Apple Denies Helping NSA Subvert iPhone 284
New submitter aissixtir sends word that Apple has responded to allegations that the NSA has backdoor access to iPhones. Apple said,
"Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
They can't stop unlockers (Score:5, Insightful)
What makes you think they could stop the NSA?
Re:They can't stop unlockers (Score:5, Informative)
I hate how this story has warped into an Apple bash. Go watch the original presentation. [youtube.com]
Jacob Applebaum detailed the latest revelations on the NSA at 30c3 wherein he describes software to launch automated malware attacks "designed for at scale explotation" which is being used for "fishing expeditions, it's more like fishing crusades ... targeting Muslims." He describes NSA drones being used to wirelessly compromise wifi routers from a distance of 8 miles. Also mentioned, the NSA is shipping compromised American hardware ordered online including iPhones, Dell PowerEdge servers, HP servers, Solaris servers, and more. He wraps up the talk mentioning "a specialized technology for beaming energy into you and the computer systems around you" to compromise systems. Up to 1KW of energy specifically. It's clear from his presentation that what the NSA is doing is not just passive collection. It is not the digital equivalent of a wiretap. It is the digital equivalent of a drone firing a hellfire missle on you.
Apple is a very small aspect of this story. The NSA has militarized the internet.
Re:They can't stop unlockers (Score:5, Funny)
I hate how this story has warped into an Apple bash.
Well, it's because all the Android owners are enjoying this opportunity, secure in the knowledge that their Java-based apps are keeping their personal information safe!
Re: They can't stop unlockers (Score:4)
Re:They can't stop unlockers (Score:5, Insightful)
As I had to point out to other people. This was from 2008. The original iPhone, and maybe the iPhone 3G. Do you know what that means? Those did not come with encryption. iPhone 3GS and onwards had encryption. I forgot if the hardware encryption was built in to the 3GS or started with the 4, but it's there.
Do you know what that means? The original iPhone could be mounted as a disk, and everyone knows what happens when you have physical access to a system, and it doesn't have full disk encryption - you get to screw with the file system, and install shit.
What happens on the iPhones with encryption (that is always enabled if you have a passcode - actually it is always enabled, but if you don't have a passcode, it just passes it through)? Even if you have hardware access, you do not have the ability to drop files and screw with it.
The bigger question Android users should ask themselves - why do Androids not come with full device encryption enabled by default? Why are Androids, by default, still vulnerable to the kind of attack that Apple fixed in 2009?
And please don't tell me Android v4 have full device encryption. That's a joke. It takes 45 minutes to enable encryption on my Nexus 4. You have to login twice after a reboot to use your phone. And the encryption is already broken - just ask Cellebrite - they proudly tell you they can do forensics on encrypted Android image.
So - Android users - why do you settle for less?
Re:They can't stop unlockers (Score:5, Insightful)
The bigger question Android users should ask themselves - why do Androids not come with full device encryption enabled by default? Why are Androids, by default, still vulnerable to the kind of attack that Apple fixed in 2009?
What good is encryption if Google can remotely install any software it damn well pleases on your handset without your knowledge or approval?
Re: (Score:2, Insightful)
The bigger question Android users should ask themselves - why do Androids not come with full device encryption enabled by default? Why are Androids, by default, still vulnerable to the kind of attack that Apple fixed in 2009?
What good is encryption if Google can remotely install any software it damn well pleases on your handset without your knowledge or approval?
The same can be said for Apple and Apple devices. Apple reserve the right to screw with your device without warning or explanation. At the very least Google is open about what it does and why, Apple just says "do not question us".
Beyond this, if you wanted to you can install a non-Google AOSP ROM and you are outside Googles reach. Can you do that with IOS?
Sorry if facts dont agree with your sad sounding Google bash, carry on regardless.
Re:They can't stop unlockers (Score:5, Insightful)
Google has removed apps that are banned from the Google Play store from people's devices remotely. Apple has not.
Is an unknown fear in the future somehow better for you to digest than that fear being played out in the past and present? (Apple's "may" versus Google's "has and does and will continue to do")
I still have the "Asian Boobs" apps I downloaded off the App Store on my iPhone even though it has long, long since been removed from App Store. (Yes, it's actually called "Asian Boobs")
Re: (Score:3)
Politely, thats crap, ever heard of updates? They, apple/Google/MS all do "updates" that "change"your phone/computer settings without your permission. That activate "features" in your system until you find out about later after some security expert notifies the public about what they did. Even then you have no idea what else has happened, since the companies/the phone/computer/parts/whatever/ even don't know what has been shipped, or refuse to elaborate on what they did, or they have been ordered by the FISA courts to keep quiet about what was added.....
You make a good point. Where are the Android release notes for each release? Where are the security advisories published when they've fixed a vulnerability?
Re: (Score:3, Insightful)
Google can only do things on Android phones which have Google apps installed. Installing Google apps is optional for anyone with a rooted phone.
I have several devices running Android - tablets and phones. None of them run Google apps, nor the Google framework, nor any other Google-specific software. These devices run self-compiled Android distributions, some of them tailored to the application (eg. removed services from ServiceManager, etc).
Try that with iOS. Nice try.
Re: (Score:3)
Re: (Score:3)
You are embarrassed to post under your real name aren't you, posting a bunch of strawmens and then shooting them down. I like all your ifs and buts and thens.
And redirecting attention away from a vulnerability that is current *OPEN* on a default Android, away from a supposed vulnerability in iOS.
Champion debating skills here I see.
Re: (Score:3)
Give me the phone's owner and a wrench, I'll have the pincode out real quick. There is an xkcd link for this but my hangover is killing me.
Re: (Score:2, Troll)
What Apple deserves to be bashed over is the ridiculous claim of industry leading security.
That's the part that's hilarious.
It's as funny as Ford using the Pinto as an example of industry leading automobile safety...
Re: (Score:2)
Re: (Score:2, Troll)
In this particular case I should be working for Sony apparently.
While those bastards may be black evil to the core... at least they were able to secure their console (and it's theirs, not the person who paid for it) from those pesky hackers that pay them hard money for the opportunity.
How can Apple say industry leading security in a discussion about iPhone with a straight face?
Come on. It has nothing to do with fanboism, shills, or any other bullshit.
The iPhone is so full of security holes it gets a jailbre
Re: (Score:2)
The internet is a military invention. Don't use it for secure comms and never want to use it for secure comms.
No electronic comms are truly secure against a well-funded attacker.
Re: (Score:2)
Other than the dismemberment, arson and homicide?
Re: (Score:2)
Give him a break. Getting special attention at every border crossing and hanging out with Crazy Julian would make anyone a bit loopy and given to hyperbole.
Re: (Score:2)
... The NSA has militarized the internet.
EXACTLY!
So much for network neutrality. The NSA has put paid to that dream.
Re: (Score:2)
What makes you think they could stop the NSA?
What makes you think they ever want to stop the NSA ?
Comment removed (Score:4, Insightful)
Re: (Score:2)
Retroactive immunity.
Re:They can't stop unlockers (Score:4, Insightful)
What makes you think Apple would break the law and admit they helped the NSA (sure they signed NDA beforehand)?
There are laws that prevent companies from saying things. There are no laws that can force a company to lie. Actually, there are laws that make it illegal for a publicly traded company to lie about certain things. So possible things that Apple could do are:
1. Say "we helped the NSA" - illegal and stupid if they did, illegal and stupid if they didn't.
2. Say nothing. Perfectly legal. Possibly a hint that they helped the NSA, because you'd want to tell the world if you didn't.
3. Say "we didn't help the NSA" - illegal if they did, perfectly legal if they didn't.
Re: (Score:2)
That would be interesting if it were actually true.
Comment removed (Score:4, Funny)
Re:They can't stop unlockers (Score:5, Informative)
Of course there's an inherent bias there, in that the most desirable prize is for cracking the Apple product.
Actually it isn't.
The higher cash prizes were for the non-Apple products.
Sorry Apple. (Score:5, Insightful)
Don't believe you.
It's now proven most American companies can't be trusted.
Re: (Score:3)
Best laugh I've had all day.
Re:Sorry Apple. (Score:5, Insightful)
Re:Sorry Apple. (Score:4, Insightful)
Right, but then, do you remember a time when you couldn't have a windows machine pwned by visiting a web page? There's also plenty of instances of Linux being remotely comprisable this way. Which operating system do you know of that hasn't been exploitable at some point by visiting a web page?
Re: (Score:2)
Don't believe you.
It's now proven most American companies can't be trusted.
I for one, either believe them, or think it doesn't matter. It doesn't take infiltrating every member of the company to accomplish what the NSA has. A very very small number of high ranking employees can be compromised, and effectively compromise the main products and services of the corporation. While open source and open development is still vulnerable to this same threat vector, I think its decreased threat surface will make it a formidable contender in the post-snowden tech era.
Apple iOS vs. Blackberry (Score:4, Interesting)
Don't believe you.
Rhetorical question: why not?
If the "amateurs" can compromise iOS security, the professionals shouldn't have much of a problem:
https://en.wikipedia.org/wiki/Pwn2Own
Physical access to the iPhone was mentioned, so that's not surprisingly that the NSA can get at the data.
Blackberrys were also mentioned in the "Spiegel" article, but that was actually about getting at the e-mails via compromising the BES server. So it looks like in the case Blackberry, the crypto (both over-the-air and on-device) is secure. Which isn't too surprising given that RIM/Blackberry owns Certicom and uses ECC crypto (which the NSA has been pushing with Suite B), and given that BB has EAL 4+ certifications (and iOS does not):
https://www.google.ca/search?q=blackberry+EAL
However, in Pwn2Own BBs were compromised by visited exploit-filled websites.
Re:Sorry Apple. (Score:4, Insightful)
Keep in mind that Apple has a very secretive culture. I could easily believe that there is a group that works with the NSA but that is not generally known.
Hell, most employees hadn't heard of the iPhone before it was announced. How difficult would it be to have a group inside Apple that did these things and not have anybody outside of those employees know about it?
Re: (Score:2)
Moments from the life of Anonymous part 1 : The teenage years
Cute girl: "Hey, can I tell you a secret?"
AC: "Waaah! You're STUPID STUPID!"
*runs away screaming*
This could be true (Score:5, Interesting)
Re:This could be true (Score:5, Insightful)
Like RSA they will just keep denying it and hope there is nothing to directly contradict them. They may well be telling the truth, but we can't be sure now and maybe even Apple don't know that one of their engineers was compromised and forced to work for the NSA.
We know that iphones kept location logs, for example. Apple claimed it was done in error... Perhaps a deliberate error by an NSA agent in their ranks, but we will probably never know.
Re:This could be true (Score:5, Insightful)
Perhaps they are constrained by law and couldn't release the truth if they wanted to.
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. (Once the NSA backdoored the iPhone, we didn't fix it) Additionally, we have been unaware of this alleged NSA program targeting our products(In this case, 'we' refers to the marketing department and the guy that brings the bagels) ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them. Securing out products against the non malicious, non attacking survailence by the NSA would be inappropiate, of course.
Re:This could be true (Score:5, Interesting)
Perhaps they are constrained by law and couldn't release the truth if they wanted to.
Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. (Once the NSA backdoored the iPhone, we didn't fix it) Additionally, we have been unaware of this alleged NSA program targeting our products(In this case, 'we' refers to the marketing department and the guy that brings the bagels) ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them. Securing out products against the non malicious, non attacking survailence by the NSA would be inappropiate, of course.
Ok, I actually went and RTFA. TFA says, and I quote:
The documents suggest that the NSA needs physical access to a device to install the spyware—something the agency has achieved by rerouting shipments of devices purchased online—but a remote version of the exploit is also in the works.
If somebody actually reroutes shipments and tampers with your product in transit it's kind of hard to 'fix' that. What would you like Apple to do? Have every iPhone they sell escorted by armed guards? With all due respect to the noble sport of Apple hating, one security researcher speculates, and once again I quote:
Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves...
...and every Apple hater on /. immediately takes that as proof positive that Apple must be sabotaging their own product by routing their shipments through NSA hacking HQ for spyware installation and have a team of engineers developing a remote attack kit for the NSA. Come to think of it, why would the NSA even need have one 'in the works' if Apple is building NSA friendly back doors into their products by default? I mean it could not possibly be the case that the NSA has teams of people tapping into the hacker underground and buying up zero day exploits now could it? (Hint: that's the other thing that security guy suggested) No it's much more logical that the NSA have blackmailed thousands of American and foreign companies into sabotaging their own products. After all, such an operation is much more easy to cover up (not) that just quietly buying up zero day exploits and/or hiring a team of hackers to ensure a steady supply of exploits. If Apple actually did what they are being accused of they deserve to get punished (and they will when their customers abandon them in droves), but let's at least try to base the idle speculation on something more solid than "I hate Apple".
Re: (Score:3)
If somebody actually reroutes shipments and tampers with your product in transit it's kind of hard to 'fix' that. What would you like Apple to do? Have every iPhone they sell escorted by armed guards?
I was wondering when somebody would point that out. Anyway like you point out, their "cracking" of apple products consists of getting to it before the end user gets to it. Any system is vulnerable if they can do that.(Yes, even Linux.)
Re: (Score:3)
> Like RSA they will just keep denying it and hope there is nothing to directly contradict them.
Yup. And now John Kelsey (who authored the NIST report) says that the potential for the Dual_EC_DRBG backdoor was brought up in an ANSI group meeting, in a group that had three formal RSA Security members (whether they were actually present at the meeting we don't know). And two Certicom members of the same group wrote a patent exactly describing the back door in January 2005, which presumably all the ANSI gro
Re: (Score:2)
It wasn't a location log. It was a cache. If you enable location services, your iDevice gets sent a list of local MAC addresses for WiFi and tower IDs. Apple sends you a list of MAC addresses and their locations so you can do WiFi-based geolocation (Apple owns at least one company doing this).
In fact, you can take a WiFi-only i
Re: (Score:3, Interesting)
whatever they claim can be sooner or later verified by checking Snowden data
Clearly slashdot's common sense quotient has passed its apex with the number of up-mods on this. Snowden didn't download the full NSA database of everything. Ever. Nobody in the NSA has that level of access. Nothing like that likely even exists at the NSA. It isn't like there's just this one computer, somewhere, that sits in a warehouse and contains every national secret ever. You do not get to "Hack the Gibson" and then it just ejects candy like it's a digital pinata. SIPR/NIPR is a network, and it's secon
Re: (Score:3)
The verification options are very simple - a large group of people exist in the private sector and academia who once worked for different govs around the world.
They would be happy to offer their expert verification services to the press per "document" or over years.
Think of it as great computer history filling in the ~1970-80 to 00 gaps. No use by date on history, books and other publishing
Confirmation of private sector security mal
Re: (Score:3)
Really, it's quite impressive the knowledge you have of internal, top-secret NSA operations. How exactly do you come up with this information?
By using common sense and the belief that the NSA is run by rational people, not snarky assholes on Slashdot who think they know everything simply because they googled it, but in actuality have exactly dick in the way of critical thinking skills. Nowhere in military or intelligence doctrine will you find the "Put all your eggs in one basket" to be marked as the best idea. Our nuclear weapons are spread throughout the country. Our military bases are spread throughout as well. Our training facilities are kept
Re:Occam's Razor would look unfavorably on Snowden (Score:4)
Re: (Score:3)
I doubt it's the dissent that people don't like. It's your NSA-ass-licking sig that they don't like.
Justice? For capturing Snowden? WTF?
How about justice for capturing all the NSA agents and leaders who are regularly commiting perjury, violating every right that is supposed to be sacred in the USA, and covering it all up with lies multiplied by lies?
How about justice for removing from the bench all the judges who say "What the NSA is doing has to be legal, because the government finds it useful!"
In other
I wish I could believe that (Score:3, Insightful)
But I can't.
Re: (Score:3)
What the hell? You must not read any Apple blogs. Apple's customers constantly bitch and complain to and about Apple. The problem is most of them feel they have nowhere else to go. Windows is so fucked and Linux is too much trouble for most of them.
First Denial I've Heard... (Score:2)
non-denial denial? (Score:5, Insightful)
They didn't say there was *not* an NSA backdoor. All they said was that they didn't work with the NSA to create one.
Re: non-denial denial? (Score:5, Insightful)
Even the "news" about what the press is calling a backdoor never stated that Apple helped create it. What the guy (and the docs from Snowden) said was that the NSA was successful installing malware (that included back door access to many, many things) 100% of the time when they had physical access to the device. This should not be surprising to anyone here and should be even easier on devices that allow trivial access to root.
Now, the guy who talked about this on stage stated (while admitting he had absolutely no evidence for this) that he believed Apple probably helped. Given the lack of evidence this claim is almost certainly libelous/slanderous, but so goes life. People should really work harder to examine facts instead of letting their dislike for a company determine what is true or not.
An official backdoor would be so much easier (Score:3)
a) Windows Update
b) App Store Update
Complete triviality. Any targeted device gets updates routed somewhere else.
All of Snowden's evidence of those complex cracks make it much less probable that there was any general manufacturer supported backdoor. I think Apple's being truthful.
Besides, what did you expect the NSA did? Do you think the Russians and Chinese have worse cracks? Certainly not.
Re: (Score:2)
They didn't say there was *not* an NSA backdoor. All they said was that they didn't work with the NSA to create one.
So a backdoor already existed, they didn't need to work with anyone to create it.
Because, of course... (Score:5, Insightful)
Because, of course, when your domestic intelligence agency asks you to do something, and you comply, you then also admit to it the first time someone questions your integrity.
It's almost as useful as government departments (esp. intelligence agencies) issuing press releases declaring that they only do what's in their mandate and according to the law.
Trust no one, but assume innocence until proven guilty. So, while nobody should trust Apple devices with sensitive data, any direct accusation must be backed up with evidence. It's then up to Apple to defend itself by attacking the evidence. What we have here is neither.
Re: (Score:3)
Trust no one, but assume innocence until proven guilty.
OK, so what if we find them guilty of silencing activists to protect the status quo instead of protecting us from enemies, [wikipedia.org] and they give us a non choice to trust them or not while they keep doing the same either way, and even escalate to lying directly to their overseers in congress. Then what? At what point do you become a scientist and say: "Oh, they're innocent? No. Prove it."
You see, you've forgotten a key piece of the puzzle. If the citizens are to be assumed innocent until proven guilty, then the
Re: (Score:2)
Damn you eggnog. I do understand the difference between their there and they're, and other such typos... Proofreading after editing is always difficult for cybernetic systems who have preexisting mental pattern to match and thus a tendency to see what they expect (a form of confirmation bias). Meh, consider it a test of sentience. If you can grok the message without balking like a BASIC prompt then you're at least as smart as a simple lexical AI which extracts meaning from signal and isn't distracted by
Aha (Score:2, Troll)
Apple has never worked with the NSA to create a backdoor in any of our products
So Apple has worked for the NSA to create a backdoor in their products. I understand.
Denying the wrong thing (Score:5, Insightful)
They should say there is no backdoor, not that they did not help making one.
Re: (Score:2)
Re: (Score:2)
On the "plus" side, well --- uh --- ok then I'm not sure what that could be so Nevermind
Re: (Score:3)
There is no way for them (or anyone else) to say with any certainty that a backdoor does not exist for this or any other product out there.
The most Apple can do is say that they're not aware of a backdoor, but I doubt this will satisfy anyone with a tinfoil hat.
Wording /might/ be a bit off (Score:2)
I'm sure there's legal coverage for all of these people to flat out lie, and as shown, most of them have been, but the gov has their back, and I'm sure the wording of things signed meant they were compelled to lie.
So they hit up Google/Microsoft/Cisco, and Apple is the only one who didn't turn over thei
Who's the enemy? (Score:5, Insightful)
This rogue agency will destroy billions upon billions of dollars worth of American commerce before its done.
Re:Who's the enemy? (Score:5, Interesting)
Kind of like how I don't notice dropped pennies
Re: (Score:2)
Damn. I think that is one of the best comments in a while. Too bad I have no more mod points.
Blackberry had government contracts (Score:5, Interesting)
I seem to recall Apple recently acquired a certain type of government security approval. I wonder if any of that is related.
Gag Order (Score:5, Insightful)
Working with the NSA most likely comes with a caveat: "you follow this gag order or we will put you in jail for interfering with national defense and releasing classified information." In other words, something almost as bad as giving aid to the enemy.
I hate conspiracy theories, but it is plausible that they are under a secret order from a secret court ordering them to deny everything. This is precisely why in the US we should never every have secret courts.
Re:Gag Order (Score:5, Informative)
How is that plausible? There's no legal mechanism to do that.
Joseph Nacchio. If you don't cooperate with the NSA, the SEC finds something to put you in prison for.
That's the whole point of Three Felonies A Day [amazon.com].
Re: (Score:2)
Worse things than this in the last few months have come up and I though "No way. That goes too far. Surely we wouldn't bug the personal phones of other leaders of state?!?" Yep. We did. And worse. The head of the NSA lied before the people who are supposed to over see their activities. Where was the "legal mechanism" for any of that? There is none. I agree with you Anonymous Coward, people in high position should be in prison for these crimes because there is no legal mechanism to justify so fucking much of
Not directly... But... (Score:2)
https://developer.apple.com/library/ios/documentation/Security/Conceptual/cryptoservices/Introduction/Introduction.html#//apple_ref/doc/uid/TP40011172-CH1-SW1 [apple.com]
Cryptographically strong random number generation
Encryption and decryption (both general-purpose and special-purpose)
https://developer.apple.com/library/mac/documentation/security/conceptual/cryptoservices/cryptoservices.pdf [apple.com]
[Page 10]
"elliptic curve encryption",
RSA random number generator = keys to palace...
.
What are the attack vectors (Score:2)
Re:What are the attack vectors (Score:5, Informative)
Try watching a few of the new 30C3 vids to get an overview of contractor and gov visions for phone tracking.
30C3 To Protect And Infect - The militarisation of the Internet
http://www.youtube.com/watch?v=XZYo9TPyNko [youtube.com]
30c3 To Protect And Infect, Part 2 (at ~30 min in for the cell phone question more at 43 min for ~DROPOUTJEEP too)
http://www.youtube.com/watch?v=b0w36GAyZIA [youtube.com]
30C3 Backdoors, Government Hacking and The Next Crypto Wars
http://www.youtube.com/watch?v=xLT7ao1V8vY [youtube.com]
Re: (Score:2)
Re: (Score:2)
In the early 1990's this would have been interesting. Much of the tech is now cheap and in the hands of national and state law enforcement.
The main problem is the lost, unlatc
Re: (Score:2)
And the careful parsing continues... (Score:3)
Apple has never worked with the NSA to create a backdoor in any of our products,
Note that they specified the NSA, but did not disclaim the possibility of working with some other group, like say a sub-contractor who didn't officially disclose to Apple the fact that they were an NSA sub-contractor. Surely the NSA isn't the only part of the US government that would love to have unfetterred "legal" access to arbitrary iphones.
With all the deliberatedly worded non-denial denials we've seen in response to NSA revelations, you'd think that Apple's PR firms would know to make an absolute denial if that was their intent. That wouldn't stop some people from thinking Apple is out-right lying. But why even give them an excuse, unless Apple does have something to hide and they want plausible deniability if the truth ever comes out?
Re:And the careful parsing continues... (Score:4, Insightful)
With all the deliberatedly worded non-denial denials we've seen in response to NSA revelations, you'd think that Apple's PR firms would know to make an absolute denial if that was their intent.
I see these overly-specific denials as a signal that they're under a gag order.
From the snow leopard security config guide v10.6 (Score:5, Informative)
Page 16/272: Acknowledgments
Apple would like to thank the National Security Agency, the National Institute of Standards and Technology, and the Defense Information Systems Agency for their assistance in creating and editing the client and server security configuration guides for Mac OS X Snow Leopard.
hahahaha (Score:2)
Obligatory translation... (Score:5, Interesting)
Translation: "the NSA did all the work and we didn't have to work with them."
"Additionally, we have been unaware of this alleged NSA program targeting our products."
Translation: "we weren't aware they were supposedly trying to hack our products because we already allowed them carte blanche access."
"
Translation: Our customers are best-protected by us having a lot of money and not being in secret courts all day so we comply with government organizations' suggestions.
"We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
Translation: since the NSA are not malicious hackers but our best buddies, we will happily focus our efforts on black-hat bad guys. Nothing to see here.
You know... if one of these companies would just say "there are no backdoors in our software. We do not allow the NSA or any other organization access to customer data or communications under any circumstance. These are not new policies and go back to the inception of our iOS line of products", then I could take them seriously. Instead their lawyers draft these PR statements that use such mind-deadening language that it's trivial to poke fun at them.
I don't honestly believe Apply has allowed a back-door, but their statement just sucks.
Ok then, WHY was local sync removed from OS X ? (Score:2, Insightful)
Prior to OS X 10.9 Mavericks, it was possible to sync an iOS
device completely, via USB cable which connected the iOS
device to the main computer.
Now in Mavericks the iOS local sync is gone. Personally I believe this
has been done because it will make it trivially easy for the NSA to collect the
contents of iOS devices from various central points ( the central points
would be the servers Apple uses for iCloud ).
So no, I don't believe that Apple will do anything to
protect the people who buy hardware from Apple. I
Re:Ok then, WHY was local sync removed from OS X ? (Score:5, Informative)
Complete and utter BS.
I always local sync and backup my iOS devices via USB with OS X and continue to do so in Mavericks.
Not exactly complete info (Score:3)
Breakdown of what was actually said. (Score:5, Insightful)
I work in a relationship role for a large firm that most people have heard of. Let me fill all of you in on exactly what was said here.
First time poster as I am normally not interested however I felt that most of the comments were not addressing the whole verbiage of the defense.
"Apple has never worked with the NSA" ----- We did not have a contract with or resources sharing agreement with the NSA. We have friends though. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers.
"to create a backdoor in any of our products, including iPhone" ----- Whatever was created was not called a backdoor or we did not create it. Someone else did.
"Additionally, we have been unaware of this alleged NSA program targeting our products..." ----- THIS alleged program. We were given a different name or aware of others.
"
----- Apple will and probably does investigate breach attempts. But this is not a breach. It was a voluntary. So we aren't doing anything.
"We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them." ------ Malicious hackers, Security Attacks, as stated above this was voluntary. We will continue not using resources to patch the vulnerabilities.
In summary Apple did not deny. It is simply used double speak/meaning to say, it was not officially worked, we didn't refer to it by this name, we did not personally create the vulnerabilities and we aren't going to fix them. The NSA would be like a vendor to a large company in this instance. The company can sit back and say they did not personally take malicious action. However, they can't get away from the fact that it happened under their watch so they must respond and deny, which as pointed out by others can be proven by subsequent revelation by Snowden or others, or they can type a paragraph which is true and doesn't admit guilt while misguiding others into making their own conclusion.
Remember, you are the one they have to convince, not themselves. The executives are not going to let someone like government or shareholders just waltz in and destroy what they've spent years building. They will lie or mislead and if caught, after years of arbitration and lawsuits, can settle for a small lump sum that pales in comparison to the money they could have made in the meantime. Look at BP and the trust fund they setup for the Gulf Oil Spill Cleanup. They made a profit on the interest and reinvestment of that money.
Believe me or not it's entirely up to you. I work in an area who has written quite a few of these and trust me it works to divide and conquer individuals who have different interpretations of literary/writing style. Either way, most people are not paying attention... and that's a fact.
Uh-yup (Score:5, Insightful)
Additionally, we have been unaware of this alleged NSA program
How could they be aware? I mean, it's only been widespread news for the last year or so!
Their statement is 100% lawyer-drafted weasel language crafted to tell enough truth that they don't get in trouble, while still lying about whatever it is they're lying about. Next it'll be something like "We're really sorry you think there are security flaws in our product, and we're working hard to change that perception."
Re: (Score:2)
They have been unaware of the program at one period in time, and have completed that period of being unaware in the past. Since they finished being unaware of the program they have been aware of it, and continue to be aware of it.
Everything is insecure by design (Score:2)
There really is no need to deny because nobody believes you or cares.
Whether by your own incompetence or collusion your platform is insecure "100% of the time".
Even when operating as designed and even assuming no secret backdoors both iOS and Android have methods of remote installation of software without giving user a choice or prompt. These platforms and the networks they run on are all defective by design.
Meh (Score:3, Insightful)
Per the video, the NSA iPhone compromise requires the NSA to obtain physical access to the device, and suggests they did this by rerouting shipping.
To me, that says that what they've done is exploited holes in iOS -- of which there have been many, that's how jailbreaks are possible -- and used them to install their own spyware. There's not only no need for them to involve Apple to do such a thing, involving Apple would actually be a bad idea, because it increases the number of people who know about it and might leak it.
I believe Apple had nothing to do with it. I believe the NSA has spyware for every version of iOS ever made, as well as Windows, OS X, Android, Linux (well fragmentation of the last two means there might be some versions which are safe -- but not the major ones), AIX, etc. If they don't, they're not doing their jobs. I don't think anyone should be the slightest bit surprised by any of this.
You can't know... (Score:2)
The problem with these denials is that they would say the same thing regardless of whether or not they have collaborated. There is no way to verify the truth. What we do know is that the Government is capable and willing to force these companies to lie or face criminal prosecution. They are intimidating people into immoral treasonous behaviour or face prison. It isn't Apples fault that they are put in this situation; they are in the same boat as all the other US companies.
Of course, the US is far from the o
Technically telling the truth? (Score:2)
I would be inclined to believe them (Score:2)
... if it wasn't for the fact that the iPhone 5s contains a fingerprint sensor. Who is to say other phones don't? What is to prevent anyone from collecting our fingerprints and matching them to webcam photos? If you want to get very paranoid, putting this kind of technology into a single device doesn't radiate "harmless".
Re:Totalitarian Business Model for Totalitarians (Score:5, Interesting)
This could be part of the reason the Whitehouse waived the patent decision against them.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
because everyone is forced to buy an Apple product?
Re:Totalitarian Business Model for Totalitarians (Score:4, Insightful)
It's not even in the same ballpark. Likening a the idea of a company checking out apps before you install them is nothing like having a government entity, with no accountability, recoding you every time you take a shit.
Get real.
Re: (Score:2)
Happy new year!
2014 is an anagram of 1024, so we must be up for something good.
Re: (Score:3)
Re: (Score:2)
They can if the government covers their asses with retroactive immunity after the fact.