Apple’s public assaults on the FBI’s demand that it help unlock an iPhone used in last year’s shootings in San Bernardino, California, keep getting louder.
The company’s head of software, Craig Federighi, argued in the Washington Post on Monday that the security features of the iPhone keep important things like U.S. government agencies and America’s power grid safe from malicious hackers. The software a California court has ordered Apple to make for the FBI would weaken a crucial protector of national security, he said.
“Once created, this software—which law enforcement has conceded it wants to apply to many iPhones—would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all,” he said in the article.
That argument has won the backing of many computer security experts. But it is also a reminder that Apple—like other major computing companies—already possesses a lot of software that criminals could use to wreak havoc on our privacy and safety.
The tool the FBI’s court order says Apple must make could only be used to switch off the passcode-guessing protections on an iPhone, and it would require physical access to the phone. By contrast, a criminal who got inside the computers of a large company such as Apple, Facebook, or Google could gain access to systems that allowed much larger-scale attacks on privacy.
A criminal who broke into Apple’s computer network could, for example, send out a software update with malware hidden inside that would end up on millions of iPhones. A breach of iCloud could spill contact information and photos from the iCloud backup service, which Federighi has said is used by almost 800 million people.
Indeed, iCloud has already suffered one security failure. In 2014 private photos taken from some celebrities’ iCloud backups—many including nudity—were leaked online. They were obtained by exploiting the fact that Apple permitted software to make unlimited guesses at an account’s password.
Apple fixed that flaw, but to this day data in iCloud is stored in a form readable by Apple or anyone else who gets hold of it—whether a criminal or the FBI with a warrant. Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, recommends that iPhone users disable iCloud for this reason (he backs Apple in its current stand against the FBI).
Apple’s argument that it could not keep the software the FBI wants from it secure is a reminder that it and other computing companies already struggle to guarantee the security of the software they have today.