{"id":17437,"date":"2020-01-14T14:30:08","date_gmt":"2020-01-14T22:30:08","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/01\/14\/news-11173\/"},"modified":"2020-01-14T14:30:08","modified_gmt":"2020-01-14T22:30:08","slug":"news-11173","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/14\/news-11173\/","title":{"rendered":"Apple refuses latest government iPhone-unlock request"},"content":{"rendered":"

<\/p>\n

Credit to Author: Lucas Mearian| Date: Tue, 14 Jan 2020 12:30:00 -0800<\/strong><\/p>\n

Apple turned down a request<\/a> from U.S. Attorney General William Barr this week, \u00a0saying it will not help unlock two iPhones used by a terrorist suspect last month in the deadly shooting at the Naval Air Station in Pensacola, Fla.<\/p>\n

Barr said the shooter, 21-year-old Mohammed Saeed Alshamrani, acted alone when he shot and killed three service members and wounded several others<\/a>, including two sheriff’s deputies responding to the attack. Alshamrani, a member of the Saudi Air Force and an aviation student at the base, was shot dead on the scene by police.<\/p>\n

The back-and-forth between Apple and the Department of Justice is the latest scuffle involving the company’s privacy stance and government efforts to get around that stance. Beyond the immediate dispute over the current investigation, the standoff has implications for the safety of corporate data on personal devices.<\/p>\n

If the government succeeds in forcing Apple to subvert iPhone security, corporate IT managers will be put in a sticky situation, said Alan Butler, general counsel for the Electronic Privacy Information Center (EPIC).\u00a0That’s because most employees either use smartphones under “bring your own device” (BYOD) policies or rely on company devices to conduct business and transfer sensitive information, whether it\u2019s communications or data schematics.<\/p>\n

“That’s a lot of sensitive information that may be privileged, that may be trade secrets or covered by [International Traffic in Arms Regulations (ITAR)] \u2013 so [it’s] things you have a legal obligation to protect,” Butler said. “So companies also need assurances that the hardware they\u2019re deploying is secure. If the government is ordering the company to introduce flaws into the security of the hardware or software … it could compromise that corporate data.”<\/p>\n

In a statement posted on Twitter<\/a>, Apple disputed Barr’s claim that it hasn\u2019t given \u00a0\u201csubstantative assistance\u201d in the investigation, noting it provided access to the cloud service used to back up data on Alshamrani\u2019s phones.<\/p>\n

\u201cOur responses to their many requests since the attack have been timely, thorough and are ongoing,\u201d Apple said. \u201cWithin hours of the FBI’s first request on December 6th, we produced a wide variety of information associated with the investigation. From December 7th through the 14th, we received six additional legal requests and in response provided information including iCloud backups, account information and transactional data for multiple accounts.\u201d<\/p>\n

Barr, however, apparently wants a more permanent method of access, known as a \u201cbackdoor,\u201d to be installed in iOS software to allow law enforcement access to encrypted devices in the future.\u00a0\u201cThis situation perfectly illustrates why it is critical that the public be able to get access to digital evidence,\u201d Barr said during a\u00a0news conference Monday<\/a>. He called on Apple and other tech firms to find a permanent solution to help in this and future investigations.<\/p>\n

Reiterating its past stance, Apple said: “We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.”<\/p>\n

Kurt Opsahl, deputy executive director of the non-profit digital rights advocacy group Electronic Frontier Foundation<\/a>, said Apple is right to provide strong security to its users, requiring a passcode or biometrics to unlock their smartphones.<\/p>\n

\u201cThe Attorney General\u2019s request that Apple re-engineer its phones to break that security imperils millions of innocent Americans and others around the globe, and is a poor trade-off for security policy,\u201d Opsahl said.<\/p>\n

Vladimir Katalov, CEO of Russian forensic tech provider ElcomSoft, called Barr’s request unrealistic because Apple can\u2019t \u201ctechnically\u201d unlock iPhones because of file-based encryption and secure enclave technology; it boots up separately from iOS and runs its own microkernel not directly accessible by the iPhone operating system.<\/p>\n

\u201cOf course, it is technically possible to add backdoors, implement escrow keys and things like that. But first, one cannot legally regulate the technology – secure communication channels and [secure data storage] will still remain\u2026 and no government can force any person not to use the encryption, or use only a \u2018certified\u2019 one,\u201d Katalov said via email. \u201cSecond, such backdoors will be exploited by criminals now or later. The consequences may be catastrophic.\u201d<\/p>\n

By including a method to unlock smartphones at will, Apple would be opening up all of its smartphones to potential attacks by any bad actor, Katalov said.<\/p>\n

The latest request by the Justice Department is part of an ongoing struggle between law enforcement and Apple.<\/p>\n

In 2016, the Justice Department, backed by a federal court injunction, ordered Apple to unlock the iPhone\u00a0of Syed Rizwan Farook, a suspect in the San Bernadino terrorist attack, in December of that year.<\/p>\n

At the time, Apple CEO Tim Cook said his company couldn\u2019t give the FBI any more help, claimed that utilizing the law justifying the court\u2019s order was \u201cunprecedented\u201d and again refused to help unlock the iPhone.<\/p>\n

In 2018, two companies claimed to be able to unlock any iPhone <\/a>using blackbox technology acquired by regional law enforcement officials and accessed through contracts with Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.<\/p>\n

Atlanta-based Grayshift and Israeli-based Cellebrite claimed they could thwart iPhone passcode security through brute-force attacks and full file-system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android device.<\/p>\n

Cellebrite\u2019s UFED Cloud Analyzer tool can purportedly unlock, decrypt and extract phone data, including \u201creal-time mobile data \u2026 call logs, contacts, calendar, SMS, MMS, media files, apps data, chats, passwords,\u201d according a document obtained by a\u00a0Freedom of Information Act request<\/a>\u00a0filed by EPIC.<\/p>\n

Grayshift\u2019s GrayKey blackbox could apparently\u00a0unlock an iPhone in about two hours if the owner used a four-digit passcode and in about three days or longer if a six-digit passcode was used.<\/p>\n

Apple later announced it had found a way to block<\/a> Grayshift\u2019s GrayKey iPhone <\/strong>hacking tool.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Lucas Mearian| Date: Tue, 14 Jan 2020 12:30:00 -0800<\/strong><\/p>\n

\n
\n

Apple turned down a request<\/a> from U.S. Attorney General William Barr this week, \u00a0saying it will not help unlock two iPhones used by a terrorist suspect last month in the deadly shooting at the Naval Air Station in Pensacola, Fla.<\/p>\n

Barr said the shooter, 21-year-old Mohammed Saeed Alshamrani, acted alone when he shot and killed three service members and wounded several others<\/a>, including two sheriff’s deputies responding to the attack. Alshamrani, a member of the Saudi Air Force and an aviation student at the base, was shot dead on the scene by police.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,20588,12850,10554,714],"class_list":["post-17437","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-enterprise-systems-management","tag-mdm","tag-mobile","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17437"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17437\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17437"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}