Author Topic: Cyber-Security Experts Ask If Apple “Flaw” Was Really NSA Backdoor  (Read 1384 times)

0 Members and 1 Guest are viewing this topic.

Offline Elaine Davis

  • Administrator
  • *****
  • Posts: 1467
  • Gender: Female
  • To thine own self, be true.
Cyber-Security Experts Ask If Apple “Flaw” Was Really NSA Backdoor

Security hole appeared just one month before NSA bragged it had penetrated Apple servers

Steve Watson
 February 24, 2014

Following an admission by Apple that a “bug” in its operating system had left devices open to potential hacking, experts are questioning whether the security hole was intentional, in order to allow the NSA backdoor access as part of its mass spying program.

On Friday Apple acknowledged that a “goto fail” command in the company’s SecureTansport protocol had left iPhones, iPads, and MacBooks vulnerable to data intercept on networks and wireless connections. Anyone who had knowledge of the security flaw, could have accessed secure data, Apple noted, declaring that ” a software fix will be released very soon.”
Johns Hopkins University cryptography professor Matthew Green told Reuters that the flaw (see below) was “as bad as you could imagine.”

Several coding experts are now raising their eyebrows over the matter, noting that the timeline of the inception of the security flaw matches up with leaked NSA slides that document how the spy agency had managed to gain access to Apple’s severs.

According to coder and App developer Jeffrey Grossman, who has studied the code in question, the flaw only appeared in iOS 6.0 and was not present in iOS 5.11.

Immediately, tech experts began to note that iOS 6.0 was released in September 2012, just one month before Apple was added to the NSA’s list of penetrated servers, according to slides leaked by Edward Snowden.

Noting that while the evidence is circumstantial, blogger John Gruber, a computer scientist, says that “the shoe fits” where the NSA’s Apple breakthrough is concerned.
“Sure would be interesting to know who added that spurious line of code to the file,” he notes. “Conspiratorially, one could suppose the NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer. It looks like the sort of bug that could result from a merge gone bad, duplicating the goto fail; line.”
Gruber has laid out five potential scenarios, personally leaning toward number three:

[quote( author=(.*) link=(.*) date=[0-9]+)?]1. Nothing. The NSA was not aware of this vulnerability.
 2. The NSA knew about it, but never exploited it.
 3. The NSA knew about it, and exploited it.
 4. NSA itself planted it surreptitiously.
 5. Apple, complicit with the NSA, added it.

“…once the bug was in place, the NSA wouldn’t even have needed to find the bug by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS.” Gruber states.

“Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets “added” to PRISM. ([It] wasn’t even necessarily a fast turnaround — the NSA could have discovered the vulnerability over the summer, while iOS 6 was in developer program beta testing.)” Gruber concludes.
Other tech bloggers concur that it is strange how such a major flaw wasn’t spotted or fixed sooner. “The timing is rather odd, and it makes you wonder how such a serious bug went undiscovered for over a year.” writes Cody Lee of iDownloadblog.

Ashkan Soltani, another security expert has compiled a list of current Apple applications that he believes are vulnerable to security hole that is still open on the current version of OS X for the Mac. The list includes basic apps such as mail, safari, twitter, facetime and calender. These apps transmit and store exactly the type of information NSA has targeted.

Just one month ago, a new Snowden leak revealed that the NSA had infiltrated iPhones with a program known as DROPOUT JEEP, which allowed the agency access to text messages, voicemails and other personal data.

Apple has since vehemently denied having knowledge of the NSA’s activities. “Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone,” Apple said in a January statement. “Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.”

What do you think? Did Apple intentionally allow the NSA backdoor access to its servers? Is Apple, seemingly like Intel, the victim of NSA moles on the inside? Or is all of this just a big old coincidence?
GOD FORBID THE LIGHTS GO OUT and a zillion brains have to be retrained to function in manual reality.

Does anyone else get the idea that the tweets on the WL account are starting to sound a little like someone is bathing in a bird bath, eating bird food & possibly smoking bird * in his own sphere??

Offline mayya

  • Administrator
  • *****
  • Posts: 7874
This is what Jacob Appelbaum had to say about an Iphone backdoor :

"Do you think Apple helped them with that? I don’t know. I hope Apple will clarify that. I think it’s really important that Apple doesn’t.

Here’s a problem. I don’t really believe that Apple didn’t help them. I can’t prove it yet, but they literally claim that any time they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. I’m not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died that maybe it’s just that they write shitty software. We know that’s true."

This quote is an extract from :
30c3: To Protect And Infect, Part 2 The militarization of the Internet
Jacob Appelbaum keynote - 30/12/2013