Twice in two weeks we’ve gotten a solid reminder that exploits and legitimate software keys can be mishandled, even by experts. These events serve as practical certification that Apple was right in its theoretical stance to fight the FBI’s demand to create GovtOS.
A Tale of Two Bungles
The first of these two incidents was Microsoft accidentally releasing the keys to Secure Boot. Microsoft is one of the world’s top technology firms. It’s fair to call the company an expert in handling security matters relating to its software.
The second is an issue on a much different scale. A hacker group operating under the name Shadow Brokers claimed to have stolen a variety of malware and zero day exploits. It appears that these software tools were taken from Equation Group, a security firm with close ties to the NSA. Shadow Brokers plans to auction off these bits of software, raising all sorts of a ruckus.
Many people have been calling this an “NSA hack.” From what we know so far, that’s not at all accurate. The NSA wasn’t hacked. Equation Group might not have been hacked, either. Instead, Shadow Brokers could have stumbled on these tools just lying around on a router somewhere. No one who knows how it happened has explained it yet.
The Real Problem
It doesn’t matter where they got it, though. That’s not the point. The point is that tools like this can’t stay hidden 100% of the time. They can be misplaced, forgotten about, sloppily handled, deliberately leaked, stolen, hacked, etc.
This is the principle behind Apple’s stance that GovtOS—a version of iOS that could be sideloaded onto an iPhone to bypass security features—was too dangerous to create. No matter who you are, no matter how good you are at protecting secrets, bad things can happen.
And when those bad things do happen, it puts all of us at risk.