An iPhone hacking tool won’t stay secret
Suppose Apple loses its court fight with the FBI and has to produce a software tool that would help agents hack into an iPhone — specifically, a device used by one of the San Bernardino mass shooters. Could that tool really remain secret and locked away from potential misuse
Not very likely, according to security and legal experts, who say a “potentially unlimited” number of people could end up getting a close look at the tool’s inner workings. Apple’s tool would have to run a gauntlet of tests and challenges before any information it helps produce can be used in court, exposing the company’s work to additional scrutiny by forensics experts and defence lawyers — and increasing the likelihood of leaks with every step.
True, the justice department says it only wants a tool that would only work on the San Bernardino phone and that would be useless to anyone who steals it without Apple’s closely guarded digital signature.
But widespread disclosure of the software’s underlying code could allow government agents, private companies and hackers across the world to dissect Apple’s methods and incorporate them into their own device-cracking software. That work might also point to previously unknown vulnerabilities in iPhone software that hackers and spies could exploit.
Cases in which prosecutors have signalled interest in the Apple tool, or one like it, continue to pile up. In Manhattan, for instance, the district attorney’s office says it holds 205 encrypted iPhones that neither it nor Apple can currently unlock, up from 111 in November. Such pent-up demand for the tool spells danger, says Andrea Matwyshyn, a professor of law and computer science at Northeastern University, since its widespread dissemination presents a clear threat to the security of innocent iPhone users.
“That’s when people get uncomfortable with a potentially unlimited number of people being able to use this in a potentially unlimited number of cases,” Ms Matwyshyn says.
The concerns raised by experts mirror those in Apple’s own court filings, where the company argues that the tool would be “used repeatedly and poses grave security risks”. Outside experts note that nothing would prevent other prosecutors from asking Apple to rewrite the tool for the phones they want to unlock.