The biggest story involving security to hit the news since Edward Snowden and the NSA is Apple against the FBI. The issue started when the FBI recovered an iPhone used in the shootings that took place in San Bernardino, Calif. The FBI wants Apple to disable the encryption protection on the phone.
In 2014, Apple changed its operating system (iOS) so that all iPhones were encrypted by default and Apple had no access to the encryption keys. Apple’s security automatically erases the information on the device after 10 failed login attempts. The FBI wants Apple to deactivate that feature so they can make multiple attempts at determining the passcode. Apple has resisted on all requests and filed court motions to oppose the FBI requests to create a backdoor. In an interview with ABC News, Tim Cook spoke about the case saying:
“Apple has cooperated with the FBI fully in this case. They came to us and asked for all the information we had on this phone and we gave everything we had, but this case is not about one phone. This case is about the future. What is at stake here is can the government compel Apple to write software we believe would make hundreds of millions of customers around the world vulnerable, including in the U.S.”
And that is the current issue at stake: How does this compromise the future of security in our technology as we become more and more dependent on it? The implication of compromising security also threatens the future of the Internet of Things (IoT).
The Internet of Things emphasizes the use of mobile devices. As more companies implement IoT systems, network and computer security is one of the major areas that need to be maintained and updated to prevent access from threatening outside sources. Smartphones, tablets, and laptops, whether provided by the company or personal, are access points for employees to massive amount of information and data, collected networks of sensors and machines. The Internet of Things lets employees change machine settings, manufacturing program routines, and directly interface with their system.
As mentioned in my article about CAD and cloud services, hackers consistently try to enter our systems. This is the reality of living in an interconnected world. Wireless networks offer little security. More cities are building their own, just like LinkNYC in New York City, and security for data comes from secure websites (i.e., https sites) or the firewalls and encryptions built into our devices.
Currently, many companies and tech experts such as Facebook, Microsoft, and Dell are supporting Apple. The American Civil Liberties Union posted an article on how the FBI can bypass the erase setting. The ACLU points out that “When iOS decides to wipe out user data because the passcode guess limit has been reached… it doesn’t actually erase all the data... it just destroys one of the keys that protects the data, rendering that data permanently unreadable. This key, called the file system key, is stored in the Effaceable Storage, a part of the flash memory designed to be easily erasable. Knowing this, FBI can avoid any irreversible auto erase by simply copying the flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. Then it can re-try indefinitely because it can restore the NAND flash memory from its backup copy.”
It’s unknown whether or not the FBI has attempted this strategy. However, it shows there is a method of accessing the passcode before erasing the phone.
If our devices are gateway to our data, do we want the same companies making our devices developing skeleton keys? Apple has gone ahead and made encryption a default setting to prevent hackers from getting into our devices. They want to avoid developing a backdoor, not only because of the precedent that may set (what would prevent other countries from asking for one?), but because that backdoor may find its way to the public. Credit-card firms and governments experience hacking attack regularly and have had serious security breaches.
I do not find it hard to believe that a backdoor would fall into the wrong hands. I used to hack (i.e. jailbreak) my iPhone in the past to install unverified third-party software. Apple constantly fights jailbreaking, fixing exploits and security flaws with each new phone, and still someone finds a way to jailbreak them. The battle with hackers is not a single match, but a cycle. As they get better, companies have to surpass them to stay ahead. By building a backdoor, we are doing the hackers’ jobs for them. And if the future of manufacturing, smart cities, self-driving cars, and engineering relies on IoT, then the security of our devices must become stronger—not compromised.