The FBI has decided it will not divulge the details of how it successfully hacked into the San Bernardino iPhone to Apple, having found a method at the last-minute just hours before going to court in late March. However, in an attempt to appear helpful and cooperative, the FBI gave Apple its first security tipoff under the Vulnerability Equities Process this month.
Reuters reports the FBI informed Apple of a security flaw affecting iOS and Mac software on April 14th, as part of a process that balances the needs of law enforcement to hack devices and the needs of manufacturers to patch found flaws before criminals can use them …
In this case, the disclosure was effectively useless as it related to older iOS and Mac software versions, with the issue already being patched in iOS 9 and OS X El Capitan. Apple says this is the first time FBI has given such information over to the company.
Reuters speculates the FBI gave its first ever security tip off to fend off critics who are frustrated that it will not disclose the details of the San Bernardino hack and is generally cooperative with policy and manufacturers about found vulnerabilities.
Apple says the flaw the FBI disclosed does not change the company’s perception that the White House Vulnerability Equities Process is less effective than has been claimed:
Reuters reported earlier this month that the FBI believed it did not have legal ownership of the necessary information and techniques for breaking into the iPhone so would not be able to bring it to the White House for review under the equities process.
The day after that report, the FBI offered information about the older vulnerabilities to Apple. The move may have been an effort to show that it can and does use the White House process and disclose hacking methods when it can.
The flaw the FBI disclosed to Apple this month did nothing to change the company’s perception that the White House process is less effective than has been claimed, said an Apple executive who declined to be named.
Apple does not plan to send out a patch for the security issue affecting older OS versions. As always, if users want to stay abreast of the latest security improvements, they should update to the latest iOS and OS X versions, iOS 9 and El Capitan. According to Apple’s official numbers, 84% of active users are running iOS 9 or later.
FTC: We use income earning auto affiliate links. More.
Will their stupidity ever end? I mean, how many people can they hire with a single digit IQ? To save face, I’d simply close shop.
FBI wanting to look “contrite and helpful” to assist in their perception that Apple is Un-American and not willing to help in the “fight against terrorism?”
PR Spin Doctors in Washington. YMMV
FBI should tell Apple nothing.
Apple is part of the problem not part of the solution – they need to be treated as such.
FBI should only support and cooperate with responsible corporations.
When it comes to humor, some will never let us down
Hey John, could I have all of your account usernames and passwords, your bank account info, and access to all of your personal data? it’s for national security, and all of your posts suggest you’re okay with that. I won’t do anything malicious with your info, I promise. I just need it because national security and because terrorists. Thanks in advance!
You forgot to add all his photos and info on all his family and every one he knows.
What if they devised a system that would allow the FBI to create a specific software update for a *specific* iPhone to access is, but required use of a distributed key system to install it? (See “Cothority to Apple: Let’s make secret backdoors impossible: Decentralized cosigning could make it tough for government to gain access” Ars Technica March 2016 [http://arstechnica.com/security/2016/03/cothority-to-apple-lets-make-secret-backdoors-impossible/]) This might (in theory) ensure some degree of transparency.
Of course, this basically creates a kind of “distributed FISA court” – and we know how well that works for transparency. And a lot of the different entities holding the separate keys might just adopt a “rubber stamp” policy, given that 99% of the access requests would probably be for “routine drug-related/stalking stuff”.
If the FBI had the tools to begin with to get the information from the iPhone or iPhones why did take so long?Apple isn’t the only company that’s at security risk.The whole system is flawed.