Forgot your password?
typodupeerror
Blackberry Cellphones China IOS Privacy United States Apple Your Rights Online

Leaked Memo Says Apple Provides Backdoor To Governments 582

Posted by timothy
from the well-we-know-att-does dept.
Voline writes "In a tweet early this morning, cybersecurity researcher Christopher Soghoian pointed to an internal memo of India's Military Intelligence that has been liberated by hackers and posted on the Net. The memo suggests that, "in exchange for the Indian market presence" mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA") have agreed to provide backdoor access on their devices. The Indian government then "utilized backdoors provided by RINOA" to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China. Manan Kakkar, an Indian blogger for ZDNet, has also picked up the story and writes that it may be the fruits of an earlier hack of Symantec. If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?"
This discussion has been archived. No new comments can be posted.

Leaked Memo Says Apple Provides Backdoor To Governments

Comments Filter:
  • Treason or not? (Score:3, Interesting)

    by Saphati (698453) on Sunday January 08, 2012 @08:36AM (#38628532) Homepage
    If a person were to help another government gain access to confidential data, it would be called treason. If APPLE or Nokia does it, it is OK? Can someone please explain that?
  • Who'd have thought? (Score:5, Interesting)

    by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Sunday January 08, 2012 @08:39AM (#38628554) Homepage

    The shiny backdoors the US government was so keen on to spy on its own citizens are also used by foreign governments to spy on the US government. Maybe security and privacy is worth something after all.

  • by amiga3D (567632) on Sunday January 08, 2012 @09:09AM (#38628642)

    I think we can safely assume any closed operating system is backdoored. If I was a foriegn government I'd never use an operating system that I couldn't compile from source myself. I think this is one reason that MS was let off from the Fedreal Lawsuit so easily, so they could aid in surveillance. It makes sense, if I was in their shoes I'd do the same.

  • by Anonymous Coward on Sunday January 08, 2012 @09:43AM (#38628810)

    "If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?"

    Yes and no. It's called 1394 (Firewire), and it has DMA access to read/write anything it wants, which includes retrieving encryption keys from ram of a running system, or tweaking a few bits here and there to kill a locked screensaver, for example.

    When you read papers on high security environments that disable hardware ports by filling them with epoxy etc., this is what they are trying to stop (aside from obvious uses like copying files to something like a thumbdrive).

    Enjoy! :)

  • by ShadowRangerRIT (1301549) on Sunday January 08, 2012 @10:32AM (#38629054)

    And because they're guilty of one type of bad act, they're guilty of all types of bad acts? Like when I shoplifted last week, got caught, and am now on death row for murder, because being guilty of shoplifting makes me guilty of all other crimes.

    Let me know when you find the article that says MS sold access to their phones and operating systems to open up a lucrative market. Anti-trust is bad, but it's not remotely related to selling backdoors for market access.

  • by Anonymous Coward on Sunday January 08, 2012 @10:50AM (#38629146)

    Everyone has done something illegal. They might not know it and it might not have been immoral. As long as you can monitor everything they do you can find a reason to send them to jail if they start to express 'undesirable' opinions.

    I can be more specific. All programmers violate patent law every time they code, whether they release their code or not.

    question:
    How is it we've accepted a set of laws that guarantee we'll be lawbreakers subject to enormous civil fines and seizure and what can we do?

    answer: publicly funded elections.

    puzzler: explain the answer

  • Manning v. Apple? (Score:4, Interesting)

    by Bob9113 (14996) on Sunday January 08, 2012 @10:53AM (#38629172) Homepage

    Bradley Manning provided access to U.S. government secrets to everyone, because (or ostensibly because) the U.S. government was not duly informing the United States Citizens of the military's actions in their name.

    Apple(*) provided access to U.S. government secrets to a foreign national government, because they wanted that foreign national government to give them quid pro quo access to a lucrative market.

    Seems pretty clear Apple will be facing more severe charges than Bradley Manning, right? ... Or, at least, it's going to be in the same ballpark, right? ... Well, OK, at least, same kind of national debate, where questions of treason get raised, right? ... No? ... OK, then, well, umm, WTF?!?

    * Note: RIM and Nokia are foreign -- an interesting angle to consider, but not as similar to Manning as Apple.

  • by Insightfill (554828) on Sunday January 08, 2012 @11:20AM (#38629276) Homepage

    This is what I so dislike about President Obama. He's not even a good liberal. This is the kind of thing I would Expect from the Bush administration.

    While I don't like all of his decisions, everyone got "pwned" (to quote a sibling post) on this one.

    Since it was packaged in the defense budget, nobody wanted to be seen as 'bad on military' in an election year. So: It ran through House and Senate with a veto-proof majority. Obama could have either taken a stand on this and had it go through anyway (with the headlines in October reading "He hates our troops") or signed it and gotten painted with "He hates our citizens."

    Oddly, the House and Senate, which wrote and passed this POS, seem not to be hit with the same brush.

  • by xTantrum (919048) on Sunday January 08, 2012 @12:18PM (#38629754)

    I think it highlights the importance of a common labelling for software in the same way that other consumer products have. In the past I thought it was important to have software labelled for "phones home", "displays adverts", "closed source", now this would require "has government mandated backdoors".

    Yes, but you're still trusting the goverment to do this and the point that should be seen here is we can no longer depend on elected officials to look out for the people. All this simply reaffirms is what Richard Stallman [slashdot.org] has been preaching for awhile now. It is up to the people to educate themselves and take the proper precautions. Of course the 99% won't and cannot and thus this is the reason we will soon see an event like Arab Spring spreading to the west. Sounds a bit crazy but the revolution will be here...soon.

  • by Niten (201835) on Sunday January 08, 2012 @12:36PM (#38629892)

    For Android phones with the Market app installed, an explicit backdoor isn't even necessary. Application installation is performed by the user requesting something from the Market, and the Market subsequently "pushing" the application to the device by sending an install command through Google's XMPP-based notification service. The installation itself does not require any interaction from the user. This is why, for example, you can install an app on your phone from the Android Market web site.

    Well guess what, this means that Google, or anyone who can leverage control over them, doesn't need a backdoor already on your phone. The government could just use the Market's normal installation mechanisms to install SpyOnStuff.apk over the air on an as-needed basis.

  • by mosb1000 (710161) <mosb1000@mac.com> on Sunday January 08, 2012 @12:37PM (#38629912)

    Question: We've given way too much power to the government and we are about to be trapped in a dystopian police state. What can we do to stop it before tos too late?

    Answer: Give the government control over campaign finance as well.

    Puzzler: Why do I have a bad feeling about this?

  • Re:Seriously, guys (Score:5, Interesting)

    by muecksteiner (102093) on Sunday January 08, 2012 @12:54PM (#38630044)

    The Stasi is a very interesting example. That deserves a closer look, to dispel any notions that any of the current *** outfits is remotely comparable.

    First, the Stasi might not have been all that well paid in monetary terms. But the sum total of what a full Stasi employee in good standing had access to (by local standards very nice holiday opportunities for the family, better housing, sometimes even a car, and whatnot) arguably pretty much made them a separate class within the East German state. Not as well off as the actual party apparatchiks, but far ahead of any normal citizen. In a communist society, money couldn't buy you all that much anyway, so one has to look at the broader picture to assess how "well off" someone was in that sort of society.

    Second, the Stasi was never the same thing as the regular police of East Germany. They were always a separate entity that was tasked with things such as (counter-)espionage both at home and abroad (by all means, including dirty ones), and the silencing of political dissenters (again by all means deemed necessary) - but never with regular policing as such. This distinction, and in particular their refreshing openness about "any means necessary for the job" being acceptable, is, at least in my opinion, an important point to note. The Stasi never had any pretensions about being an organisation that deemed itself entirely above the law. They were the "sword and shield of the party" (that was actually their official motto) - and to them, no moral or legal standards applied, except their own.

    Which is a *huge* difference from even a very corrupt U.S. police department, or the bad parts of, say, an alphabet soup agency. Nowhere in the U.S. will you find members of the intelligence community who are openly contemptuous of the rule of law. Corrupt and evil things unfortunately do happen in law enforcement circles, but they are never an *accepted part of the organisation's official culture* like they were with the Stasi.

    And by extension, there is also a third point that follows from what I just said. The Stasi was an organisation which actively recruited persons who were, well, fairly "special" in that they felt right at home in that sort of environment. The only really valid criticism of the (otherwise fantastic) film "The Lives of Others" that I have head so far is that someone like the protagonist (a Stasi officer who develops second thoughts about his "work") would never have been recruited in the first place, because the Stasi was very good at avoiding anyone who might be liable to start asking questions later. During the entire existence of the DDR, there were practically no defections worth mentioning of anyone within the Stasi. Which is a pretty impressive track record, given the huge size of that organisation.

    This has implications for the existing U.S. intelligence services insofar as running an outfit like the Stasi apparently required active psychological monitoring to seed out dissenters, in order to build up the very special cadre of people you need for such a psychopathic organisation. For instance, the Stasi reputedly had an extremely anti-intellectual "work culture", which, amongst many other things, helped to get rid of anyone who was likely to think too much on his own.

    The existing U.S. intelligence services are all *not* built on such psychopathic foundations. Recruitment happens pretty much from the general population (pending security clearance, and all that, but still), so the personnel base of the *** agencies is nowhere near the kind of pathological personality mix you would need to run a Stasi. Or, even more importantly, to transform an existing *** agency into a Stasi. Even with the more or less scary developments of the past few years, this should give some consolation to those of you who worry where all this will lead to. Something like the Stasi does not happen easily, and not overnight. And it does *not* grow out of the institutions of a normal society. The *** agencies might not all be very nice and cuddly, but fortunately, there is a world of difference still.

  • by Stiletto (12066) on Sunday January 08, 2012 @01:15PM (#38630252)

    I don't like either, but while we still have elections, I'd rather have government power than corporate power. At least with the government you can vote them out. You can't vote a company out of existence.

  • by t0qer (230538) on Sunday January 08, 2012 @03:41PM (#38631228) Homepage Journal

    2 weeks after my wife and I bought our house in 2001, I was laid off. After 3 months of searching 9/11 happened, and the shit really hit the fan. Silicon Valley for a time looked like a ghost town. Moving trucks were moving east (getting the fuck out of dodge so to speak)

    A year later I wound up getting a crappy job at a bar. 10 years later I'm still here, working on my own software that runs certain aspects of the bar (very profitably I might add) When we bought our house in 2001 interest rates were sky high, and the wife and I thought our futures in tech were pretty secured. I think we were at 10% interest. We refinanced twice over the 10 years trying to keep payments down so we could stay in our house.

    In the last 2 years the ARM on our loan got so high we were paying over $1600@mo for the new interest charges alone. We were virtually on the brink of losing our house. Then the "Obama Affordable home" plan was passed. Bank of America didn't make it easy. My wife had to call them every single day for a year. (like calling your AT&T subcontractor when your T1 goes down) At one point they denied us because "We couldn't verify your identity" (one of the loan modders wrote my social security number down wrong)

    Despite what you might think of Obama.. He's just doing the best he can. He's no Bill Clinton, but having to clean up after GWB can't be easy. He stopped the banks from bending over hardworking people. Osama was killed during his term. Troops are withdrawing from Iraq.

  • by hairyfeet (841228) <bassbeast1968&gmail,com> on Sunday January 08, 2012 @04:16PM (#38631444) Journal

    I have to wonder how "ahead of the game" the average law enforcement is when it comes to crypto simply because talking to a friend in the state crime lab (he keeps trying to hire me but...damn i don't think i could handle that shit 5 days a week) I have learned that even internet criminals are like most criminals and just very very very very...dumb. I mean stupid on whole never before seen levels of dipshit, just ignorant like you wouldn't believe. I had to cook up a batch file for my buddy last year because all his tools are based on NTFS and he couldn't recall off the top of his head the old DOS commands and they had found a braintrust still using Win98SE! Sure enough Mr Dipshit had hidden enough CP on his drive to get himself 300 years by dropping it in a subfolder in the Windows folder. no crypto, hell not even a password protected zip file, just dropped in a damned folder.

    So while I'm sure the NSA and Interpol have some chops simply because they have to deal with foreign powers and spies I have to wonder if the rest simply are up on their game because the "cyber criminals" they have to deal with are about as smart as the dipshit we had rob a bank last year while wearing his workshirt with his name and the name of the company in bold letters right on the front. Hell the lettering was big enough they could just read the shirt right off the security cam and sure enough Mr braintrust showed up for work the very next day and was shocked! Shocked I tell you! That they had managed to catch his brilliant ass.

  • A smart backdoor would look like a bug and could easily be explained away as such...

    Tee hee. A while ago, one of the hacker sites had a competition to see who could hide a "backdoor" -- the idea was to take an image in a script compatible form (all the numbers were in text, rather than in binaries), black out a certain region (think redaction), and still have some way to have the redacted area be recoverable when the right inputs were given.

    The catch? The code would be given a peer review, so you had to come up with something that would pass most attempts at oversight.

    A lot of people tried to hide stuff in "error detection" routines.

    The winning code had no bugs of any kind. It did perfect redaction of the specified area. No flaws, no errors, nothing to be spotted in code review.

    Except for one oddball usage of fetching and writing individual characters -- getc() and putc(). The author explained that as an attempt to make sure that no matter what was in the input data, no matter how messed up the graphics were in an attempt to break the code, it would not have any overruns, no undefined behavior, etc.

    Result? The "black" would be written out as "0", "00", or "000", depending on the light level of the source. For all three color channels.

    Absolutely unnoticeable when viewed on a viewer. There was no hidden alpha channel, no slight alternation between black-0 and black-1, etc.

    Yet you could still recover readable text, almost perfect pictures, etc.

    Security hole back door? Very doable.

  • XSecure (Score:5, Interesting)

    by Doc Ruby (173196) on Sunday January 08, 2012 @05:31PM (#38631996) Homepage Journal

    Hm, I wonder if a smart keyboard ran its own OS, like Android, running an X client over a network to the main PC's X server, if that would secure the aggregated workstation better against keyloggers and other similar devices. Not trusting the local buses, which seem harder to secure. An Optimus keyboard might have the HW to run the OS and X client. A monitor that's just an OS and X server over a gigabit ethernet to the main PC might complete the picture. And maybe the whole thing would then run even faster.

    Or maybe that all just kicks the can a little down the road, to where a keylogger or other spyware just infests the "app host" PC at the core.

  • by grcumb (781340) on Sunday January 08, 2012 @06:35PM (#38632434) Homepage Journal

    The Linux kernel is 14 million lines of code alone, when I type in a password I'm guessing between the kernel, xorg and the browser at least double that. Even if only a tiny bit of the code paths are touched, what's to say there's not a trigger set up somewhere to peek at some buffers?

    Let's say you're walking in a city of 14 million people. You stop at an ATM and enter your PIN. What's to say that one of those 14 million isn't watching, hoping to steal your PIN and then your money?

    When you're wandering around in a city full of strangers, there are real security concerns, some of them supported statistically by the sheer impossibility of being able to trust every member of a given community. But even given those limitations, you can still maintain a decent level of confidence simply by keeping tabs on who's watching you.

    But you've got other fish to fry when the bank itself says, 'You don't need to know about what security measures we've put into place. Just trust us.'

    FOSS is not a cure-all, and making something open source doesn't magically make it secure or even trustworthy. The only benefit is that it makes it possible to verify. Which is more than can be said for proprietary software.

  • by toadlife (301863) on Sunday January 08, 2012 @08:01PM (#38633078) Journal

    I saw a forensic expert that works for local law enforcement give a presentation for a local community college "intro to computers" class awhile back. 90% of what he told them was bullshit. He told them, that once they saved a file to their hard drive there was no way they could really delete it and that he could always recover it. He went on and on, belaboring the point that there was no way anyone could ever hide anything from him. I was working on a computer in the class, getting it ready for an upcoming engineering class in the same room, and didn't want to start anything so I just shut up, but I mentioned to the instructor and the class members later that the guy was full of shit.

    It kind of disheartening that a moron like that qualifies as an expert witness for law enforcement.

  • by hairyfeet (841228) <bassbeast1968&gmail,com> on Sunday January 08, 2012 @08:55PM (#38633432) Journal

    That is why i'm glad my buddy actually has a brain. he'll be the first to tell you he won't be getting past any crypto that won't fall to a rainbow hash or brute force dictionary attack and that with a modern drive you wipe with zeroes that shit is gone friend. just to be safe i do a DoD 3 on all drives that pass through the shop but that is just because i have a box sitting in the corner for drive wiping and a DoD 3 really doesn't add much time over a random wipe and part of the reason why many businesses and schools are willing to donate machines to me to refurb for the poor is i tell them "Any drive that you leave in will be getting wiped to DoD specs" which gives them piece of mind.

    And he is damned good in court, I've watched the man work and he is cool as ice, I just don't think i could do that shit. i know the state pays him to see a shrink weekly so he can "data dump" as he calls it but seeing raped kids pics and vids all damned day? man I do NOT want that damned job! In the consumer retail biz i make it a point not to snoop people's drives so i don't have to see any nasty shit, the worst i've had to deal with was some gal that wanted me to back up her erotic pics of herself before I wiped the drive. I swear that gal had dildos big enough you could mount them on a gun rack! But I don't think I could do like he does and sit there all calm while sitting across from some guy I KNOW raped his kid because i saw the pics. not enough brain bleach in the world, i don't care how good the benefits are!

  • by CodeBuster (516420) on Sunday January 08, 2012 @10:33PM (#38633972)

    So how dare you discredit the hard work we did getting to that point.

    Your missing the point here. You took a risk with an investment that, had it paid off, would have accrued entirely to yourselves. The fact that it didn't pay off isn't my problem. Why should us taxpayers, who prudently decided NOT to make foolish bets in the housing market, be forced to make you whole? Investors, like you, must NOT be bailed out from the downside of risks that they willingly took . Otherwise, it's not really an investment but charity and the rest of us cannot afford to be that generous. The GP is right. You made a bet on the housing market and you lost. You should take your losses and move on. Why should the rest of us bail your ass out? We didn't share in the potential rewards of a successful real estate investment so why should we share in the loss or is this just another case of privatized profits and socialized loses?

    After 2001-9/11 it wasn't just the banks screwing people over.

    You weren't the only ones who had a rough go of it last decade. Many of us decided not to buy overpriced homes or moved back to live with family elsewhere in the country to save money and live within our now reduced means. You'll get no sympathy from me for your underwater mortgage.

    Guys like countrywide home loans really set up a lot of hardworking folks to fail. We were with countrywide in the beginning.

    Nobody put a gun to your head and forced you to sign the papers. What about the rest of us who cut back and endured hardships and deprivations to save money and live within our means? You want to live in society and be treated like an adult while at the same time blaming your foolish financial decisions on bankers in nice suits who saw you coming? The fool and his money are soon parted or would be if the rest of us weren't being forced to bail your ass out.

    I'm not the only one in this boat. I am the 99%.

    No, your part of the 5-10% of foolish first time "home buyers" who should never have received a loan in the first place . You didn't honestly believe that the banks would loan a peon like you $400,000+ unless the government was turning around and immediately buying the mortgage from them did you? Not a chance.

  • by CodeBuster (516420) on Sunday January 08, 2012 @11:45PM (#38634420)

    Health care extended to millions of people who wouldn't otherwise have it

    Which is bullshit. Anyone who believes that ObamaCare will lower prices and make health care more accessible is either a fool or a liar. The truth will become clear to all within 10 years or less, but by then it will be much worse than it is now and people will wish (too late) that Obama had never meddled with health care. Even now, was healthcare cheaper for you today than before Obama was elected? If your like most Americans, the answer is almost certainly, "no".

    Honesty about how much the War on Terror is costing by putting it in the budget, rather than hiding it as Bush did

    Almost nothing about the Federal Government is honest. The only prudent course then is to reduce the size and scope of government so as to limit the deleterious effects of its gross dishonesty and incompetent bungling of everything it touches.

    Laws stopping credit card companies from abusing their customers through short notice due date changes and excessive default rates

    Which would be most properly understood as a law that reads, "foolish people shall receive no credit." Perhaps that wouldn't be such a bad thing after all. You see, something that we can agree on something after all.

    Limitations on outrageous fees charged to retailers by the card companies

    The government should intervene in a private contract between two businesses why exactly? If you're a merchant, nobody is forcing you to accept credit cards. Indeed plenty of small businesses refuse to accept some or all of them precisely because the fees are too high. Cash is king, despite what the credit card companies and their advertisers would have you believe.

    A Network Neutrality law (albeit not on mobile networks, but there are good technical reasons why wireless networks can't be as unfettered as wired ones)

    Translation: the government should force a private business to offer me unlimited services at whatever price I feel like paying.

    An end to the stop loss program wherein soldiers were forced to stay beyond what they signed up for

    I agree with this one. Offering bonuses or other incentives to remain is fine, but unless the United States formally declares war and activates the selective service system, nobody ought to be compelled to provide more military service than they were contractually bound to when they enlisted.

    Fixes to the abortion that was No Child Left Behind (e.g. funding it, helping low scoring school instead of punishing them, etc.)

    Two words: education vouchers .

    The Ledbetter Law, pushing back against a conservative SCOTUS ruling that made it virtually impossible for women and minorities to sue over pay discrimination

    Again, this will be most properly understood as a law stating that women and minorities shall not be hired unless as a last resort. Don't you realize that aggressive anti-discrimination laws, like minimum wage laws, very often hurt the very people whom they're supposed to help? You don't do women or minorities any favors by making them "lawsuit risks" to companies that might otherwise choose to hire them.

    An end to torture and extraordinary rendition

    I agree with this too. Instead, we ought to be recruiting agents in terrorist networks and places of interest and using that information to simply eliminate the targets in place. The use of the drones and CIA run networks is what we should have been doing all along, not occupying countries full of guerrilla fighters with our regular armed forces. Unfortunately, we're also undermining our efforts by destroying opium poppies and making enemies among the farmers who might otherwise be helping us. Instead, we should be buying up their opium and ensuring tha

  • by L4t3r4lu5 (1216702) on Monday January 09, 2012 @06:34AM (#38635986)
    Pfff. Amateur hour.

    In the UK, you get shot six times in the face for wearing a jacket in summer.

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel

Working...