Short Bytes: When you read the headlines like “FBI is forcing Apple to create a backdoor in their products”, what you are really reading is that the FBI is forcing iPhone-maker to use the “pre-existing software update backdoor” present in iPhones. Surprisingly, a backdoor already exists in most software in the form of system updates and the US government is looking to exploit the same.
But, few of us know that most software already has a backdoor present in them in the form of system updates. Well, give me a moment and let me reframe my words — Most software already has a backdoor in the form of “malicious software update”. In a recent article, Ars has described this issue in detail and listed out various ways by which your government can gain the backdoor access.
By ‘malicious system update’, we are talking about the inauthentic version of the system software that fools your computer and makes it do things that you don’t want to do. Let me introduce you to another term — a ‘targeted malicious software update’ is something that is sent to a particular target’s device, making it hard for anyone to notice it. To perform these malicious intrusions, the attacker needs to fulfill two conditions —
- The attacker should be in a position to send the updates
- The attacker should be in a position to convince the user that the update is authentic
The third and the most deadly villain of this story is ‘total system compromise’. As the name suggests, an attacker is able to control the device remotely and obtain any kind of data or encryption keys.
These problems exist in almost every software update system. Probably, the software makers thought that they would be able to protect their software against such attacks as they have the authority to push the system updates. Well, they forgot about the scenario where government knocks their doors and demands for a backdoor.
You must have read in our previous articles that FBI is asking Apple to create a backdoor in their products. By this statement, what Apple really means that FBI is forcing it to use the pre-existing software update backdoor present in iPhones. Explaining it further, Ars writes:
I hope that the demands made by the US government acts as a warning to the technology companies and they look for better and secure ways to push updates to their users. Apple has already started to make its iPhone unhackable, but what about the others?