The FBI has made us all vulnerable with its iPhone hack

By cracking Apple’s iPhone and refusing to share details of the model's vulnerabilities, the agency has compromised millions of devices

Gus Hosein
Thursday 31 March 2016 14:58

Since the horrific Brussels and Istanbul attacks we've all looked at our daily lives and saw vulnerability and risk. Where else could terrorists attack?

We begin to formulate security responses. CCTV, communication, surveillance, identity cards - they aren't panning out. Perhaps we need to take things to the next level? How about we build an uber anti-terrorism system that grinds all our data together and identifies the people who wish to do us harm?

That uber-system has been built: it's your smart phone. Health information? Apple Watch and other fitness trackers record your heart rate throughout the day. Financial information? Apple Pay and Google Wallet process your purchases. Locations? Your phone has recorded them all. Biometrics? You probably recorded your fingerprint, along with enough selfies too.

The FBI claimed that the iPhone, along with all of this information was impregnable. It decided to take Apple to court in order to access the phone - owned by the employers of Syed Rizwan Farook - one of the perpetrators of the San Bernardino terrorist attack in December.

This was a great PR coup for Apple. Apple's systems were perceived as out of reach to the most powerful technology force in the history of humanity: the US Government's intelligence and law enforcement community. However someone found vulnerability in Apple's old mobile phone operating system, iOS8, and the agency has now admitted that it has accessed the device. The FBI has announced that it will not inform the tech firm how it breached the phone’s security features leaving millions of devices compromised.

Over on this side of the pond, the UK Government will soon have the ability to do all of this, in secret no less. The Investigatory Powers Bill - unless last minute changes are made - will allow authorities to demand that a company comply with a request to assist making a device or a network vulnerable and exploitable to the authorities. A company will be unable to resist and be required to keep any request private.

In the name of security we are creating insecurity. Governments are stockpiling vulnerabilities for computer systems and compelling companies to undermine our privacy.

Security is really hard to do well. It is harder when there are governments who demand insecurity.

The author is Executive Director of Privacy International

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments