Slashdot Mirror
Apple Denies Helping NSA Subvert iPhone
New submitter aissixtir sends word that Apple has responded to allegations that the NSA has backdoor access to iPhones. Apple said,
"Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
What makes you think they could stop the NSA?
Don't believe you.
It's now proven most American companies can't be trusted.
Well, since Apple is aware that whatever they claim can be sooner or later verified by checking Snowden data, they could be telling the truth.
#
#\ @ ? Colonize Mars
#
But I can't.
They didn't say there was *not* an NSA backdoor. All they said was that they didn't work with the NSA to create one.
Because, of course, when your domestic intelligence agency asks you to do something, and you comply, you then also admit to it the first time someone questions your integrity.
It's almost as useful as government departments (esp. intelligence agencies) issuing press releases declaring that they only do what's in their mandate and according to the law.
Trust no one, but assume innocence until proven guilty. So, while nobody should trust Apple devices with sensitive data, any direct accusation must be backed up with evidence. It's then up to Apple to defend itself by attacking the evidence. What we have here is neither.
They should say there is no backdoor, not that they did not help making one.
This rogue agency will destroy billions upon billions of dollars worth of American commerce before its done.
quiquid id est, timeo puellas et oscula dantes.
I seem to recall Apple recently acquired a certain type of government security approval. I wonder if any of that is related.
This could be part of the reason the Whitehouse waived the patent decision against them.
Working with the NSA most likely comes with a caveat: "you follow this gag order or we will put you in jail for interfering with national defense and releasing classified information." In other words, something almost as bad as giving aid to the enemy.
I hate conspiracy theories, but it is plausible that they are under a secret order from a secret court ordering them to deny everything. This is precisely why in the US we should never every have secret courts.
Don't believe you.
Rhetorical question: why not?
If the "amateurs" can compromise iOS security, the professionals shouldn't have much of a problem:
https://en.wikipedia.org/wiki/Pwn2Own
Physical access to the iPhone was mentioned, so that's not surprisingly that the NSA can get at the data.
Blackberrys were also mentioned in the "Spiegel" article, but that was actually about getting at the e-mails via compromising the BES server. So it looks like in the case Blackberry, the crypto (both over-the-air and on-device) is secure. Which isn't too surprising given that RIM/Blackberry owns Certicom and uses ECC crypto (which the NSA has been pushing with Suite B), and given that BB has EAL 4+ certifications (and iOS does not):
https://www.google.ca/search?q=blackberry+EAL
However, in Pwn2Own BBs were compromised by visited exploit-filled websites.
https://developer.apple.com/library/ios/documentation/Security/Conceptual/cryptoservices/Introduction/Introduction.html#//apple_ref/doc/uid/TP40011172-CH1-SW1
Cryptographically strong random number generation
Encryption and decryption (both general-purpose and special-purpose)
https://developer.apple.com/library/mac/documentation/security/conceptual/cryptoservices/cryptoservices.pdf
[Page 10]
"elliptic curve encryption",
RSA random number generator = keys to palace...
.
Apple has never worked with the NSA to create a backdoor in any of our products,
Note that they specified the NSA, but did not disclaim the possibility of working with some other group, like say a sub-contractor who didn't officially disclose to Apple the fact that they were an NSA sub-contractor. Surely the NSA isn't the only part of the US government that would love to have unfetterred "legal" access to arbitrary iphones.
With all the deliberatedly worded non-denial denials we've seen in response to NSA revelations, you'd think that Apple's PR firms would know to make an absolute denial if that was their intent. That wouldn't stop some people from thinking Apple is out-right lying. But why even give them an excuse, unless Apple does have something to hide and they want plausible deniability if the truth ever comes out?
When information is power, privacy is freedom.
Page 16/272: Acknowledgments
Apple would like to thank the National Security Agency, the National Institute of Standards and Technology, and the Defense Information Systems Agency for their assistance in creating and editing the client and server security configuration guides for Mac OS X Snow Leopard.
"Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone."
... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers."
Translation: "the NSA did all the work and we didn't have to work with them."
"Additionally, we have been unaware of this alleged NSA program targeting our products."
Translation: "we weren't aware they were supposedly trying to hack our products because we already allowed them carte blanche access."
"
Translation: Our customers are best-protected by us having a lot of money and not being in secret courts all day so we comply with government organizations' suggestions.
"We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
Translation: since the NSA are not malicious hackers but our best buddies, we will happily focus our efforts on black-hat bad guys. Nothing to see here.
You know... if one of these companies would just say "there are no backdoors in our software. We do not allow the NSA or any other organization access to customer data or communications under any circumstance. These are not new policies and go back to the inception of our iOS line of products", then I could take them seriously. Instead their lawyers draft these PR statements that use such mind-deadening language that it's trivial to poke fun at them.
I don't honestly believe Apply has allowed a back-door, but their statement just sucks.
"Oh no... he found the
Hi JS,
Try watching a few of the new 30C3 vids to get an overview of contractor and gov visions for phone tracking.
30C3 To Protect And Infect - The militarisation of the Internet
http://www.youtube.com/watch?v=XZYo9TPyNko
30c3 To Protect And Infect, Part 2 (at ~30 min in for the cell phone question more at 43 min for ~DROPOUTJEEP too)
http://www.youtube.com/watch?v=b0w36GAyZIA
30C3 Backdoors, Government Hacking and The Next Crypto Wars
http://www.youtube.com/watch?v=xLT7ao1V8vY
Domestic spying is now "Benign Information Gathering"
Prior to OS X 10.9 Mavericks, it was possible to sync an iOS
device completely, via USB cable which connected the iOS
device to the main computer.
Now in Mavericks the iOS local sync is gone. Personally I believe this
has been done because it will make it trivially easy for the NSA to collect the
contents of iOS devices from various central points ( the central points
would be the servers Apple uses for iCloud ).
So no, I don't believe that Apple will do anything to ///
protect the people who buy hardware from Apple. I've been one
of those buyers but I won't spend any more of my money with
Apple, because even if they aren't helping out the spooks
they are selling shit that doesn't work well without even bothering to
let users know about the loss of important features in their operating
system before those poor users "upgrade". That is inexcusable behavior
on the part of a company which pretends to care about how its products work.
(why doesn't he ?)......Because he received a gag order from the NSA !
I work in a relationship role for a large firm that most people have heard of. Let me fill all of you in on exactly what was said here.
First time poster as I am normally not interested however I felt that most of the comments were not addressing the whole verbiage of the defense.
"Apple has never worked with the NSA" ----- We did not have a contract with or resources sharing agreement with the NSA. We have friends though. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers.
"to create a backdoor in any of our products, including iPhone" ----- Whatever was created was not called a backdoor or we did not create it. Someone else did.
"Additionally, we have been unaware of this alleged NSA program targeting our products..." ----- THIS alleged program. We were given a different name or aware of others.
"
----- Apple will and probably does investigate breach attempts. But this is not a breach. It was a voluntary. So we aren't doing anything.
"We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them." ------ Malicious hackers, Security Attacks, as stated above this was voluntary. We will continue not using resources to patch the vulnerabilities.
In summary Apple did not deny. It is simply used double speak/meaning to say, it was not officially worked, we didn't refer to it by this name, we did not personally create the vulnerabilities and we aren't going to fix them. The NSA would be like a vendor to a large company in this instance. The company can sit back and say they did not personally take malicious action. However, they can't get away from the fact that it happened under their watch so they must respond and deny, which as pointed out by others can be proven by subsequent revelation by Snowden or others, or they can type a paragraph which is true and doesn't admit guilt while misguiding others into making their own conclusion.
Remember, you are the one they have to convince, not themselves. The executives are not going to let someone like government or shareholders just waltz in and destroy what they've spent years building. They will lie or mislead and if caught, after years of arbitration and lawsuits, can settle for a small lump sum that pales in comparison to the money they could have made in the meantime. Look at BP and the trust fund they setup for the Gulf Oil Spill Cleanup. They made a profit on the interest and reinvestment of that money.
Believe me or not it's entirely up to you. I work in an area who has written quite a few of these and trust me it works to divide and conquer individuals who have different interpretations of literary/writing style. Either way, most people are not paying attention... and that's a fact.
It's not even in the same ballpark. Likening a the idea of a company checking out apps before you install them is nothing like having a government entity, with no accountability, recoding you every time you take a shit.
Get real.
SJWs are the new boogeyman. -Me
Additionally, we have been unaware of this alleged NSA program
How could they be aware? I mean, it's only been widespread news for the last year or so!
Their statement is 100% lawyer-drafted weasel language crafted to tell enough truth that they don't get in trouble, while still lying about whatever it is they're lying about. Next it'll be something like "We're really sorry you think there are security flaws in our product, and we're working hard to change that perception."
That I'm right, and you don't like it, doesn't mean I'm a troll.
Per the video, the NSA iPhone compromise requires the NSA to obtain physical access to the device, and suggests they did this by rerouting shipping.
To me, that says that what they've done is exploited holes in iOS -- of which there have been many, that's how jailbreaks are possible -- and used them to install their own spyware. There's not only no need for them to involve Apple to do such a thing, involving Apple would actually be a bad idea, because it increases the number of people who know about it and might leak it.
I believe Apple had nothing to do with it. I believe the NSA has spyware for every version of iOS ever made, as well as Windows, OS X, Android, Linux (well fragmentation of the last two means there might be some versions which are safe -- but not the major ones), AIX, etc. If they don't, they're not doing their jobs. I don't think anyone should be the slightest bit surprised by any of this.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
How would an official backdoor work?
a) Windows Update
b) App Store Update
Complete triviality. Any targeted device gets updates routed somewhere else.
All of Snowden's evidence of those complex cracks make it much less probable that there was any general manufacturer supported backdoor. I think Apple's being truthful.
Besides, what did you expect the NSA did? Do you think the Russians and Chinese have worse cracks? Certainly not.
"harming the country"...along the same lines of harming a child molester by turning them in...he's only harming the security apparatus...said security apparatus already caused massive harm, they just kept it covered up until now.
Politely, thats crap, ever heard of updates? They, apple/Google/MS all do "updates" that "change"your phone/computer settings without your permission. That activate "features" in your system until you find out about later after some security expert notifies the public about what they did. Even then you have no idea what else has happened, since the companies/the phone/computer/parts/whatever/ even don't know what has been shipped, or refuse to elaborate on what they did, or they have been ordered by the FISA courts to keep quiet about what was added.....
You make a good point. Where are the Android release notes for each release? Where are the security advisories published when they've fixed a vulnerability?
They removed the sync for contacts and calendar, the rest is still locally synced. You can sync those 2 to any cloud provider, including rolling your own caldav server, not just Apple's, it just defaults to Apple's. It was an annoying move, but ascribing a motive beyond "we really would like people to use iCloud more because it ties them to continuing to use Apple products" isn't really supported by the facts (especially since the framework, SyncServices, had been declared deprecated since 10.7, so it wasn't exactly unexpected)
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
I doubt it's the dissent that people don't like. It's your NSA-ass-licking sig that they don't like.
Justice? For capturing Snowden? WTF?
How about justice for capturing all the NSA agents and leaders who are regularly commiting perjury, violating every right that is supposed to be sacred in the USA, and covering it all up with lies multiplied by lies?
How about justice for removing from the bench all the judges who say "What the NSA is doing has to be legal, because the government finds it useful!"
In other parts of the world, leaders have been assassinated for less.
"City hall" in German is "Rathaus" Kinda explains a few things......