Apple has long implemented strong encryption in its iPhones and most other products, resisting requests from Western governments to include backdoors in its encryption software. That’s because politicians in the US, UK and elsewhere are calling for iPhone backdoors that law enforcement can use to deal with criminals hiding behind encrypted products and services. Because I’ve seen it for years.
Apple has always rejected these demands and insisted on strong security and privacy in its products. The backdoor some politicians want is like a unicorn. They want strong security for software products like iOS, but they also want a way for suspects being investigated by law enforcement to access encrypted iPhone content.
I’ve always sided with Apple here. Installing backdoors in any product will bring even more scrutiny from the hacking community. First, you can’t keep it a secret. Second, if something has a locked door, someone can always find the key.
Fast forward to early October and amazing wall street journal This report shows exactly what happens with backdoors in secure systems. A team of hackers with ties to the Chinese government reportedly gained access to critical infrastructure at AT&T, Lumen, and Verizon that is being used by U.S. law enforcement for wiretapping purposes.
In other words, China found law enforcement backdoors in these systems and used them for months to spy on internet traffic and even extract data.
journal’s The report details the wide scope of the attack, which is a great compliment to China’s hacking capabilities. Below is a quote from the report.
The hackers may have had access for months or more to network infrastructure used to support legitimate U.S. communications data requests, according to people familiar with the matter, which could be a critical It is said to represent a national security risk.
This widespread security breach is considered a potentially devastating security breach and was carried out by a sophisticated Chinese hacking group called Salt Typhoon.
A person familiar with the attack said the U.S. government considers the intrusion to be of historical significance and concern.
This is an incredible feat.
The hackers were finally discovered in recent weeks. They were engaged in “huge collections of Internet traffic from Internet service providers serving large and small businesses and millions of Americans.” It’s unclear how much data was stolen or how many Americans are at risk.
What is clear is that Chinese hackers have breached the surveillance systems that carriers like AT&T and Verizon have in place to comply with court orders related to criminal and national security investigations. This is essentially a backdoor that only certain people can access. These are the so-called “good guys” who work for the benefit of ordinary users.
Officials have not yet commented on the alleged Salt Typhoon campaign, which remains under investigation. As expected, China has already denied involvement in the attack.
Returning to iPhone encryption, I would expect the same thing to happen if Apple introduced a backdoor into its software. This tool does not remain a secret.
As soon as law enforcement uses it to retrieve information from encrypted iPhones and iMessage chats, the backdoor’s existence becomes known to the world. Hackers from all walks of life will be targeting this information, including those from nation-states that have penetrated eavesdropping infrastructure.
Let me put it another way. Suppose someone steals my iPhone and tries to break into it. Your device is encrypted with a password and Face ID. The only way to get in there is to guess that password. Unless that happens, my data remains protected and I have time to wipe it remotely.
The downside is that criminals use encrypted products and apps to hide from law enforcement. But I’d rather have all my data protected with strong encryption at all times, not just on my iPhone, but on all my internet products.
Also, think of it this way: The Chinese hack likely affected legitimate people whose communications were not subject to law enforcement inspection. Once again, we are confident that criminals will use every encryption tool at their disposal to reduce their footprint when it comes to eavesdropping-related data collection.
journal’s The full report is available at this link and is well worth a read.
