The biggest news this week isn’t about some new device hitting the market, or a major technological breakthrough. Instead, it’s about one older iPhone. While no one might think twice about an iPhone 5c, this phone could radically change the state of cybersecurity in our country, and even the world. This phone was once owned by the San Bernardino shooter, and at the moment, no one can unlock it.
So how can one little outdated iPhone change the state of cybersecurity? Well, the issue is that the FBI wants to have a way to access any phone, so that they can go through the information contained within. Unfortunately for them, due to the way Apple encrypts their phones, they cannot simply provide the FBI with some manner of unlocking the phone. In another place and time, that might have been the end of the story. And honestly, that’s where it should have ended.
Instead of realizing that the information is beyond their reach, the Government has now ordered Apple to create a version of their popular iOS, which would allow them to unlock any iPhone. Earlier this week, Apple published a letter explaining exactly why they would not do this. Their main argument is that to implement the features requested by the government, they would have to bypass several of the security features, which they do not want to do.
The bigger issue is that building this new iOS version would create a backdoor that the government could use to access any iPhone. It also means that should this software fall into the wrong hands, hackers could use it to access the contents of any iPhone. Both scenarios are completely unacceptable, and defeat the purpose of having encryption in the first place. Plus, going down this path could set a terrible precedent for future cases involving encryption and cybersecurity.
One person thinks that they have an answer that will satisfy all parties. He wants the FBI to allow him to have a shot at hacking the iPhone in question. Now, this might seem like an empty promise from someone who thinks they know more than they do. However, the person suggesting the idea is John McAfee.
Yes, I’m talking about the same McAfee that developed the popular antivirus software that bears the same name. He might not still have anything to do with the software, and he might also have taken some questionable actions over the years, but he has a point.
Yesterday he posted an op-ed on Business Insider that explained his position on this matter, and why he thinks his solution would appease all parties involved. Namely, the FBI says that it only wants to use Apple’s special iOS version (which hasn’t actually been made yet) for this single case. So if McAfee and his team of hackers can get the job done, the government would have no need to press Apple for this new, insecure version of their phone’s OS.
He goes on to quote Apple CEO Tim Cook on the reasons why this action will undermine virtually every security effort that they have developed to keep their customers safe.
While it’s easy to dismiss hackers as the solution to the problem, McAfee makes some very good points. The best minds to work on these sorts of problems aren’t sitting at a desk in a government office. They’re the sort that go to events like Defcon, and spend their lives trying to find new ways to do things that are supposedly impossible to do.
McAfee said that he and his team can perform this task in just three weeks, and will “primarily use social engineering.” In case you’re not familiar with the term social engineering, it’s the idea that you can gain access to systems simply by talking and interacting with the right people, who can give you direct access, or information that will eventually lead to access. Often, if you can convince someone that you’re with a security firm, or their company’s IT staff, they will just tell you their password.
Obviously, they’re not going to be asking the San Bernardino shooter any questions, so this might seem like a silly attempt. However, there are many things that can be done to acquire someone’s password, or phone passcode. Think about your phone’s 4-digit passcode (if that’s what you use). Now think about the PIN for your debit card. Now think about your typical email password, and then about the password used for your iTunes account.
I’d be willing to bet a lot of people (especially the those who aren’t so tech-savvy) will find similarities between their PINs or passwords. And those are just a couple of ways that social engineering could lead to an unlocked phone. Don’t forget that iTunes passwords can be reset by answering a few personal questions. If one could find the answers to these, then the iPhone’s data could be recovered using the same computer that it was previously synced to.
I doubt that the government would actually take John McAfee up on his offer. However, this is one more tech giant standing up and standing with Apple. And while he might not be making the most news about his run, he is actually running for President as a member of the Libertarian party.
The most important thing that needs to happen isn’t unlocking this phone. It’s protecting the security and privacy of everyday citizens.