Narrative: Apple Wins on Privacy
Each narrative page (like this) has a page describing and evaluating the narrative, followed by all the posts on the site tagged with that narrative. Scroll down beyond the introduction to see the posts.
Apple hires Jonathan Zdziarski, an active forensics consultant & security researcher in the iOS community – 9to5Mac (Mar 14, 2017)
Zdziarski was in the news a lot a year ago, when Apple was fighting the FBI over the iPhone used by the San Bernardino shooter, because he was frequently quoted and cited as an expert who backed Apple’s stance. As such, it’s not altogether surprising that he should end up at Apple – he’s been both one of its staunchest supporters around some security and privacy issues and someone who has discovered vulnerabilities in its code. On the one hand, that makes him a useful person to have inside the company – this hire feels a lot like Apple’s hire of Anand Shimpi, another prominent outside expert who was brought inside – but Apple will lose the benefit of having a vocal independent advocate on these issues. It’s also interesting to note Zdziarski’s comments about his hiring and why he’s joining Apple – he cites its privacy stance, which is of course closely tied to security concerns, as a strong motivating factor.
via 9to5Mac
Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite – Motherboard (Feb 2, 2017)
Given that Apple argued precisely that security backdoors almost always make their way into the hands of evildoers, this news is great validation of Apple’s refusal to cooperate with the FBI early last year, even if it’s a private firm rather than the government that’s been hacked in this case. Indeed, that seems to have been the hacker’s motivation in this case. It’s also worrying from an Apple perspective that a provider like Cellebrite should have had such lax security that a hacker could breach its systems and access these tools, assuming the claims being made here are in fact legitimate.
via Motherboard
Hacker Steals 900 GB of Cellebrite Data – Motherboard (Jan 12, 2017)
Cellebrite was in the news about nine months ago because Bloomberg reported it was the security firm the FBI used to hack the San Bernardino shooter’s iPhone after Apple refused to help, though the Washington Post contradicted those reports. Whether or not its technology was used in that particular case, that’s exactly the sort of work Cellebrite regularly does for US and other government agencies, and it appears that it has itself now been hacked. It’s not clear that the hack goes beyond some user data, though there’s a vague reference to technical data in the article, but this sort of thing reinforces the sense that no hacks of encryption or other security technologies, even for apparently noble reasons, can ever be deemed 100% safe from being hacked themselves. That, of course, was one of several arguments Apple made in the FBI case.
via Hacker Steals 900 GB of Cellebrite Data | Motherboard
Apple’s CareKit apps get enhanced security option – Mashable (Jan 11, 2017)
From the beginning, Apple has been extremely careful with its HealthKit developer tools, making some really granular choices about how data is shared (my favorite example is that developers can’t even query whether or not there is insulin data, because its presence would suggest diabetes). Now, CareKit is getting end-to-end encryption for better HIPAA compliance, through a partnership between Apple and a third party (here’s the official Apple announcement). We’re going to see lots more partnership work by Apple to solve some of the thornier problems relating to both HIPAA and FDA compliance as it gets deeper into healthcare.
via Apple’s CareKit apps get enhanced security option – Mashable