25-year-old Indian security expert explains FBI iPhone hack

by | Apr 26, 2016

Apple was recently in the news though not so much for its next sleek, shiny gadget. The FBI had asked Apple to crack the security function without erasing contents of the iPhone 5c used by Syed Farook, who with his wife, Tashfeen Malik, carried out the December mass shooting in San Bernardino, that left 14 dead. Apple refused and was then caught in a legal battle with the US government. The case was dissolved once the FBI found a way to break through the phone’s security, using the services of a third-party.

In an EXCLUSIVE INTERVIEW Saket Modi, Co-founder, Lucideus Tech, gives Brian Pereira, Editor, Digital Creed his perspective on the controversial case. Saket is India’s technology whizkid in the Cybersecurity domain and his firm was recently selected by India Banking regulator RBI to secure the UPI (Unified Payments Interface). Forbes India also featured him in its prestigious 30 under 30 list.

Could Apple really have hacked the phone if it wanted to? And what are the ways in which an iPhone could be hacked? Read on to find out.

Q. Do you think Apple and other tech companies should cooperate with Governments with a larger interest of securing society and helping reduce crime? Or is consumer privacy more important?

Saket Modi, Co-founder, Lucideus Tech

Saket Modi, Co-founder, Lucideus Tech

Saket: You are not paying a penny to use services from Google or Facebook. Does that mean Google and Facebook should be concerned about your privacy? You are using their platforms for professional and personal purposes. So you should not be expecting anything in return. But Facebook and Google have to be concerned about your privacy for two reasons:

Firstly, they are making money by selling you (data) as a product. And they would be handling their money making assets in a responsible way.

But the second and larger reason is about scale. When there is a scale in proportion involving an individual or entity, there is a minimum responsibility that he/it owes to the entire ecosystem — because of which it reached that scale.

Take the example of (Bollywood actor) Ranveer Singh and the AIB Roast controversy. It received a lot of criticism and was soon taken off the Internet. It was vulgar and touched certain aspects of society. As a free individual, Ranveer Singh has freedom of speech and can say anything. But the moment you become a public figure, you become an inspiration to an entire generation. People are listening carefully to what you say and they try to idolize you. So there is an automatic (and assumed) responsibility. It is expected from you, if you are at that stature.

Now Apple is not just a technology or product company — it is an enabler for us to get something done. With its scale and size Apple is impacting the lives of billions of people across the planet (directly or indirectly). So there is a minimum responsibility that it has to follow. Apple has to support the law enforcement in all aspects. It should help the FBI and other agencies. This is inline with not compromising on the security of every Apple device owner.

But the FBI requested Apple to put a backdoor, and that is not the right way to help  law enforcement. It is like saying that I will develop a bomb that is publicly accessible, but I will only give its code to the FBI. Now it is only a matter of time until some bad guy will be able to infiltrate that bomb (crack the code) and use it to his advantage.

So Apple owes responsibility to all its shareholders and to every owner of its devices. Even indirectly. If I do not own an Apple device, but if an Apple user shares a photo with me, I will access it from the Apple iCloud (where it is stored). So Apple is also responsible to me, indirectly.

Q. Do you think Apple could have really cracked the passcode if it wanted to? How did the third-party do it? What are the various ways of doing this?

Saket: Apple said they were unable to do that because of the restrictions that they put on the iPhone. Apple said they were unable to do that because of the restrictions that they put on the iPhone. It is possible that Apple really did not know how to unlock the iPhone, but that doesn’t mean that there isn’t a way to get into the iPhone.

There was a company from Tel Aviv, Israel called Cellebrite that did it; the FBI paid them more than $1.34 million to do that. Cellebrite is a leading mobile forensics company. Many law enforcement agencies in India are using Cellebrite products.

One possible hack is through the SS7 protocol, which is used for telecom switching. As you move about, the call that is transmitted to your phone is relayed from one tower to another, so that you are always connected to the nearest transmitting tower. This is enabled by the SS7 protocol. In one of the articles I read (and I cannot confirm its authenticity) it was reported that the company was able to find out the required information through a vulnerability in SS7. But this is unconfirmed.

But this is not a new case. Apple iPhones have been hacked multiple times in the past. The first versions of the iOS 6 and 7 have a lock screen bypass. If you press the power button and the home button simultaneously in a pattern, it will be able to bypass the lock screen. Of course, you cannot do this in the latest versions, though.

Of course, you cannot do this in the latest versions, though.

——————————————————————————————————————————–

RELATED VIDEO: We recommend the hilarious video on encryption by John Oliver  (fast forward to 2:19) — We love it!

———————————————————————————————————————————–

Q. Is Apple iOS foolproof and hack proof? Can you explain how these security vulnerabilities pop up now and then?

Saket: Apple does not tell its consumers that its security is not foolproof. There are many times when there are flaws  that Apple programmers are unaware of. And when they do find out, they release patches and OS updates. When they ship the OS for the first time, they assume it is bug-free. But the Apple iOS has millions of lines of code, so it is possible that its security experts could sometimes overlook a flaw. It is possible that Apple could be one step behind the hackers, though it will never admit it.

So let’s use Apple devices with awareness. Don’t think that just because you are paying Rs 50,000 for the latest iPhone, your life is secured, and nobody can hack it.

————————————————————————————————————————————

If you have questions for Saket Modi, you can write to him directly at: [email protected]

Feedback on this article: Write to: [email protected]

 

 

 

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles