We reported how the FBI has paid Cellebrite, an Israeli software provider specialising in mobile phone forensics, for $15,000 to break into the iPhone. Cellebrite knows of a flaw which can by-pass the iOS' built-in security layers.
The Tame Apple Press is furious saying that Cellebrite should be working with Apple to fix a flaw which could make the iPhone insecure, but instead it chose to help the FBI. But the reason Cellebrite did that is is pretty simple.
While other companies offer bug bounties, Apple does not. It expects hackers and users to report bugs and feel good about the fact that they have just helped Apple make more money.
But there is also a deep seated, almost religious belief that Apple has that its products are perfect and secure. The idea of offering bounties implies that there might be flaws in perfection. It sounds daft, and intellectually Apple can’t believe it, but all the actions Apple takes in handling bugs points to this belief being accepted.
When Apple is told about a software bug, usually by a user, it ignores it. If more users complain about the bug, it might do something about it if enough people complain. It takes Apple much longer to repair faults than other companies and when it releases a fix it says that “only a small number of people were effected.”
Even one of Apple’s favourite newspapers, the New York Times says that many security firms and hackers would love to work with Apple to further improve its products, but they don't because of a lack of incentive.
Of course the Times insists that Apple has superior security, otherwise it would be off Jobs’ Mob’s Christmas card list, but it does say that hackers can make a lot of dosh from selling Apple bugs on the black market.
The irony of is that Apple defending against the imaginary situation of the FBI creating backdoors in its products have highlighted this Black Market of backdoors which are already out there begging to be opened.
The fact that Apple is not prepared to hear about flaws in its products, or deal with them in the same way that other companies do is effectively creating more backdoors which can bypass even the strongest of encryption.
 
				 
		  	

