FBI takes heat for keeping iPhone hack details under wraps

Criticism is mounting as the agency is reportedly trying its iPhone cracking method on more devices.

The FBI doesn’t have to tell Apple how it cracked the iPhone 5c in the San Bernardino terrorism case, and now the American Civil Liberties Union is taking the agency to task.

According to the Wall Street Journal, a White House review group will determine which of three avenues the FBI can take: publicly announce the security flaw, disclose the flaw to Apple, or keep it under wraps so it can use the flaw to crack more iPhones. For now, it looks like the FBI is keeping it a secret. Not even Apple knows what technique the agency is using to get into the iPhone 5c in the San Bernardino case. All the FBI will say is that an “outside party” helped investigators crack the phone, negating the need for Apple’s help.

That means the agency can continue to use that same technique on other iPhones at stake in court cases around the country without running the risk that Apple updates its software to prevent future attempts.

“[By] stockpiling vulnerabilities, and not reporting them, the U.S. government risks angering firms that it regularly goes to seeking voluntary help,” ACLU principal technologist Chris Soghoian told the WSJ. “And the U.S. government needs Silicon Valley more than Silicon Valley needs the U.S. government.”

A White House cybersecurity coordinator chairs a group that looks at whether the vulnerability should be disclosed to the company whose product is affected. The iPhone flaw that the FBI has found, reportedly with help from Israeli firm Cellebrite, would fall under that group’s purview, though the group has yet to take up this specific case.

Join the CSO newsletter!

Error: Please check your email address.

Tags iPhone 5C

More about AppleFBIWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Caitlin McGarry

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place