Zero Day Exploit Cracks San Bernardino iPhone
A zero day exploit normally takes the following form: attack occurs on a network or networks and chaos ensues. However, a rather unique use of a zero day exploit is gaining ground, begging the question of whether it will be used in similar instances in the future or if this particular event opens even more opportunities to hackers in the long run.
After the San Bernardino attack occurred, the FBI submitted a request that Apple unlock the phone obtained at the scene that purportedly held a number of answers to questions pertinent to the investigation. Apple refused, and naturally debates raged and stories were written about the ongoing battle. However, as the FBI suddenly postponed and abandoned its case against Apple, news broke that they had indeed found a way into the iPhone 5c used by one of the attackers. More importantly, the way they were able to get into the phone raised eyebrows in the business and government communities. By searching for and discovering an unknown security vulnerability in the particular operating system, a zero day exploit was unleashed and eventually led to a breach.
There are a number of indicators showing this particular instance was a series of fortunate events for the hackers, and most likely cannot be recreated across the rest of the iPhone nation. For one, the vulnerability was found on that particular operating system on that particular phone version. Lesson being, always update your software and applications when possible so security patches are installed in a timely fashion. Secondly, beyond using zero day exploit to “crack” the iPhone, the FBI also had to create a software that essentially broke into the iPhone fully to retrieve the data. And since iPhones normally wipe their data after a number of incorrect password entries, unless the hacker in question has similar software, your data should be OK.
The question that lingers after this event is, will hackers continue to exploit inconsistencies in phone operating systems even more than they are currently? No one really knows, but it begs the question, shouldn’t you have cyber security protection before this kind of attack occurs? It’s the insurance no one ever wants to use, but it is a guarantee that every single organization with a solid cyber security backup plan and protocol in place is happy to have it when issues arise.