Authorities’ having read Khalid Masood’s final messages marks a huge breakthrough for the police and security services. And for every other person who’s ever used a mobile phone.
Until now, the various levels of security protecting the messages in a phone from anyone trying to read them have been seen as more or less impenetrable. But after announcing that they have apparently broken through them, authorities have suggested that they could do so again.
Details on how the security services got into the phone are still sparse. But it is clear that they did so using some sort of technical exploit that allowed access to the phone, and in a way that could be used again in the same way in the future, according to sources.
That was despite the fact that police had suggested that they may never read the phone, because it was protected by a passcode and by WhatsApp’s encryption, which should stand in the way of anyone trying to get between a message’s sender and its recipient.
With computer security, once any single point is breached then all of them potentially are. If security services have managed to get into Khalid Masood’s phone, they may do it to anyone else.
Almost every other person with an iPhone will not, of course, be intending to commit an act of such horror and destruction as Masood. But that doesn’t mean that innocent people can stop worrying.
It was this principle – that a backdoor into one phone is a backdoor into any phone – that was at stake in Apple’s case against the FBI, over whether or not the company should be forced to hack into its own phone.
Apple has suggested that it has helped out with legitimate requests for access in the past. But it refused to do so this time precisely because the FBI was asking for a special piece of software that would allow it access to iPhones whenever they wanted – which Apple claimed would mean exposing any iPhone to anyone who managed to get hold of that same software.
And software, like information, has a tendency to spread – and can’t be stopped once it starts doing.
Anyone who has access to that software can then use it for their own gains, whether they are an enemy of the state or an employee of it. It may be that in this one situation it was used for good ends – but the same techniques could be just as good for reading the messages of a stolen government ministers’ phone, for instance.
If any phone is vulnerable, then every phone is theoretically vulnerable.