Short Bytes: When you read the headlines like “FBI is forcing Apple to create a backdoor in their products”, what you are really reading is that the FBI is forcing iPhone-maker to use the “pre-existing software update backdoor” present in iPhones. Surprisingly, a backdoor already exists in most software in the form of system updates and the US government is looking to exploit the same.
The story of FBI vs Apple has been making the headlines since the shooting attacks in California in last the December. After FBI’s request, Apple refused to create a software backdoor to allow the law enforcement agency to crack an iPhone of one of the shooters. Apple CEO Tim Cook has justified his decision on multiple occasions and even tagged backdoors as the “software equivalent of cancer”.
But, few of us know that most software already has a backdoor present in them in the form of system updates. Well, give me a moment and let me reframe my words —Most software already has a backdoor in the form of “malicious software update”. In a recent article, Ars has described this issue in detail and listed out various ways by which your government can gain the backdoor access.
By ‘malicious system update’, we are talking about the inauthentic version of the system software that fools your computer and makes it things that you don’t want to do. Let me introduce you to another term — a ‘targeted malicious software update’ is something that is sent to a particular target’s device, making it hard for anyone to notice it. To perform these malicious intrusions, the attacker needs to fulfill two conditions —
- The attacker should be in a position to send the updates
- The attacker should be in a position to convince the user that the update is authentic
The third and the most deadly villain of this story is ‘total system compromise’. As the name suggests, an attacker is able to control the device remotely and obtain any kind of data or encryption keys.
Also read: Is Your WiFi Router Vulnerable To Hackers? How to Check?
These problems exist in almost every software update system. Probably, the software makers thought that they would be able to protect their software against such attacks as they have the authority to push the system updates. Well, they forgot about the scenario where government knocks their doors and demands for a backdoor.
You must have read in our previous articles that FBI is asking Apple to create a backdoor in their products. By this statement, what Apple really means that FBI is forcing it to use the pre-existing software update backdoor present in iPhones. Explaining it further, Ars writes:
Is it reasonable to describe these single points of failure as backdoors? I think many people might argue that industry-standard systems for ensuring software update authenticity do not qualify as backdoors, perhaps because their existence is not secret or hidden in any way. But in the present Apple case where they are themselves using the word “backdoor,” abusing their cryptographic single point of failure is precisely what the FBI is demanding.
I hope that the demands made by the US government acts as a warning to the technology companies and they look for better and secure ways to push updates to their users. Apple has already started to make its iPhone unhackable, but what about the others?
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.