Apple Denies Helping NSA Subvert iPhone 284
New submitter aissixtir sends word that Apple has responded to allegations that the NSA has backdoor access to iPhones. Apple said,
"Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
This could be true (Score:5, Interesting)
Blackberry had government contracts (Score:5, Interesting)
I seem to recall Apple recently acquired a certain type of government security approval. I wonder if any of that is related.
Re:Totalitarian Business Model for Totalitarians (Score:5, Interesting)
This could be part of the reason the Whitehouse waived the patent decision against them.
Apple iOS vs. Blackberry (Score:4, Interesting)
Don't believe you.
Rhetorical question: why not?
If the "amateurs" can compromise iOS security, the professionals shouldn't have much of a problem:
https://en.wikipedia.org/wiki/Pwn2Own
Physical access to the iPhone was mentioned, so that's not surprisingly that the NSA can get at the data.
Blackberrys were also mentioned in the "Spiegel" article, but that was actually about getting at the e-mails via compromising the BES server. So it looks like in the case Blackberry, the crypto (both over-the-air and on-device) is secure. Which isn't too surprising given that RIM/Blackberry owns Certicom and uses ECC crypto (which the NSA has been pushing with Suite B), and given that BB has EAL 4+ certifications (and iOS does not):
https://www.google.ca/search?q=blackberry+EAL
However, in Pwn2Own BBs were compromised by visited exploit-filled websites.
Obligatory translation... (Score:5, Interesting)
Translation: "the NSA did all the work and we didn't have to work with them."
"Additionally, we have been unaware of this alleged NSA program targeting our products."
Translation: "we weren't aware they were supposedly trying to hack our products because we already allowed them carte blanche access."
"
Translation: Our customers are best-protected by us having a lot of money and not being in secret courts all day so we comply with government organizations' suggestions.
"We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
Translation: since the NSA are not malicious hackers but our best buddies, we will happily focus our efforts on black-hat bad guys. Nothing to see here.
You know... if one of these companies would just say "there are no backdoors in our software. We do not allow the NSA or any other organization access to customer data or communications under any circumstance. These are not new policies and go back to the inception of our iOS line of products", then I could take them seriously. Instead their lawyers draft these PR statements that use such mind-deadening language that it's trivial to poke fun at them.
I don't honestly believe Apply has allowed a back-door, but their statement just sucks.
Re:Who's the enemy? (Score:5, Interesting)
Kind of like how I don't notice dropped pennies
Re:This could be true (Score:3, Interesting)
whatever they claim can be sooner or later verified by checking Snowden data
Clearly slashdot's common sense quotient has passed its apex with the number of up-mods on this. Snowden didn't download the full NSA database of everything. Ever. Nobody in the NSA has that level of access. Nothing like that likely even exists at the NSA. It isn't like there's just this one computer, somewhere, that sits in a warehouse and contains every national secret ever. You do not get to "Hack the Gibson" and then it just ejects candy like it's a digital pinata. SIPR/NIPR is a network, and it's second only to the actual internet in its size. In fact, it's where the Internet came from; it's MILNET version 2.0 basically. That's where the data is; on thousand of servers spread across the world. And that's just the stuff the NSA has ownership of.
But let's ignore all of that because here on Slashdot, we (apparently) cannot expect people to have a basic grasp of networking and systems fundamentals. Let's look at just the non-technical reasons why this is a horribly stupid statement to make: Snowden's gone. He's not part of current operations. Who is to say that after he left, the NSA decided to embark on a new intelligence initiative. I know -- it's shocking, but organizations sometimes continue to function and do new things after someone leaves it. And that person, no longer being part of the organization, will know nothing of them.
Snowden has no useful function as verification for anything right now. Much of the intelligence data he's collected is now worthless -- a lot of this stuff has a "use by" date, and just like milk, once it's gone bad, trying to consume it will do terrible things to you. There is no Snowden Fact Checking Emporium, where you can just show up and punch in some keywords and find out what the NSA's up to today, or yesterday, or any day really. The data he stole doesn't offer that kind of granulated access... it's like he shoplifted a library, but all the pages in all the books are ripped out and thrown in the middle of the room. Without the organization and analysis of the data, it's largely useless anyway.
There is no verification potential here. None. Nadda. Zero. Zippo. No potential at all. What Snowden says or doesn't say, what he released or didn't release, offers us no confirmation of any kind whatsoever regarding current intelligence operations.
Re:This could be true (Score:5, Interesting)
Perhaps they are constrained by law and couldn't release the truth if they wanted to.
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. (Once the NSA backdoored the iPhone, we didn't fix it) Additionally, we have been unaware of this alleged NSA program targeting our products(In this case, 'we' refers to the marketing department and the guy that brings the bagels) ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them. Securing out products against the non malicious, non attacking survailence by the NSA would be inappropiate, of course.
Ok, I actually went and RTFA. TFA says, and I quote:
The documents suggest that the NSA needs physical access to a device to install the spyware—something the agency has achieved by rerouting shipments of devices purchased online—but a remote version of the exploit is also in the works.
If somebody actually reroutes shipments and tampers with your product in transit it's kind of hard to 'fix' that. What would you like Apple to do? Have every iPhone they sell escorted by armed guards? With all due respect to the noble sport of Apple hating, one security researcher speculates, and once again I quote:
Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves...
...and every Apple hater on /. immediately takes that as proof positive that Apple must be sabotaging their own product by routing their shipments through NSA hacking HQ for spyware installation and have a team of engineers developing a remote attack kit for the NSA. Come to think of it, why would the NSA even need have one 'in the works' if Apple is building NSA friendly back doors into their products by default? I mean it could not possibly be the case that the NSA has teams of people tapping into the hacker underground and buying up zero day exploits now could it? (Hint: that's the other thing that security guy suggested) No it's much more logical that the NSA have blackmailed thousands of American and foreign companies into sabotaging their own products. After all, such an operation is much more easy to cover up (not) that just quietly buying up zero day exploits and/or hiring a team of hackers to ensure a steady supply of exploits. If Apple actually did what they are being accused of they deserve to get punished (and they will when their customers abandon them in droves), but let's at least try to base the idle speculation on something more solid than "I hate Apple".