FBI's approach outdated, puts smartphone security at risk

The Federal Bureau of Investigation's recent and widely publicised efforts to compel Apple Computer to write software to unlock an iPhone used by a terrorist in California reflects an outdated approach to law enforcement that threatens to weaken the security of all smartphones, a cybersecurity expert has stated.

The FBI's approach potentially put the private information of millions of smartphone users at risk and undermine the growing use of smartphones as trusted authenticators for accessing online information, Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute (WPI) in Massachusetts, said in an essay published in Science magazine.

The essay grew out of testimony Landau delivered in March before a hearing of the US House Judiciary Committee.

In that forum, Landau countered the argument of FBI director James Comey that encrypted devices (which Comey has characterised as "warrant-proof spaces") hinder the agency's ability to investigate crimes.

Landau said the FBI is looking at smartphones through a 20th century lens, a perspective that is particularly troubling given the potential for smartphones to either replace or augment static passwords as authenticators for logging into computers or accessing online accounts.

Login credentials are a favoured target of hackers since they can provide access to valuable data and leave computer systems open to attack, Landau pointed out.

More and more, companies like Facebook and Google and even some high-level government agencies are using smartphones as authenticators to make online resources significantly more difficult to breach.

But for smartphone authentication to be effective, smartphones, themselves, must be secure.

The FBI's efforts to weaken smartphone security reflect its outdated approach to investigating crime and its inadequate resources for conducting modern cyber investigations, Landau noted.

The agency needs to invest in building up its own "21st century investigative savvy," including creating "an investigative center with agents with deep technical understanding of modern communications technologies and computer science", Landau maintained.

With the ability to develop new surveillance approaches and tools matched to the latest advances in communications technologies, the agency will no longer need to seek to weaken the devices that people, corporations, and government agencies worldwide depend on to securely communicate, transact business, and transmit sensitive information, the paper said.

--IANS

gb/vm