Everyone has probably heard that Cellebrite, an Israeli security firm helped the FBI circumvent Apple’s user enabled data encryption. Has this changed anything? Not at all.
Just as predicted, since the DoJ is involved in other ongoing cases where Apple’s help in overcoming the iOS data encryption has been “requested”, it is very likely that the Courts involved will demand details as to how that was done. When that happens, there will be (and probably has been) an effort made to replicate the tool (by the black hats – for sale to other hackers) and efforts by Apple to strengthen the code protecting the area/areas of exploit. Spy vs. Spy vs. Spy.
If this were limited to the DoJ…but it isn’t. There are local/state agencies requesting that help from the FBI, and the FBI sent these agencies (Reuters revealed this past Friday) a memo in which the FBI said it would share the tool “consistent with our legal and policy restraints”. As this spreads, it will become more and more common knowledge, and will become ineffective as Apple patches it.
“The FBI would need to resign itself to the fact that such an exploit would only be viable for a few months, if released to other departments,” said Jonathan Zdziarski, an independent forensics expert who has helped police get into many devices. “It would be a temporary Vegas jackpot that would quickly get squandered on the case backlog.” – Venturebeat
That’s exactly the cycle that already exists with malware of ALL varieties…and in nature with living organisms. It’s called Evolution, even if the tool is NOT shared. These kind of flaws are termed “Zero day”, and even if not exploited, they come to light over time, and are patched as a matter of course. This wouldn’t happen if strong code was written from the get go: Not just Apple, but everywhere code is used. Maybe.
As usual, it’s largely about need and perception, convincing consumers you’re on their side (i.e. salesmanship) and taking advantage of it.
So, when will we write better code for the human OS?