If Syed Riswan Farook had carried a phone running on the Android or Windows operating system, the FBI may not have needed to ask anyone for help getting in — they could have done it on their own.
Of the three main phone-operating systems, only Apple builds the ability to have the phone erased after a certain number of failed passcode attempts into its operating system, security experts say.
Apple’s use of an "Erase Data" feature connected to passcodes is one of the security features that separates it from other smartphones on the market. That separation became a part of the national discussion Tuesday when a federal judge required Apple to create software to disable the feature that erases the data on the iPhone after 10 failed login attempts.
The FBI wants to get past the feature in Farook’s phone to see if there is information on it that will give the agency insight into the activities and actions that led up to the mass shooting attack by Farook and his wife, Tashfeen Malik, in December.
In a letter to customers posted on Apple’s website, CEO Tim Cook said the company will fight the order, comparing the request to creating a "back door" on all iPhones.
Disabling Apple’s Erase Data feature, which is what the FBI wants the company to do, would allow it to use a "brute force" attack, entering countless passcodes until they discovered the correct one and gain access to the phone.
The functionality can be added to Android and Windows phones, but it’s difficult and meant for system administrators, not regular users, said Filip Chytr, director of threat intelligence for Avast Software, a Prague-based computer security company.
On an Android phone, "you are required to have a device administrator permission." The user must get a special app, "you have follow extra steps, and it’s nothing the general user would have been able to do," Chytr said.
For phones using the Windows operating system, special software must be downloaded, he said.
Google, the creator of Android software, did not respond to a request for information for this report. Microsoft did not respond to a similar request.
"Apple is certainly ahead of the pack in terms of encryption capabilities," said Christopher Budd, global threat communications manager at security firm Trend Micro.
Android does include a Remote Wipe option, where a user can remotely erase the contents of their smartphone.
Third-party apps that bring this functionality to Android and Windows phones are readily available but require extra work on the user’s part as they’re not simply a built-in functionality that’s easily turned on.
In encryption, the encoding of what’s on the phone so it’s not readable by anyone without the proper code keys, Apple is also ahead of the game.
"You see science-fiction and spy movies where someone sits down and bangs on a keyboard for 10 minutes and breaks encryption. You can’t do that," said Dan Schiappa, senior vice-president and general manager at security firm Sophos. "Unless you have somebody’s credentials — username and password — or the actual encryption key, there’s no way you can break it."
Apple has made encryption the default on its phones since the 3GS. Android only began making it the default with its most recent phone and Windows phones require extra steps to encrypt, said Chytr.
These issues aside, none of the major manufacturers openly support back doors into their customer’s devices, said Travis Smith, senior security researcher at Tripwire.
Source: USA Today
0 comments:
Post a Comment