited in keeping the cyber criminal out.
As Apple states, “Should the government be allowed to order us to create other capabilities for surveillance purposes, such as recording conversations or location tracking? This would set a very dangerous precedent.”
Today, data breaches occur when technology, information and/or credentials fall into the wrong hands. This circumstance is no different, expect in the fact that Apple is being forced to create the very thing cyber criminals desire: An easier way to access your information.
Take Action in The Right Place
The bottom line is that the United States government is asking Apple to weaken security for the purpose of advancing security. This premise simply does not make sense.
Instead of focusing on weakening security to advance it, let’s focus on creating new technologies to secure our nation’s borders. Let’s build new technologies to help our police officers keep communities safe. Let’s invest in technologies that educate our children faster and more efficiently so they can learn how to contribute to society as law-abiding citizens.
One most put to rest the premise that when an individual commits an unlawful act, society is to blame.
As a Cybersecurity Strategist, my job is to keep the people I serve safe. These people are business executives, employees, doctors, patients, teachers and children. I take my job very seriously, because it is my duty to keep these men, women and children, as well as businesses and organizations safe from illegal acts by cyber criminals.
A cyber criminal only has to be right once, I have to be right all of the time. They, as do I, have an obligation to keep their clients and children safe. Because of my duty to protect the people that I serve, I cannot support a premise that weakens security in hopes of advancing it.