This week there was another FBI scandal. This one was on how the FBI massively overinflated the numbers of phones they needed access to in order to “protect the nation.” For some time now, they’ve been arguing that they need to be able to have a “secret key” to breach the encryption on smartphones even though it would put the vast majority of high risk US citizens, like politicians and highly-placed executives, at extreme risk. This also seems incredibly hypocritical because, at the same time, they are arguing we shouldn’t use certain Chinese phones because that government may have done the exact same thing (there is no proof—just suspicion). This apparently showcases that they not only don’t realize that if they got a key every major government would also want one, but also that if that key existed its value would be so high it would be virtually impossible to secure.
The FBI Position Puts The Nation At Risk
If there were a universal key to break smartphone encryption the value of that key would make it virtually impossible to protect given state-level players would all want it. Almost any key short of a Quantum Key (which doesn’t really exist yet) can be brute force discovered with enough computing power and governments have access to the latest supercomputers. However, given how relatively easy it has been for hackers to gain access to otherwise secure government documents, they probably wouldn’t have to go to such lengths. Simply spear phish someone that had access, bribe or blackmail them and they key could be had from almost any government agency. We simply aren’t that secure.
Now, given smartphones have access to our personal information, cache passwords and IDs, and contain substantial confidential information, such a broad ability to breach could compromise most every secure system in the nation. In effect, to gain access to a few thousand phones, or a few hundred (we still don’t have an accurate number) they could put every defense system, every power system, every banking system, every political system, and ever business at risk for a massive security breach. In effect, in order to better understand a few criminals, they could create a situation where the nation could be catastrophically compromised.
Destroy The US Cell Phone Industry
Much like the FBI is arguing we shouldn’t use certain Chinese phones because they may (even though there is no proof they have been) be compromised, this key would make it so no foreign nation would want to use US smartphones for much the same reason. They could almost overnight cut Apple’s total available market by over 2/3rds, virtually eliminate Google as a cell phone platform vendor, and move what is left of the cell phone market out of the US.
Given the exposure, it is hard to believe even the FBI would be comfortable using any phone compromised with a master key like this which really makes this proposal nuts.
But this is incredibly good news for BlackBerry because they are a Canadian company. Their phones still dominate government world-wide and they are largely out of range for the FBI. This means that given the concerns surrounding both China and the US, BlackBerry’s security solutions (which now run on Android) could become the safe haven for those that desperately need to be protected from their own government’s foolishness.
This is largely why I carry a BlackBerry phone, I’m not concerned with the FBI getting access—I’m concerned with the FBI accidentally giving access to a bad actor and having to deal with the mess of an identity theft. Right now, an identity theft can cost up to half a million dollars and a year of your life to straighten out (your credit report may never recover).
The FBI effort continues to ignore the larger threat of unsecured smartphones, particularly if they are owned by military personnel, law enforcement, politicians, executives, children, or other high-risk targets. In effect, if they are successful, they will drive the smartphone market out of the US and create a level of national security exposure that would be unprecedented in the modern age.
The only solution may be to reconsider a BlackBerry security solution or even a BlackBerry phone to make sure this insanity doesn’t impact your business or career. Blanket master keys are a bad idea because it is virtually impossible to secure them once they are known to exist, and this effort is hardly a secret. Our only long-term defense is to likely to trust a firm that isn’t tied to any government attempting this exceedingly foolish move—a firm like BlackBerry.
*** This is a Security Bloggers Network syndicated blog from Security – TechSpective authored by Rob Enderle. Read the original post at: https://techspective.net/2018/05/25/the-fbi-makes-accidental-argument-for-why-we-should-all-be-on-blackberry-phones/