Home iOS Details of how the feds broke into iPhones should shake up enterprise...

Details of how the feds broke into iPhones should shake up enterprise IT

171
25

Apple has an awkward history with security researchers: it wants to tout that its security is excellent, which means trying to silence those who aim to prove otherwise. But those attempts to fight security researchers who sell their information to anyone other than Apple undercuts the company’s security message.

A recent piece in The Washington Post spilled the details behind Apple’s legendary fight with the U.S. government in 2016, when the Justice Department pushed Apple to create a security backdoor related to the iPhone used by a terrorist in the San Bernardino shooting. Apple refused; the government pursued it in court. Then when the government found a security researcher who offered a way to bypass Apple security, the government abandoned its legal fight. The exploit worked and, anticlimactically, nothing of value to the government was found on the device.

All of that is known, but the Post piece details the exploit the government purchased for $900,000. It involved a hole in open-source code from Mozilla that Apple had used to permit accessories to be plugged into an iPhone’s lightning port. That was the phone’s Achilles Heel. (Note: No need to worry now; the vulnerability has long since been patched by Mozilla, rendering the exploit useless.)

The Apple security feature that frustrated the government was a defense against brute force attacks. The iPhone simply deleted all data after 10 failed login attempts.

One threat researcher “created an exploit that enabled initial access to the phone — a foot in the door. Then he hitched it to another exploit that permitted greater maneuverability. And then he linked that to a final exploit that another Azimuth researcher had already created for iPhones, giving him full control over the phone’s core processor — the brains of the device,” the Post reported. “From there, he wrote software that rapidly tried all combinations of the passcode, bypassing other features, such as the one that erased data after 10 incorrect tries.”

Given all of this, what is the bottom line for IT and Security? It’s a bit tricky.

From one perspective, the takeaway is an enterprise can’t trust any consumer-grade mobile device (Android and iOS devices may have different security issues, but they both have substantial security issues) without layering on the enterprise’s own security mechanisms. From a more pragmatic perspective, no device anywhere delivers perfect security and some mobile devices — iOS more than Android — do a pretty good job.

Mobile devices do deliver very low-cost identity efforts, given integrated biometrics. (Today, it’s almost all facial recognition, but I am hoping for the return of fingerprint and — please, please, please — the addition of retinal scan, which is a far better biometric method than finger or face.)

Copyright © 2021 IDG Communications, Inc.

25 COMMENTS

  1. 422168 778880Im so pleased to read this. This really is the type of manual that needs to be given and not the accidental misinformation thats at the other blogs. Appreciate your sharing this greatest doc. 57450

  2. 209481 935002Pretty part of content material. I just stumbled upon your weblog and in accession capital to assert that I get in fact loved account your weblog posts. Any way Ill be subscribing on your feeds or even I success you access constantly quick. 409572

  3. 629780 362713But wanna admit that this is really useful , Thanks for taking your time to write this. 12341

  4. 212665 289255Hey, you used to write wonderful, but the last few posts have been kinda boring I miss your tremendous writings. Past few posts are just a little out of track! come on! 37254

  5. Definitely believe that that you said. Your favorite justification appeared to be on the internet the simplest factor to have in mind of. I say to you, I definitely get annoyed whilst other people consider issues that they just don’t recognize about. You controlled to hit the nail upon the highest and also defined out the entire thing without having side-effects , other folks could take a signal. Will probably be back to get more. Thank you|

  6. I simply couldn’t leave your website prior to suggesting that I actually loved the standard info a person supply on your guests? Is gonna be back frequently to check up on new posts|

  7. Hi! I simply wish to offer you a big thumbs up for the excellent information you’ve got right here on this post. I am coming back to your web site for more soon.|

  8. May I simply just say what a comfort to uncover somebody who really knows what they are talking about over the internet. You certainly realize how to bring a problem to light and make it important. More people must check this out and understand this side of your story. I can’t believe you aren’t more popular given that you definitely possess the gift.|

  9. I have read so many posts about the blogger lovers but this piece of writing is really a fastidious post, keep it up.|

  10. I am extremely impressed with your writing abilities as smartly as with the layout in your blog. Is this a paid topic or did you modify it your self? Anyway stay up the nice high quality writing, it is rare to see a nice blog like this one today..|

  11. I do not know whether it’s just me or if everybody else experiencing issues with your website. It appears as if some of the written text on your posts are running off the screen. Can someone else please provide feedback and let me know if this is happening to them too? This could be a problem with my browser because I’ve had this happen previously. Cheers|

  12. I just like the helpful information you supply on your articles. I will bookmark your blog and take a look at again here frequently. I’m relatively certain I’ll be informed many new stuff right right here! Good luck for the following!|

  13. I got this web page from my friend who told me on the topic of this website and at the moment this time I am browsing this website and reading very informative articles or reviews at this place.|

  14. Yesterday, while I was at work, my cousin stole my iphone and tested to see if it can survive a 25 foot drop, just so she can be a youtube sensation. My apple ipad is now destroyed and she has 83 views. I know this is completely off topic but I had to share it with someone!|

  15. Incredible! This blog looks exactly like my old one! It’s on a completely different subject but it has pretty much the same page layout and design. Wonderful choice of colors!|

  16. I got this web page from my friend who informed me regarding this website and at the moment this time I am browsing this site and reading very informative posts at this time.|

  17. Wonderful beat ! I wish to apprentice even as you amend your site, how can i subscribe for a blog web site? The account helped me a appropriate deal. I have been tiny bit familiar of this your broadcast provided bright clear concept|

LEAVE A REPLY

Please enter your comment!
Please enter your name here