Apple Agrees To Chinese Security Audits of Its Products

itwbennett writes According to a story in the Beijing News, Apple CEO Tim Cook has agreed to let China's State Internet Information Office to run security audits on products the company sells in China in an effort to counter concerns that other governments are using its devices for surveillance. "Apple CEO Tim Cook agreed to the security inspections during a December meeting in the U.S. with information office director Lu Wei, according to a story in the Beijing News. China has become one of Apple’s biggest markets, but the country needs assurances that Apple devices like the iPhone and iPad protect the security and privacy of their users as well as maintain Chinese national security, Lu told Cook, according to an anonymous source cited by the Beijing News."

Exploitable flaws

Nokia failed in design and marketing. Why would "Europe" regret that? It's not like "Europe" could have helped a bit. That's just how market works. Besides, the same people are still making phones, only they run MS software now. Nice phones, I have one, good exchange sync, works as a phone, WhatsApp works, nice camera. UI looks better imho compared to iOS and android. Software ecosystem may lack a bit, but everything I need in a phone is available. I have android phone also, but it's sitting on a desk at home because I have no use for it.

Doesn't really matter who spies my phone. I only live for a couple of decades anyways, if someone wants to waste their time spying on me I say good riddance, hope they found it interesting. I'm also sure it doesn't matter one bit who actually made the phone. If some entitity with sufficient funds wants to spy on them they will. IT's not like the information security is too strong on any of those.

Re:Absolutely fair..

[swb]

Fear one may just be outright industrial espionage.

I'm guessing that security in Apple products goes above and beyond whatever (likely modified) FOSS libraries they use, but would also include stuff like their whole-disk encryption system, the touch ID sensor and its encodings, etc. So there's a fair amount of proprietary tech in these devices.

Fear two might be obtaining what amount to currently unknown zero-day exploits that could conceivably open all iDevices to security risks exploitable by Chinese intelligence.

AFAIK, recent models and OS levels have a generally accepted level of security that makes them difficult to break or exploit and I think this has come to be seen as a competitive advantage. Even if the security is beatable by the NSA in a lab situation, the marketing value is to businesses worried about lost devices or devices used in vertical markets with security compliance regulations.

Which is why I wondered how much Apple can control the terms of a security audit. Do the the Chinese just get handed a memory stick with ios-82-iphone6-source.tgz they can take back to their office or do they sit in a plain white room with locked down desktops that do a one-way remote console to a machine with source code? Or worse, a plain white room with a bunch of binders of printed source code?

Re:Absolutely fair..

[Minupla]

Hrmm, this might work out well for us non-govt people.

Consider:

NSA: "Apple, you must let us 'review' your code. We'll keep our findings to ourselves, you can't tell anyone"
Apple: "OK"
NSA digs through code, finds exploits, locks them up for future weaponization ...
China: "Apple, we'd like to "review" your code. We're going to tell the world about it"
Apple: "OK"
NSA: "Crap, now those evyl Chinese will find our exploits. Darn, I guess we'd better tell Apple to fix them after all or the Chinese will be spying on us!

At the end of the day, the best we can hope for is that the various spooks keep each other honest.

Min