Forensic Expert Questions Covert 'Backdoor' Services Included in iOS by Apple

[dumastudetto]

And your opinion is based on what? What Apple has told you?

My opinion is based on the entire history of Apple as a company. They always put us the consumers first above everything else.

Apple has stood tall in the fight for our privacy when the likes of Google and Microsoft sell their users down the river for a few measly dimes. And that's why I'm proud to be an owner of multiple Apple devices, and why I tell anyones who listen they too should be using Apple products.

 

[Zxxv]

Why would I be scared ? I am more afraid of people losing their common sense. So you do have some control by exercising some common sense.

you said I used scare tactics so you obviously saw it, but I wasn't trying to scare you , just going over available info and seeing what does or doesn't make sense.

 

[viacavour]

True, someone else did bring up Android. But even after I tried to steer the dialog back to the topic, you still brought it up.

Huh ? Since when did I "still bring it up" ? You're the one who bring it up again and again here. Look at my past few posts. Did I mention Android ? You made me do it again. >_<

Regarding what the OP stated, I put a big all caps IF in my quote. I have no idea if what he says is true or not. Just like I can't vouch for the validity of the information you provided. That's why I say the questions have merit. More so because of his assertion that companies are already using the backdoor for profit. No offense to you, and I'm sure you researched your info, but I would like some clarification from Apple for simple peace of mind. If Apple says it's not true or they have a reasonable explanation, then okay. They could lie as well, but at least there's an official response to tie back to if needed.

I won't call googling "research". It's just stuff out there that people have found, plus common sense. That security researcher found some bits and pieces of info that people already knew about, and think he hits a jackpot that fits his agenda. *shrug*

 

[Parasprite]

There will probably be a Cydia tweak to remove this stuff within a few days, and then jailbroken phones will be more secure than regular ones
I'm not worried about the government using this, but if they can access my phone, hackers probably can as well.

Apparently you don't even need to be jailbroken to do this. Zdziarski made a post a year or so ago that said you can use Apple's own Apple Configurator to "Pair-lock" the device which apparently prevents the exploits (at the expense of being able to pair it with any other computer without the computer).

Disclaimer: I haven't tried it, jailbroken or otherwise. I wouldn't recommend messing with this unless you know what you are doing and/or can handle your phone being broken or not functioning properly (I have no reason to believe it will break anything, but just to be safe). Also, I'm obviously not a security expert.

Edit: Apparently there is already a Cydia tweak called "PairLock" (Bigboss). I also haven't tried this.

Edit 2: It looks like Pair-Locking using Apple Configurator reinstalls iOS, which is worth noting if you are Jailbroken.

 

[Zxxv]

My opinion is based on the entire history of Apple as a company. They always put us the consumers first above everything else.

Apple has stood tall in the fight for our privacy when the likes of Google and Microsoft sell their users down the river for a few measly dimes. And that's why I'm proud to be an owner of multiple Apple devices, and why I tell anyones who listen they too should be using Apple products.

Did you miss carrier ID?

 

[viacavour]

External security researchers aren't going to be allowed to change deliberate or mandated backdoors. RSA does a heck of a lot of internal security auditing, yet they made DUAL_EC_DRBG the default regardless. Why? They were paid $10 million by the NSA to do so.

And they were caught right ?

So far, there's no indication that open source security is better or worse than closed source. Apple use a mix to find the best solutions that fit them.

I'd say most companies use a mix of open and closed source software.

 

[mrholder]

Disappointing news. I'd like to see how they explain this.

They're waiting for Jay Carney to come on board so he can lie them out of this one.

 

[69Mustang]

There is no reason to believe Apple would ever do anything to deliberately compromise the security of our data. Apple is the one company that strives to do everything to protect us and our privacy from prying eyes.

Just for you bud.

 

[ineedamac]

Not surprised. And neither should you be.

The only thing that is truly private is what happens behind closed doors. Anything online or on a phone, computer, tablet etc is open for someone else to see.

 

[viacavour]

you said I used scare tactics so you obviously saw it, but I wasn't trying to scare you , just going over available info and seeing what does or doesn't make sense.

Of course I saw you being scared and trying to spread it. Doesn't mean I'm scared. ^_^

It's all common sense and yes, turning off Wifi when you don't need it save power. Even my mom knows it.

 

[69650]

It's about time the EU started earning their keep by putting a stop to US and China spying on EU citizens. Pass a law which forbids all back doors into products sold in the EU. Don't close the loophole and you can't sell your products here. Millions of lost sales or cow tow to the NSA. That would make Obama think.

 

[2984839]

And they were caught right ?

So far, there's no indication that open source security is better or worse than closed source. Apple use a mix to find the best solutions that fit them.

The only reason it came to light was because of Snowden's leaked documents. No leaks and we would be happily using backdoored algorithms with no way of verifying it.

Open source provides no guarantees of trust. Closed source provides a guarantee of distrust. It's a choice between "Nobody has found a backdoor yet" and "Nobody can even audit the code to look for a backdooor and the company would be compelled to lie if there is one". It's pretty obvious which is more trustworthy.

----------

It's about time the EU started earning their keep by putting a stop to US and China spying on EU citizens. Pass a law which forbids all back doors into products sold in the EU. Don't close the loophole and you can't sell your products here. Millions of lost sales or cow tow to the NSA. That would make Obama think.

But how would they verify it? I agree with the sentiment, but the nature of the problem doesn't lend itself to external auditing.

 

[Zxxv]

Of course I saw you being scared and trying to spread it. Doesn't mean I'm scared. ^_^

It's all common sense and yes, turning off Wifi when you don't need it save power. Even my mom knows it.

yawn. Im not scared dude I guess by your educative reasoning every news gatherer/reporter is scared :roll eyes: haha

ps... tell your mum she can be tracked by wifi.

 

[H2SO4]

Only drug dealers and criminals would have to be worry about this.

Kids... be sure those back doors are not meant to see the porn you are watching.

What is amazing is the ego of the people who say: ohhh... I do not trust Apple any more! And they are in the internet posting. An smart person just do not post anything in first place in public places.

This is probably in the top 10 of most ridiculous posts in this thread. Here is the difference as you appear too short sighted to see it.
If I post on the net, that is MY choice, as in I understand the risks and choose to do it.
I don’t appreciate an artificially made whole in my security system. I don’t mind flaws and mistakes as everything in life has them.

This is different.

 

[scbn]

I'm not surprised. I've never expected my iPhone is completely protected for privacy. They could find everything about you from your phone, your PC, etc, if they wanted to. But the average person really has nothing to worry. Why would the government be interested in you?

 

[Chupa Chupa]

The only thing that is truly private is what happens behind closed doors. Anything online or on a phone, computer, tablet etc is open for someone else to see.

While that may be true from a technology perspective, it's not true from either a 4th Amendment perspective or other parts of criminal or civil law.

 

[8CoreWhore]

There is no reason to believe Apple would ever do anything to deliberately compromise the security of our data. Apple is the one company that strives to do everything to protect us and our privacy from prying eyes.

It's so cute when children still believe in the tooth fairy.

 

[simonmet]

I don't understand why people get so worked up about this sort of thing.

Those backdoors are there for your protection. They are put there for the exclusive use of the governments who we democratically elected. i.e.: the good guys.

We should all stop being so suspicious, and learn to fully trust the NSA and GCHQ. These guys are serious, trained professionals - not spotty nerds who are out to steal credit card numbers or pictures of your girlfriend!

As long as these backdoors are secure (and surely they are!), then we have nothing to fear.

Sorry, I'm having trouble figuring out if this post is a joke or if you're actually being serious! If the latter...just WOW!

 

[brendu]

I just want to know how much these back doors allow hackers to get... Can they see every single thing I do? Who I call, text, email? The contents of those things? Can they access my banking info from my banking apps? My current and past location data? Can they change settings without my knowledge?

 

[8CoreWhore]

Statistically, very few of us live such colorful/interesting lives whereas monitoring of it would be beneficial to an outside source. Yet, with that stated, sure- this information provided in this blog is disturbing.

What if the guy you want to vote for is being monitored, and now compromised, he will then be owned if he wins, or the info can be used to cause him to lose. Judges, candidates, etc, etc, get compromised when dirt is discovered on them.

 

[PocketSand11]

Apparently you don't even need to be jailbroken to do this. Zdziarski made a post a year or so ago that said you can use Apple's own Apple Configurator to "Pair-lock" the device which apparently prevents the exploits (at the expense of being able to pair it with any other computer without the computer).

This is mentioned in the article too, but it sounds like a shotgun solution, and it still won't prevent someone with physical access from stealing the data. A Cydia tweak might be able to close the hole without any side effects by deleting the services or something.

 

[jennyp]

I don't understand why people get so worked up about this sort of thing ... These guys are serious, trained professionals - not spotty nerds who are out to steal credit card numbers or pictures of your girlfriend!

Edward Snowden recently pointed out that there is a culture in NSA staff of doing just exactly that - sharing pictures of people in shall we say compromising situations or aspects.

Don't be so naive.

http://gu.com/p/4v37y

 

[PocketSand11]

Those backdoors are there for your protection.

Yeah.

As long as these backdoors are secure (and surely they are!), then we have nothing to fear.

No, they're most likely NOT secure and for government-only access. Any hacker could probably get in.

 

[Naimfan]

I just want to know how much these back doors allow hackers to get... Can they see every single thing I do? Who I call, text, email? The contents of those things? Can they access my banking info from my banking apps? My current and past location data? Can they change settings without my knowledge?

Yes.

 

[Chupa Chupa]

But the average person really has nothing to worry. Why would the government be interested in you?

The central Founding Fathers would disagree. It's why they insisted on a Bill of Rights protecting citizens from government be a part of the Constitution. Most of the rights proclaimed in the Bill of Rights are to the people and stripped from the government. Perhaps a reading of the Federalist Papers is in order. Or maybe one of the James Madison bios.