No system can ever be fully secured.
Well, it is now old news that the FBI has found a way to retrieve data from the iPhone of deceased terrorist Syed Farook without the cooperation of Apple.
It’s not surprising that the FBI succeeded here. All security can be breached. It’s just a question of how much effort people are willing to expend for a given result, and what the repercussions are if you get caught. In this case, there weren’t any repercussions.
The company rumored to be behind this breach is Cellebrite, an Israeli firm that specializes in data extraction, transfer and analysis. Cellebrite, which is owned by Japan’s Sun Corp., bills itself as a global company known for breakthrough in mobile forensics and lifecycle management. Cellebrite signed an exclusive contract with the FBI back in 2013, according to multiple sources.
Cellebrite may have collaborated with Rook Security, an IT security firm, to find a way to copy the flash memory of the cellphone—supposedly even if it was erased. Then, according to numerous reports, Cellebrite was able to unlock the phone without fear of destroying the critical data.
Regardless of whether you side with Apple or the FBI—and the lines are etched very deep in the sand on this one—what’s really interesting is how far the discussion has shifted. It’s now about a flaw in the iPhone’s armor that was discovered and used to crack the phone, which brings up some interesting questions about who knew what when.
According to a story in the Huffington Post, “Apple engineers take pride in the fact that a program for breaking into an iPhone via the Web was recently purchased by a defense contractor for $1 million, and that even that program is likely to be short-lived.”
The lesson behind this is that nothing is unbreakable. And before anyone goes patting themselves on the back about just how secure anything is, they probably should refer back to this case—or the German Enigma machine in World War II, which also was considered unbreakable.
As Cisco CEO John Chambers famously said, “There are two types of companies—those that have been hacked and those who don’t know they’ve been hacked.” Now we can add the iPhone to the list.