„This is not a case about one isolated iPhone.“

iPhoneBlog.de_Fingerabdruck

The head of the FBI said Wednesday that the government had „purchased a tool“ enabling investigators to access an iPhone belonging to San Bernardino gunman Syed Farook.

The disclosure by James Comey in a speech at Ohio’s Kenyon College was a departure from previous official statements, which had been vague in explaining the details of how the government broke into the phone last month.

FBI director says government ‚purchased a tool‘ to access San Bernardino gunman’s phone

Die Zusammenfassung der letzten Woche: Das FBI hat sich also einen Exploit fürs 5c geshoppt, bietet das neue Tool wenige Stunden nach dem Erwerb flächendeckend anderen Behörden an und zeigt die Schwachstelle nun im US-Kongress herum.

Such an exploit has numerous uses within the intelligence community and poses a threat to not only the hundreds of millions of older devices out there, but if it can be ported to a 64-bit platform, every single one of us – either directly as a threat from the government, a nation state the exploit developer also sold it to, or another hacker who finds the same hole because FBI didn’t report the vulnerability to Apple. FBI has left us all potentially exposed by choosing to keep their technique secret.

Jonathan Zdziarski | „Why a Software Exploit Would be a Threat to Secure Enclave Devices

Ich schätze also, so eine Unbequemlichkeit wie ein Boot-Passwort, steht derzeit Apple intern zur Diskussion.

Erneut, Jonathan Zdziarski:

Unlike the device’s operating system – which has proven to be vulnerable to dozens of attacks every release cycle, the device’s boot loader has such a stripped down code base that it’s attack surface is the head of a pin compared to the operating system.

Apple has always been highly protective of the user experience, but having been out for almost ten years, we’re no longer school children with iOS. With adversaries including nation state actors, the balance between a simplistic and pretty user interface must slightly shift toward protecting user data. Especially on devices with such a large footprint of forensic artifacts.

How Apple Can Make Their FBI Problems Go Away