Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Denies Helping NSA Subvert iPhone

Posted by Soulskill on from the at-least-we-have-a-falsifiable-hypothesis dept.

New submitter aissixtir sends word that Apple has responded to allegations that the NSA has backdoor access to iPhones. Apple said, "Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."

7 of 284 comments (clear)

  1. This could be true by Janek+Kozicki · · Score: 4, Interesting

    Well, since Apple is aware that whatever they claim can be sooner or later verified by checking Snowden data, they could be telling the truth.

    --
    #
    #\ @ ? Colonize Mars
    #
    1. Re:This could be true by Anonymous Coward · · Score: 5, Interesting

      Perhaps they are constrained by law and couldn't release the truth if they wanted to.

       

      Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. (Once the NSA backdoored the iPhone, we didn't fix it) Additionally, we have been unaware of this alleged NSA program targeting our products(In this case, 'we' refers to the marketing department and the guy that brings the bagels) ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them. Securing out products against the non malicious, non attacking survailence by the NSA would be inappropiate, of course.

      Ok, I actually went and RTFA. TFA says, and I quote:

      The documents suggest that the NSA needs physical access to a device to install the spyware—something the agency has achieved by rerouting shipments of devices purchased online—but a remote version of the exploit is also in the works.

      If somebody actually reroutes shipments and tampers with your product in transit it's kind of hard to 'fix' that. What would you like Apple to do? Have every iPhone they sell escorted by armed guards? With all due respect to the noble sport of Apple hating, one security researcher speculates, and once again I quote:

      Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves...

      ...and every Apple hater on /. immediately takes that as proof positive that Apple must be sabotaging their own product by routing their shipments through NSA hacking HQ for spyware installation and have a team of engineers developing a remote attack kit for the NSA. Come to think of it, why would the NSA even need have one 'in the works' if Apple is building NSA friendly back doors into their products by default? I mean it could not possibly be the case that the NSA has teams of people tapping into the hacker underground and buying up zero day exploits now could it? (Hint: that's the other thing that security guy suggested) No it's much more logical that the NSA have blackmailed thousands of American and foreign companies into sabotaging their own products. After all, such an operation is much more easy to cover up (not) that just quietly buying up zero day exploits and/or hiring a team of hackers to ensure a steady supply of exploits. If Apple actually did what they are being accused of they deserve to get punished (and they will when their customers abandon them in droves), but let's at least try to base the idle speculation on something more solid than "I hate Apple".

  2. Blackberry had government contracts by erroneus · · Score: 4, Interesting

    I seem to recall Apple recently acquired a certain type of government security approval. I wonder if any of that is related.

  3. Re:Totalitarian Business Model for Totalitarians by Nerdfest · · Score: 5, Interesting

    This could be part of the reason the Whitehouse waived the patent decision against them.

  4. Apple iOS vs. Blackberry by Anonymous Coward · · Score: 4, Interesting

    Don't believe you.

    Rhetorical question: why not?

    If the "amateurs" can compromise iOS security, the professionals shouldn't have much of a problem:

    https://en.wikipedia.org/wiki/Pwn2Own

    Physical access to the iPhone was mentioned, so that's not surprisingly that the NSA can get at the data.

    Blackberrys were also mentioned in the "Spiegel" article, but that was actually about getting at the e-mails via compromising the BES server. So it looks like in the case Blackberry, the crypto (both over-the-air and on-device) is secure. Which isn't too surprising given that RIM/Blackberry owns Certicom and uses ECC crypto (which the NSA has been pushing with Suite B), and given that BB has EAL 4+ certifications (and iOS does not):

    https://www.google.ca/search?q=blackberry+EAL

    However, in Pwn2Own BBs were compromised by visited exploit-filled websites.

  5. Obligatory translation... by PsychoSlashDot · · Score: 4, Interesting

    "Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone."

    Translation: "the NSA did all the work and we didn't have to work with them."

    "Additionally, we have been unaware of this alleged NSA program targeting our products."

    Translation: "we weren't aware they were supposedly trying to hack our products because we already allowed them carte blanche access."

    " ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers."

    Translation: Our customers are best-protected by us having a lot of money and not being in secret courts all day so we comply with government organizations' suggestions.

    "We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."

    Translation: since the NSA are not malicious hackers but our best buddies, we will happily focus our efforts on black-hat bad guys. Nothing to see here.

    You know... if one of these companies would just say "there are no backdoors in our software. We do not allow the NSA or any other organization access to customer data or communications under any circumstance. These are not new policies and go back to the inception of our iOS line of products", then I could take them seriously. Instead their lawyers draft these PR statements that use such mind-deadening language that it's trivial to poke fun at them.

    I don't honestly believe Apply has allowed a back-door, but their statement just sucks.

    --
    "Oh no... he found the .sig setting."
  6. Re:Who's the enemy? by TrollstonButterbeans · · Score: 4, Interesting

    It is a government that prints trillions upon trillions in debt notes, I'm not sure they would notice "billions".

    Kind of like how I don't notice dropped pennies ...

    --
    Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory