But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked.
The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.
Making matters trickier, Apple’s security operation has been in flux. The operation was reorganized late last year. A manager who had been responsible for handling most of the government’s data extraction requests left the team to work in a different part of the company, according to four current and former Apple employees, who spoke on the condition of anonymity because they were not authorized to speak publicly about the changes. Other employees, among them one whose tasks included trying to hack Apple’s own products, left the company over the last few months, they said, while new people have joined.
The situation is in many ways a continuation of the cat-and-mouse game Apple is constantly engaged in with hackers, but the unusually prominent nature of this hacking — and the fact that the hacker was the United States government — creates a predicament for the company. “Apple is a business, and it has to earn the trust of its customers,” said Jay Kaplan, chief executive of the tech security company Synack and a former National Security Agency analyst. “It needs to be perceived as having something that can fix this vulnerability as soon as possible.
” Apple referred to a statement it made on Monday when the government filed to drop its case demanding that the company help it open Mr. Farook’s iPhone. “We will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” Apple said.
Apple has been making many long-term moves to increase the security of its devices. The company’s chief executive, Timothy D. Cook, has told colleagues that he stands by Apple’s road map to encrypt everything stored on its devices and services, as well as information stored in Apple’s cloud service iCloud, which customers use to back up the data on their mobile devices. Apple engineers have also begun developing new security measures that would make it tougher for the government to open a locked iPhone.
For now, with the dearth of information about the flaw in Mr. Farook’s iPhone 5C, which runs Apple’s iOS 9 operating system, security experts could only guess at how the government broke into the smartphone.
Forensics experts said the government might have attacked Apple’s system using a widely discussed method to extract information from a protected area in the phone by removing a chip and fooling a mechanism that blocks password guessing, in order to find the user’s password and unlock the data.
The authorities may have used a procedure that mirrors the phone’s storage chip, called a NAND chip, and then copied it onto another chip. Often referred to as “NAND-mirroring,” this would allow the F.B.I. to replace the original NAND chip with one that has a copy of that content. If the F.B.I. tried 10 passcodes to unlock the phone and failed, it could then generate a new copy of the phone’s content and try another password guess.
No comments:
Post a Comment