Yesterday I bemoaned not only our depression-inducing lack of sunlight (predicted return of the sun: Sunday, maybe), but also Senate Republicans' efforts to hide or ignore information relevant to the impeachment trial now underway.
Another story about how a lack of transparency causes damage has come to light. The Washington Post reports that the Saudi attack on Post owner Jeff Bezos' phone was helped to great extent by Apple's refusal to report security defects:
A security report last week alleged that Bezos, who also owns The Washington Post, received a WhatsApp message laden with code that secretly snatched reams of personal data from his iPhone X. The message allegedly came from Mohammed bin Salman, the crown prince of Saudi Arabia. Security researchers say Bezos probably fell victim to the iPhone’s Achilles’ heel: Its defenses are so difficult to penetrate that once sophisticated attackers are in, they can go largely undetected.
That is in part because Apple employs a secretive approach to finding and fixing security flaws, researchers say, something that has generated debate in the security community.
Security researchers say iPhones and Androids have different approaches to security. They say they generally believe there are more bugs and vulnerabilities in Android. That may be because there are so many different versions, or “forks,” of Android. Google allows its myriad handset makers and others to customize the operating system.
That results in two security philosophies. In Android’s case, the researchers said, the more people who look for bugs, the more secure a system becomes. But Apple’s strategy follows the idea that less visibility into the software means fewer bugs will be discovered in the first place, making the overall operating system more secure. It takes skill, resources or both to find those bugs, which means hackers will typically use them sparingly to protect them from discovery.
Bruce Schneier has argued in favor of transparency for years. This is why. And why I only use Android devices.