More About Apple and Security

February 24th, 2016

Although there has been plenty of fear-mongering about Apple’s approach to security over the years, the fact remains that there’s still no compelling need to install antivirus software on your Mac. While there is security software for Android users, it’s not needed for iOS. If you are careful about the sites you visit, and you don’t click on every little thing in your email, you can probably stay safe with an Apple gadget.

As the Mac platform expanded after the release of OS X and Apple’s move to Intel, the theory had it that malware would increase sharply. Why? Because Macs had become more visible targets. While there have been occasional outbreaks, the actual Mac platform was usually not what was targeted. So we have the Flashback Trojan Horse in 2012 that impacted Java, not the Mac. Since then, Apple has pawned off support to Java’s owner, Oracle.

Another potential source of security threats is Flash. Adobe updates it regularly, but the newest version of the app that lets you create a Flash applet or site is really pushing you to use HTML5 instead. Aside from sites with older code, you’re going to see fewer and fewer Flash-based content online going forward. That’s quite a comedown from the days when Adobe attacked Apple for not supporting Flash on iOS, and Steve Jobs had to release a rare public statement as to why.

History has proved him right.

In the wake of the Edward Snowden revelations in 2013 about all the secret government documents he managed to acquire and release, Apple shored up security in iOS. For iOS 8 and iOS 9, your gear’s data is encrypted. If you want to try to open a device using the passcode, you have ten opportunities. You fail, the data is erased. That’s the crux of the problem facing the Feds as they try to find out what’s on a work iPhone 5c used by one of the terrorists in last December’s San Bernardino, CA attack.

I’ve already weighed in on the matter. Apple says that if you force them to create a backdoor for one iPhone, there is no way in the digital world to limit that incursion to a single device. It will open the door for any iPhone to be thus hacked. It has also been reported that more than a dozen other requests are out there from authorities for Apple to open iPhones. If the case is lost, that trickle will become an avalanche, and that’s before other countries get into the act and make similar demands.

Now in yesterday’s column I mentioned that a certain cable TV commentator suggested the FBI just give Apple the iPhone and let them do their thing. But that would merely move the backdoor to the Apple campus, which would thus open the company to massed attacks by outside hackers. Is it at all possible criminals would seek to go after Apple’s executives to force them to tell all? That would create a paranoid scenario that seems more inclined to play out in a TV show, such as “CSI: Cyber” on CBS. That’s a show that depicts a crew of former hackers who help the FBI deal with cybercrime. At least it’s less jarring on one’s sensibility than watching people revel on ripping apart dead body parts to solve crimes, as they did in the previous CSI procedurals.

Realistically, those San Bernardino terrorists destroyed their personal smartphones, which is where they would have likely placed incriminating information. This iPhone 5c is a work phone, and thus the chances that they’d be stupid enough to put personal information on there is, so far as I’m concerned, slim to none. It also appears that the perpetrators were individuals who were radicalized but never actually joined a terrorist organization. Thus they would have gotten ideas of what to do and how to do it, but they didn’t coordinate with anybody else. So the chances that even their own smartphones, had they been recovered and restored, would store any actionable information might also have been slim to none.

So the whole deal, assuming something might be on that iPhone 5c, is little more than a crapshoot. Were those terrorists that stupid? After all, that work phone could have been recovered at any time by the owner, even restored and prepared for reuse by another employee. That it was in the hands of a terrorist prior to the crime doesn’t mean it’s a critical piece of evidence.

Imagine a situation where Apple is forced by a ruling of the U.S. Supreme Court to create a special version of iOS that will remove the code that blocks brute force intrusions. The data is recovered, and there’s nothing there of any importance! It would all be a wasted effort, except for the fact that every owner of an iPhone or iPad will lose some of their privacy.

And Apple will merely modify iOS and firmware so that even backdoor recovery apps or operating systems can’t be created. Indeed, that may already be in the works.

| Print This Article Print This Article

One Response to “More About Apple and Security”

  1. DaveD says:

    Here is an example of using critical thinking on what actionable intelligence is likely on a WORK iPhone. The terrorists destroyed their own smartphones and I believe, their PC hard drives were removed and destroyed. It would appear they deliberately covered their tracks. So, why is the FBI making their pursuit of the iPhone so public, for all to see, even the bad guys who may not be that stupid?

Leave Your Comment