Tag: security

Google Researchers Discover Six Serious Security Flaws In The Apple iPhone

Apple released its routine iOS 12.4 update for iPhones and iPads earlier this month. The update, like most software updates by the company claims of patching newly found security flaws and bugs. Now, in the latest report, it has been revealed that most of these serious security flaws that were patched in the iOS 12.4 update were originally discovered by Google security researchers. Out of the total six bugs reported, five have been already fixed, with one unknown flaw still remaining unchecked.

About The Security Flaws

The aforementioned security flaws in the latest version of iOS were found by two members of Google’s Project Zero bug-hunting team. These two people are named Natalie Silvanovich and Samuel Groß, who alerted Apple immediately upon finding the flaws. While what vulnerabilities were discovered have not been revealed for obvious security purposes, they have been claimed to be interactionless. This means they can be exploited without any interaction from the user of the iPhone. The flaw has been found in the smartphone’s iMessage application.

Among the total six security flaws found by Google, at least four relied on the attacker/hacker sending malicious code to an iPhone. It is recommended that users of the Apple iPhone who still have not updated their device, do so at the earliest. The remaining security flaw that still hasn’t been patched, is expected to be fixed with the next update of the iOS software.

What Is Project Zero?

Also read: The Samsung Galaxy M20s Will Feature a Massive 5830 mAh Battery

Project Zero is a team of security analysts that are employed by Google. The team is aimed at finding zero-day vulnerabilities; that is bugs in software before they are found by anyone else for malicious use. These vulnerabilities, if left unchecked can be exploited by various criminal organisations, hackers and many intelligence agencies. Project Zero was announced by Google on the 15th of July 2014 and has been responsible for finding many serious security flaws with major software and devices.

July 31, 2019
OnePlus Leaked User Email Addresses Caused By Security Flaw

OnePlus has seen a great degree of success in the global market, especially India. The smartphone manufacturer is cementing its place with various critically acclaimed devices. However, A new report uncovers a critical flaw in OnePlus’s various devices that are widely known and owned. The Chinese company has allegedly had its user’s email addresses leaked by a security flaw.

Every new device carries (by default) the ‘Shot on OnePlus’ app that has a security flaw that revealed email addresses of several hundreds of its user base. The aforementioned application provides a platform for OnePlus users to upload that can be used and seen by other customers globally. However, it was discovered that the API that enables the link between OnePlus servers and the app was allegedly leaking email addresses associated with photo submissions.

The company was made aware of the flaw in May and has since patched the mistake but more changes have yet to be made for a complete fix. This app can be accessed through the Wallpapers selection menu and asks users to log in with their email addresses to upload images. The selected pictures that get publicized on the company’s website were found to have an easily accessible API. This API required an unencrypted key to retrieve an access token that allowed anyone to view email addresses of original uploaders.

The API was hosted on the OnePlus official website and the company is not sure of how long the leak has existed. The company has started investigating the serious matter and are taking users reports received into account as well. Regardless of the fix, the API that got patched can still be bypassed, with an update for the same being worked on. OnePlus has reportedly obscured the email addresses available through the API by adding asterisks to its local parts.

No reports have yet surfaced that point at any sort of exploitation caused by the security flaw. This was not the first time the company has faced a security issue, facing criticism for storing user data without consent back in 2017 via OxygenOS. A bootloader vulnerability on the OnePlus 6 had also hit the headlines in the year 2018.

Also Read: iPhone 11 Series Multiple Camera Setup Confirmed

Just a couple of years ago a company named OnePlus was barely heard of apart from the odd enthusiasts. Now the smartphone manufacturer has seen widespread popularity and growth in sales, especially in India. The company had arguably started the trend of manufacturing premium-grade smartphones at relatively affordable prices. Hence, the company’s stance on security and privacy is integral for the “Never Settle” moniker.

June 15, 2019
Google Releases Data Showing The Importance Of Recovery Phone Numbers

Most users know how frustrating remembering multiple passwords can be. An increasing number of services these days require users to sign up with their phone numbers and email addresses. Two-factor authentication is a another security feature which is gaining popularity these days. In two-factor authentication, users first need to login with their credentials and then enter the OTP received on their device to securely access their accounts. The latest data released by Google depicts how effective can some of the aforementioned security techniques be.

The year long study on security attacks was presented by the company at a gathering of experts and policy-makers, called the Web conference. Google’s research stated that adding a recovery phone number can block up to 100% of all automated bots, 99% of all bulk phishing attacks and 66% of targeted security attacks. This study was carried out with researchers from New York University and the University of California, San Diego primarily to highlight how basic “account hygiene” can keep accounts safe.

Also Read: The iGyaan Beast PC Build: Components Used, Step By Step Guide

The American technology giant also highlighted the difference between SMS-based login and on-device prompt-based login techniques. As per Google, an SMS verification code sent to the recovery phone number blocked 100% of all automated bots, 96% of bulk phishing attacks and 76% of targeted attacks. On the other hand, on-device prompts helped in averting 100% of all automated bots, 99% of bulk phishing attacks and 90% of targeted attacks. As deduced, using on-device prompts for logging into accounts is almost 14% more secure than using OTPs for login.

May 20, 2019
Huawei’s Networking Equipment Had Backdoors Reveals Report

Huawei is currently the world’s largest networking equipment manufacturer and the world’s second largest smartphone maker which is an honourable feat. However, it has had a few rough years accrediting to accusations associated with security. The company is blamed for installing back doors on its networking equipment which can allegedly expose sensitive user data to the Chinese government. Notably, the US government had suggested its allies to boycott using equipment manufactured by the company. Even though allegations against the company were not proved, they have definitely scarred Huawei’s reputation. In the latest development to the case, Bloomberg has published a report that states that the company indeed have backdoors in its equipment which date back from 2009 and 2011.

According to the report, the telecom provider, Vodafone had found vulnerabilities in the equipment supplied by Huawei for the carrier’s Italian business. The vulnerabilities also referred to as hidden backdoors allowed unauthorised access to Huawei which could have been used to lurk into telecom providers fixed line network in the country. Vodafone reportedly asked the Chinese networking equipment provider to remove the backdoors from home internet routers in the year 2011 which the latter assured to have been removed. But, further testing performed by the telecom operator revealed that the back doors remained.

Furthermore, Vodafone also discovered backdoors in parts of the fixed access network which is known as optical service nodes. Prominently, the service nodes are responsible for transporting data over optical fibre cables and also dealt with authentication of subscribers. Bloomberg would not reveal the names of the report providers as they were guaranteed of full anonymity on the matter.

Implications And Reasons For Installing Backdoors

As previously discussed, backdoors can imply serious security concerns for an organisation and its subscribers. Especially, if ill-intended hackers get hold of such backdoors, a significant amount of damage can be done both in terms of money and confidential user data.

However, it must be noted that companies purposely tend to integrate backdoors in their equipment. These can be used for collecting data from the hardware which would help the company to eliminate bugs on the current hardware and further strengthen the security for future devices.

Also Read: Samsung Galaxy A20 Review: A Good Alternative To The Redmi Note 7?

Even though Vodafone states the issues were resolved by the accused and has also vouched for the security on network equipment manufactured by Huawei. The fact will further damage the company’s reputation on a Global level. All in all, it is yet unclear what the future holds for the Chinese conglomerate.

May 2, 2019
HMD Releases Statement Regarding Alleged Data Breach In Nokia Devices

As previously reported, some Nokia 7 Plus devices in Norway were found inadvertently transferring information to Chinese servers. Needless to say, concerns rose around the incident, with a lot of people unknowingly accusing the Chinese hackers of attempting to steal private data from the users. On March 23, 2019, HMD Global put forth an official statement regarding the same, which cleared some doubts surrounding the issue.

Cause Of The “Alleged Data Breach”

As per the Foxconn subsidiary, FIH mobile (the Finnish company which manufactures Nokia devices in China), the device suspected of sending data i.e. the Nokia 7 Plus did not transfer any user data to the Chinese servers. Instead, the shared information included the activation data from the device. The reason why this happened was quite clear. It was just a manufacturing error that led to this “data breach” incident.

The Finnish company had mistakenly installed the Chinese device activation client on the Nokia smartphones which were intended to retail outside China. Consequently, the activation data was being sent to vnet.cn, a Chinese server located in the China Internet Network Information Center, or CNNIC. The domain is owned by the state-run Chinese Telecom operator.

HMD Global also stated that the issue was taken care of in the month of February since most Nokia 7 Plus smartphones had been updated with the bug fix. Users can check if the fix is installed in their devices by going to Settings>System>About Phone>Build Number. The build number should be “00WW_3_39B_SP03” or “00WW_3_22C_SP05“. If the build number does not match, users may need to update their device. This can be done by going to Settings> System> Advanced>System Update>Check for Update.

Reason Behind Data Privacy

Also Read: WhatsApp Updated ‘Forwarded’ message feature Will Keep A Check On Fake News

Lastly, HMD Global said that the global variants of the Nokia devices have their data stored in Singapore, which abides by very strict privacy laws (as shown in the aforementioned infographic released by the company) However, Chinese Cyber Security Laws state that the data originating in China will stay in China, so the company’s Chinese units will only send data to the Chinese servers. Moreover, the company also cleared up the doubt that Nokia devices are sharing user data with third-party servers, stating that this speculation is completely incorrect.

March 23, 2019
Nokia Phones Accidentally Sent Sensitive User Data To China

As per reports, it was detected that multiple units of Nokia 7 Plus were inadvertently sending sensitive information to a server located in China. A lot of concerns were raised regarding the same. As per the General Data Protection Regulation (GDPR), data cannot be used beyond the limits of what users think is the appropriate limit, or else companies can face serious consequences.

About The Data Packet

Reports state that sensitive data was being sent to a Chinese domain whenever the device was being switched on or being unlocked. The transferred data included the SIM card number, geographical location and the device’s serial number. Interestingly, the domain name of the Chinese server was vnet.cn, which refer to the China Internet Network Information Center, or CNNIC. The aforementioned domain is owned by the state-run Chinese Telecom operator.

When the data packet was inspected in detail, it was revealed that the information contains data from both the SIM card and the area it was associated with. This meant that the recipients of the data packet would have been able to geotag the real-time location of the device. Furthermore, sources say that they found a resembling piece of code on Github, which was developed by reputed electronics company, Qualcomm. It contained a registration procedure similar to what was executed in the Nokia 7 Plus. The code gathers data regarding the smartphone and transfers all the data in a similar format to the designated server.

Also Read: Facebook Fixes Glitch That Exposed Users’ Passwords To Employees

The incident may have been caused due to an error in manufacturing smartphones. A code segment intended for the Chinese variants of the Nokia 7 Plus might have been installed in the Norweigan variants for the same. Shortly after this incident, HMD Global rolled out a firmware update that deleted the China-based application from Nokia smartphones. Finnish data regulators are now considering starting a full-scale investigation of the events that took place. Stating that the SIM card number and serial numbers are indeed personal information, the agency believes that this incident may be a direct violation of the GDPR legislation.

March 22, 2019
Facebook Fixes Glitch That Exposed Users’ Passwords To Employees

Facebook’s indiscretions regarding their users’ security policies have been quite frequent over the last few months, a fresh serious loophole has been detected in the social media platform. As per the sources, the American organization admitted to a bug that apparently exposed all user passwords to the employees of the company. And on top of that, all the passwords were stored in plaintext, not in an encoded manner. Reportedly, the passwords date back to 2012.

About The Encryption

Organizations usually encode user passwords with a process called hashing, which includes the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Doing so encrypts the passwords and only allows access to those who have the encryption key/hashing key. In this case, Facebook failed to take the necessary steps for the same and ended up making a mistake that could’ve provided hackers with an unlocked playground.

Effects Of The Bug

Facebook’s VP stated that the flaw was detected as a part of a routine security review in the month of January. He also stated that Facebook’s login technology employs a different strategy that doesn’t risk the exposure of sensitive data. Also, he mentioned that the company had found no evidence of the data being accessed improperly and that the passwords were never visible to any person outside the organization. After being brought to light, the company itself came forward with a statement that it will notify all the Facebook and Instagram users regarding the bug, and how it has fixed all instances of the same.

Previously in 2018, crackers stole a bunch of data files from almost 50 million users. This was done by accessing the account access tokens of users, which gave the attackers access to the account details. Consequently, this information was further processed, which led to the discovery of the aforementioned password exposing bug in the internal system.

Also Read: Apple Launches Updated AirPods With New H1 Chip & Wireless Charging

Facebook cleared up things by saying that all the exposed passwords were stored in different places on the platform, indicating that they weren’t vulnerable to any one single form of attack. Also, the company stated that the passwords were not captured via login credentials, instead, a lot of internal mechanisms like crash logs had given birth to plaintext passwords. It is interesting to see how Facebook will keep up with the loopholes emerging in the systems since social media security is a huge concern these days.

March 22, 2019
How Do Fingerprint Scanners Work? Are They Truly Secure?
In an era where security is the defining factor of our lives, people are becoming increasingly aware of their privacy across digital devices as well. Hacking incidents have increased, which is indirectly putting pressure on smartphone companies to incorporate the highest level of security detail in their devices. A major chunk of all smartphones being launched these days have a common biometric security feature: the fingerprint scanner. But the real question is, how accurate and effective are those fingerprint scanners in reality? Are they secure enough to just prevent snooping, or are they built for something more resilient?

Types Of Scanners, And How Do They Work?

These days, smartphones are loaded with a host of security options to ensure that the data on the device remains private to the user. Some primary security features are listed below:
- Pattern
- PIN/Password
- Fingerprint Scanners
- Iris/Retina Scan
- Face Recognition
Pattern and password enabled security has been around since almost the beginning of the smartphone era, and most of the users are familiar with it. A few years ago, fingerprint scanning was considered to be something that belonged only to spy movies. Fingerprint scanners were a state-of-an-art technology back then. But in the past few years, fingerprint scanners have become a ubiquitous part of our technology. They are extremely useful because of the ease in their implementation. But how do fingerprint scanners work?

Every human fingerprint consists of two main physical contours. The raised parts of the finger are called the ridges, whereas the areas between the ridges are referred to as the valleys. When a user places his finger on the scanner, the CCD (Charged Coupled Device) light sensor generates an inverted image of the finger using its own light source. The LEDs generate enough light to illuminate the ridges of the finger. The image generated by the CCD sensor is actually a two toned image. The darker areas represent the ridges of the finger, while the lighter areas represent the valleys between the ridges.

The processor in the scanner module ensures that the image generated is clear enough to process. In addition, the processor also checks the pixel darkness. If the image is too dark or too light, it is discarded. The scanner then adjusts the exposure time of the sensor and scans the fingerprint again. As soon as a crisp image is generated, the fingerprint is cross checked with other images/prints of the finger. Every fingerprint signature is entirely unique, so any print that matches any other image in the list is picked as the verifiable one.

Unlike Digital Scanners, Capacitive scanners make use of electrical current to verify fingerprints. The capacitive sensors are made of semiconductor chips. Each chip contains a small array of cells with conductor plates, which in turn are covered by an insulating material. When the finger is placed on a capacitive scanner, the finger’s image is developed by the process of varying input and output voltage.

Ultrasonic Scanners are fairly recent. Samsung’s latest S10 series smartphones are the first ones to sport ultrasonic fingerprint sensors in the market. An ultrasonic pulse is transmitted via the screen to the user’s finger, which reciprocates the ridges, pores and valleys in the finger to create a much more accurate 3D fingerprint image.

Security Concerns Regarding Fingerprint Scanners

Someone who knows how the fingerprint scanner works can also design fairly simple methods of bypassing its security detail. For instance, the fingerprint scanner can be fooled with the help of a dental mold cast. After filling the cast with some playing clay, the only thing left is to get the owner of the phone to touch the material. Of course, this requires the help of the person who owns the device, but in retrospect, a person leaves his fingerprint as a residue on multiple objects of daily use which can be used for the same purpose.

If a person has a 3D printer and a single high resolution image of the owner’s finger, a 3D printed mold can be created which can then be used to unlock the device. Some may argue that in such a case, PINs, passwords, and patterns are more secure, but unless you are a highly valued individual with sensitive information stored on your phone, you don’t need to worry about people hard-hacking into your phone via the fingerprint sensor, as the process takes some time and discretion.

Full fingerprints are extremely difficult to fake, but instead, the smartphone fingerprint scanners only record partial fingerprint signatures. Findings indicate that if a person creates a glove with a masterprint (with the highest possible number of ridge-and-valley combinations), he/she can break into a fingerprint protected device 40 to 50 percent of times before the smartphone asks for a numeric PIN. And that’s a scary high probability of something like this happening in our daily life, again, highly unlikely.

Conclusion

Also Read: Apple Told To Pay Qualcomm Over $31 Million In Patent Infringement Case

The graph above clearly depicts the increasing penetration of fingerprint scanners in the smartphone market by 2018. So it’s clear that the market is not getting rid of fingerprint scanners anytime soon. When it comes to solutions, the most “implementation-worthy” idea is to include a significantly larger fingerprint sensor which will increase the signature accuracy of the finger. Also, users should abstain from using fingerprint sensors while transferring large amounts of money or authenticating sensitive applications. Foolproof ways of biometric authentication are still being tested out, so eventually, we’ll get where maximum security can be achieved.
March 16, 2019
App Of The Day : Island : Secure Your Data And Apps
Data security is a big concern not only for governments and big corporations but the average smart device users as well. There have been several incidents of a data breach that have affected people from around the globe. Both iOS and Android operating systems are quite good at securing user data but certain apps can steal sensitive information stored on the user’s smart device. Even though Android operating system uses a sandbox environment that restricts applications from accessing unauthorised data. Some applications, however, can get a hold of user data and send it to offshore locations for malign purposes.

Island

Click Here To Download Island App

Island is an application for the Android OS that allows users to manage data usage privileges of particular applications. The application is freely available from the Google Play store and it creates an isolated domain that the user can manage in accordance with their requirements.

How Does It Work

The Island application for Android makes a clone of all the essential applications like the Play Store, file storage, and contacts. These applications reside within the same user account as the original applications however the data stored on both instances of application varies. The Island app has two tabs which are Mainland and Island. As the name suggests, the Mainland tab inhibits all the applications that are present on the device. Whereas, the Island tab only inhibit the applications that have been manually cloned by the user. The applications in the Island tab can only exchange data with other Island applications.

The user can log into the Island Play Store with different mail id and download applications. The applications downloaded will only have access to the cloned apps that were also created by the Island app. Therefore, the user can store bogus contacts and files on the Island filesystem. This will allow the user to run potentially hazardous apps by providing them access to private user data.

How Is It Different And Top Features

Also Read: Samsung Galaxy A50 Will Feature A 4,000 mAh Battery And 24 MP Main Camera

A lot of other applications like parallel space and dual space are also available on the Google Play Store. However, they do not provide the level of control that Island does. The list of top features is as follows:
- It allows the user to manually freeze certain applications. The applications when in a frozen state will stay as is and cannot access the internet or perform any tasks in the background.
- The bogus contact and file storage apps can trick applications to work smoothly. Other applications would not function normally if the user deprives an application from particular access rights.
- Certain applications can be enforced to channelise data via a VPN server. Good use of this could be accessing a website from another region that is restricted in the user’s region. A lot of media corporations limit users from other regions to access their content.
Additionally, Island app on a rooted device provides an even higher level of control in comparison to a non-rooted device.
January 1, 2019
Twelve Smartphone Firms Respond To Govt Notice On Data Security

The Electronics and IT Ministry, last week had sent notices to 21 smartphone companies, with a majority of them Headquartered in China, asking them to outline the procedures and processes adopted by them to ensure security and privacy of users data. Soon after, nine more companies, including Motorola, Honor, Asus, OnePlus, InFocus, were added to that list.

The latest update states that a total of twelve companies including HTC, Xiaomi,Vivo, Huawei and Lenovo, have responded to the notice, while others like Samsung, Oppo, Sony, etc. have acknowledged and requested an extension. The ministry official said that agreeing to the requests, the government is likely to extend the deadline for submitting the details of the data security procedures.

Apple confirmed in an email, that the iPhone maker has sent its response to the ministry and a Vivo official stated that the company has replied to the government notice.

The ministry officials said that the 30 smartphone makers were asked to share security information to ensure that required data security measures were being taken. To support their claims, the IT ministry had cited international and domestic reports regarding data leaks from mobile phones.

Based on the response of the companies, the ministry will initiate verification and audit of devices where required. If a company fails to provide the information, the said firm will face charges and levy penalty for violation of security norms under provisions of IT Act 43 (A).

August 30, 2017
Android N : Big Focus on Security : I/O 2016

Android N is the next big update to Android, and while Google already showed off Android N earlier this year. The official announcement focuses on important Security issues and productivity while ensuring better performance.

With the new Vulcan framework, Google will give developers direct access to the GPU and reduce CPU overload.

We have already seen the preview of Android N, and a lot of the features, including multi-window. And new notification customizations.

Those with eligible devices can enroll for the beta updates. Also, if you haven’t already you can submit your name options for the next version of Android.

#NameyMcNameface is the best name for Android N #io16

— iGyaan (@igyaan) May 18, 2016

This year, you can submit a name at https://t.co/BgZf9vwnLB #google #io16 #googleio

— iGyaan (@igyaan) May 18, 2016

May 19, 2016
Apple vs FBI : Federal Court Rules in Favour of Privacy

This are heating up in Apple’s fight with the FBI. On the eve of a Congressional hearing about the Department of Justice’s fight with Apple over unlocking San Bernardino terror suspect’s iPhone, a court in Brooklyn in a separate case has rejected an FBI request to order Apple to unlock the phone of a drug dealer.

The Department of Justice of the United States had first sought access to the phone in the Brooklyn case in October, months before a court in California ordered Apple to help authorities gain access to the phone of a terror suspect.

In stark contradiction to the San Bernardino terror case, Judge James Orenstein has ruled that “he did not have the legal authority to order Apple to disable the security of an iPhone that was seized during a drug investigation”

Although the judge in the San Bernardino case, will not be bound by Orenstein’s decision, analysts expect it to be influential. In both cases, the government relies on the All Writs Act.

Orenstein in his ruling indirectly gave support to the key arguments Apple is making in its other, higher-profile fight with the government. He hinted, the All Writs Act (AWA) can’t be used to order a technology company to manipulate its products. He further said. “The implications of the government’s position are so far-reaching – both in terms of what it would allow today and what it implies about Congressional intent in 1789 – as to produce impermissibly absurd results,”

March 1, 2016
Apple vs FBI : Bill Gates Ditches Apple in the iPhone Encryption Case

As the plot thickens in this complex saga of privacy vs security, Apple has seen a lot of big names put their weight behind its argument but today in a change of trends, one of the biggest names that the tech industry has ever seen has come out surprisingly in open support of the FBI.

Microsoft co-founder and billionaire philanthropist Bill Gates has backed the Federal Bureau of Investigation in its legal battle against Apple over encryption in an iPhone used by one of the shooters in December’s San Bernardino attacks.

In an interview with the Financial Times, Gates dismissed the notion that Aple’s CEO Tim Cook is propagating that granting the FBI access would set a legal precedent for future cases such as this one. Bill Gates argued that the FBI is “not asking for some general thing, and is asking for a particular case.”

Adding to this, the Co-Founder of Microsoft goes on,

“It is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records. Let’s say the bank had tied a ribbon round the disk drive and said ‘don’t make me cut this ribbon, because you’ll make me cut it many times.’”

As it stands, Microsoft communications chief Frank X. Shaw declined to comment on Bill Gates’ comments which sees him alienating himself from other Silicon Valley top executives, such as Facebook Inc chief Mark Zuckerberg, Twitter Inc founder Jack Dorsey and Google head Sundar Pichai, who have all backed Cook’s decision, the newspaper added.

.

February 23, 2016
Apple’s Tussle with the FBI ; Why We Should be Concerned

The FBI got hold of the iPhone of dead San Bernardino terrorism suspect, Syed Rizwan Farook back in December, but sophisticated encryption technology present on the Apple made phone has prevented the authorities from accessing its contents.

Hardly two weeks back, the Federal Bureau of Investigation accepting defeat called Apple’s headquarters in Cupertino, California, asking the company to help them get into his iPhone. Apple politely refused.

Things quickly escalated on 16th February, when a federal judge in California on the request of the FBI ordered Apple to provide the investigative agency with the tools required to unlock Farooq’s phone which according to the FBI was used by the shooter in the San Bernardino attack.

And just last night, Apple CEO Tim Cook responded to this new development with a strong-worded open letter to its customers. Cook in his letter described the FBI’s actions as an “unprecedented step which threatens the security of all customers” hinting that the actions involved in this one case could have far-reaching repercussions beyond just this one isolated case. And, for once, Tim Cook has got things spot on.

The FBI’s request to violate the privacy rights of a dead suspected terrorist may not ring any alarm bells or the consequent order of the court asking Apple to cook up a custom version of its iOS specifically for this phone to help the authorities gain access to it does not sound malicious in isolation, but As Tim Cook points out this small step has the potential to undermine the security of each and every iPhone around the globe.

“The government suggests this tool could only be used once, on one phone,” Cook wrote. “But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.”

What essentially the FBI wants Apple to do is help it get around crucial privacy features meant for safeguarding the phone from criminals using brute force attack. If Apple complies, and puts its best minds to cook up a software to nullify the encryption chip on its phone, and bypass the AES 256 bit encryption system on it, this will not only set the precedent for further legal or illegal use of this new technique by the government for any iPhone in the world, but also leave the door wide open for criminals to get their hands on this tech, and compromise the privacy of everyone with an iPhone.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

Google’s CEO, Sundar Pichai has in a list of tweets backed Tim Cook’s open letter giving strength to the argument that giving the authorities such overreaching powers could have serious repercussions. The FBI’s request, however innocent, and noble in intention should be rejected at every chance possible because it holds in itself the possibility of malice that if unleashed could undermine our privacy going forward.

Giving the government access to user data occasionally is wholly different than giving them the power to hack into our phones, and invade our privacy. If the FBI succeeds in this then it could indeed be a troubling precedent going ahead for users not just in the United States, but also here in India.

February 18, 2016
Tim Cook Refuses to Provide FBI With Specialized Encryption Code

In December, 2015, Calif, San Francisco, became victim of a cold-blooded shooting incident orchestrated by Syed Rizwan Farook and his wife, Tashfeen Malik. Fourteen civilians were shot dead before the couple was taken down by the police. It was later confirmed that Rizwan Farook’s phone, an iPhone 5c, was in custody with the authorities.

After two months of failed attempts of unlocking it, the court ordered Apple to provide an encryption code that would take down the security measures of the device. Judge Sheri Pym asked Apple to provide specialized software that would bring down the security, while also getting rid of the feature which erases all data from the phone after a couple of unsuccessful attempts to log in.

It was later confirmed that the auto-delete feature has been deactivated and that authorities are using brute force attack to unlock the code. According to Apple, a method of this kind would take decades to move past the security encryption of the phone. In fact, a supercomputer would take over five years to crack such a six-digit code.

He may look it, but he’s not pleased.

Apple has accepted that it is pretty much impossible to break into an Apple device which is running on iOS 9. In the wake of these events, Apple was requested by FBI to provide a unique encryption that would allow them to retrieve security key to Rizwan Farook’s iPhone. Apple refused to offer a solution that would allow FBI to bypass the code for it believes this would be detrimental for the security of iPhone users all over the world.

“We have great respect for the professionals at the FBI, and we believe their intentions are good…The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control,” Tim Cook wrote on the Apple website.

Apple has been very conscious of its users’ privacy from the start. Only a few days ago the company had declared it would never reveal personal details of iPhone users to the police. And now comes this very clearly stated message from the company. Tim Cook is definitely not overly pleased by FBI’s demands and has made his stance clear. Has he opted for the right plan of action by protecting users’ privacy all over, or should he just go ahead and provide the authorities with the encryption?

[poll id=”41″]

February 17, 2016