×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Leaked Memo Says Apple Provides Backdoor To Governments

timothy posted more than 2 years ago | from the well-we-know-att-does dept.

Blackberry 582

Voline writes "In a tweet early this morning, cybersecurity researcher Christopher Soghoian pointed to an internal memo of India's Military Intelligence that has been liberated by hackers and posted on the Net. The memo suggests that, "in exchange for the Indian market presence" mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA") have agreed to provide backdoor access on their devices. The Indian government then "utilized backdoors provided by RINOA" to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China. Manan Kakkar, an Indian blogger for ZDNet, has also picked up the story and writes that it may be the fruits of an earlier hack of Symantec. If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

582 comments

How Not to be Seen (5, Insightful)

alphatel (1450715) | more than 2 years ago | (#38628398)

The next time you text "i hacked my xbox!" to your friend, expect federal prison for life.

It's all a big setup. The Patriot Act lets them investigate anything, anywhere, without a warrant. Now they are on your devices. Now any terrorist loses his rights as an American. The next war is at civil. No wonder the troops are coming back home.

Re:How Not to be Seen (5, Insightful)

fred911 (83970) | more than 2 years ago | (#38628448)

PGP... it's way past time. Clinton was trying to mandate forced escrow keys for strong encryption years ago, first warning. Now, you can't place your trust in anyone but yourself to protect your privacy.

Re:How Not to be Seen (4, Funny)

loufoque (1400831) | more than 2 years ago | (#38628516)

The next time you text "i hacked my xbox!" to your friend, expect federal prison for life.

Hacking stuff you own is perfectly legal.

Re:How Not to be Seen (5, Funny)

Anonymous Coward | more than 2 years ago | (#38628544)

You must be new around here..

Re:How Not to be Seen (4, Insightful)

amiga3D (567632) | more than 2 years ago | (#38628628)

What does legality have to do with it?

Re:How Not to be Seen (2, Funny)

loufoque (1400831) | more than 2 years ago | (#38628658)

You only get thrown into federal prison for doing illegal things.

Re:How Not to be Seen (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38628710)

Everyone has done something illegal. They might not know it and it might not have been immoral. As long as you can monitor everything they do you can find a reason to send them to jail if they start to express 'undesirable' opinions.

Re:How Not to be Seen (0)

Anonymous Coward | more than 2 years ago | (#38628802)

This must be why that pesky "legalese" term 'False Imprisonment' exists, then, right?

Re:How Not to be Seen (4, Funny)

Anonymous Coward | more than 2 years ago | (#38628816)

You only get thrown into federal prison for doing illegal things.

But innocent people have nothing to hide!

Manan Kakkar could be less of an idiot (0, Insightful)

Anonymous Coward | more than 2 years ago | (#38628402)

It is so stupid of Manan Kakkar to have totally ignored the issue and come up with a centralised biased opinion against Apple with the statement: "If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?."

Such an uninformed idiot to not have noticed, how serious the issue but rather wants to gain publicity by making this, big against Apple.

Ridiculous

Re:Manan Kakkar could be less of an idiot (4, Insightful)

geoskd (321194) | more than 2 years ago | (#38628502)

"If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?."

Such an uninformed idiot to not have noticed, how serious the issue but rather wants to gain publicity by making this, big against Apple.

Ridiculous

This is not at all unfair to single out apple in this. It has been apparent for some time that M$ would sell their users security to the highest bidder. Nokia and Rim don't make desktop software, so that leaves apple providing a backdoor on one platform as perfectly viable evidence that they would do this on their other major platform, especially since the two share a significant codebase. The revelation here isn't that only apple would do this, its that apple would do this, and risk their brand at all. All the other players had a bad reputation to start. The big question is: What has google done?

-=Geoskd

Re:Manan Kakkar could be less of an idiot (1)

celle (906675) | more than 2 years ago | (#38628600)

Google was already exposed last year by Chinese hackers.

Re:Manan Kakkar could be less of an idiot (0)

Anonymous Coward | more than 2 years ago | (#38628702)

It has been apparent for some time that M$ would sell their users security to the highest bidder.
 
Cite please?

Re:Manan Kakkar could be less of an idiot (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38628508)

Nice fanboi response. It has really become a religion.

Re:Manan Kakkar could be less of an idiot (0)

Anonymous Coward | more than 2 years ago | (#38628584)

Oh, lighting fast ad hominem from Anonymous Coward.. The fact is that Apple equips industrial spyware the CarrierIQ on iPhone 4, of course it is turned off by default [arstechnica.com].. or whatever they are saying on the matter now.

Some details on Manan Kackar (0)

Anonymous Coward | more than 2 years ago | (#38628612)

Manan Kakkar is a total Microsoft fan.

"[...] Proud to be a Windows Desktop Experience MVP.

I’ve had more luck with gadgets than girls. So till things even out, I am sleeping with gadgets.

I cover Indian IT for ZDNet, write about technology for Techie Buzz and irregularly do a podcast called Microsoft Talk. I used to be the editor for The Next Web's Microsoft channel.
[...]
Apple’s scorecard of WP7 inspirations and being a Windows Phone user using an iPhone, my first reaction was Apple copied Microsoft.[...]"

http://www.beingmanan.com/ [beingmanan.com]

Disgusting :D

Re:Manan Kakkar could be less of an idiot (4, Interesting)

amiga3D (567632) | more than 2 years ago | (#38628642)

I think we can safely assume any closed operating system is backdoored. If I was a foriegn government I'd never use an operating system that I couldn't compile from source myself. I think this is one reason that MS was let off from the Fedreal Lawsuit so easily, so they could aid in surveillance. It makes sense, if I was in their shoes I'd do the same.

... well that's one reason open source is superior (5, Insightful)

Karmashock (2415832) | more than 2 years ago | (#38628418)

I'm not a huge open source guru. I have nothing against it and I use open source software all the time. But I'm not a zealot on the subject. Still... this is unacceptable. If I buy a bit of software from apple or microsoft, it has to be understood that I control the security. I bought the OS. I bought the machine. I own that license. if they're going behind my back to sell my security to a third party... then I consider that a breach of contract and I'm really not amused.

If this is valid... and it hasn't been confirmed yet... then anyone that signed that agreement is untrustworthy.

Nothing else to say on the matter.

Re:... well that's one reason open source is super (0)

Anonymous Coward | more than 2 years ago | (#38628460)

This is what lawsuits are used for.

Re:... well that's one reason open source is super (2)

Opportunist (166417) | more than 2 years ago | (#38628498)

Huh? How has a government or large corporation been wronged?

Re:... well that's one reason open source is super (1)

houghi (78078) | more than 2 years ago | (#38628736)

The memo was leaked. That shows a bad sign on the companies and government. So they are wronged by leaking the memo.
The best way OBVIOUSLY is to forbid the leaking of memo's. Right?

Re:... well that's one reason open source is super (1)

Anonymous Coward | more than 2 years ago | (#38628468)

What did you "sign" when you click through the EULA? (e.g. "You agree that we can share information gathered from you with our affiliates . . . etc etc etc" )

Re:... well that's one reason open source is super (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38628478)

Unless you've personally verified every single line of code in the OS, you're not really better off. You've just hoping that others have verified every single line of code, and unless you've verified that they're all trustworthy, you're just hoping that's true, too.

...and in case anyone's thinking this is an astroturf troll, I use Linux, not Windows or Mac. I've exclusively used Linux for 11 years now.

Re:... well that's one reason open source is super (5, Insightful)

Opportunist (166417) | more than 2 years ago | (#38628514)

Well, you're slightly better off. Unless you expect a global conspiracy where every person who ever read the code and would talk about it has been bought or silenced.

The key is that it's heaps harder to slip a backdoor into OSS simply because far more people can (and do) examine it. The chance that someone finds it and reports it is simply by some margin higher.

Re:... well that's one reason open source is super (5, Insightful)

gutnor (872759) | more than 2 years ago | (#38628768)

No need for global conspiracy. You don't control what code is used to build your Android handset. The handset maker just tell you what base version they used and you need to trust them. Even on a vanilla Galaxy Nexus that would be trivial to slip a backdoor.

Re:... well that's one reason open source is super (4, Informative)

MadKeithV (102058) | more than 2 years ago | (#38628604)

Unless you've personally verified every single line of code in the OS, you're not really better off.

Even if you do, you're not sure. Your compiler may be compromised. See: Reflections on trusting trust. [cmu.edu]

Re:... well that's one reason open source is super (2)

amiga3D (567632) | more than 2 years ago | (#38628686)

This is borderline FUD. Yes it's possible to poison the code but with a proprietary closed system it's damn near certain you're backdoored. If for nothing else than for the company who sells the software to keep tabs on it. It's in their best interests not to sell you out because loss of credibility means loss of revenue but if the stakes are high enough they can be persuaded. For this reason it's not a problem for the average Joe usually but if you have anything you want kept secure and the stakes are high you'd be a fool to rely on your proprietary OS being secure. Risk management rules apply.

Re:... well that's one reason open source is super (1)

gutnor (872759) | more than 2 years ago | (#38628720)

And then, you have to build it yourself (preferably with a compiler you have built yourself too).

Really Android is open source, sure. But the Android handset run custom proprietary drivers and a layer on top of it and then, even for the open source part, you cannot really tell what was used to build them. So unless you install your own build at home Android version (including drivers), it is not better than any other system (from that point of view).

Re:... well that's one reason open source is super (1)

Joce640k (829181) | more than 2 years ago | (#38628770)

Maybe if you *write* your own compiler you'd be safe, but building it doesn't protect you from anything. The compiler you're using to compile the compiler might be compromised.

(Yes, it's been done...)

Re:... well that's one reason open source is super (4, Insightful)

timholman (71886) | more than 2 years ago | (#38628808)

Unless you've personally verified every single line of code in the OS, you're not really better off. You're just hoping that others have verified every single line of code, and unless you've verified that they're all trustworthy, you're just hoping that's true, too.

Exactly. Even the open source community is built on a massive foundation of blind trust, because perhaps one user in a hundred thousand will actually look at the source. Otherwise, no matter if it's open or closed, the average user says, "That looks neat, I'm gonna install that".

A personal anecdote: my open source theft recovery package for Macs has several thousand users. All of the source (with comments) is bundled with the installer, yet I often get questions from users about what the program does "under the hood", when they could easily learn the answer themselves by reading the source code.

The overwhelming majority of users seem to like open source because it's free, not because it is theoretically more secure. I might have been collecting private information from the users of my program for the past three years, and I often wonder if a single one of them would have bothered to check the source in all that time.

The best attack vector for any malware is incredibly simple: bundle it into something useful, and then give it away. You can guarantee that some people will install it (for the same reason they'll pick up and use a "lost" USB memory stick), because it is human nature to want to take advantage of something that is freely given.

Re:... well that's one reason open source is super (5, Insightful)

Yvanhoe (564877) | more than 2 years ago | (#38628480)

You know, your argumented and reasonable stance on this problem is what led many "open source zealots" like me into their present situation. In a functional legal environment you could use proprietary software and assume that such a breach of confidence would have so serious consequences for the companies involved that no one would dare to take the risk to put a backdoor in their software or to even make it possible. This is not however the case, this affair is one of many (CarrierIQ, Echelon, illegal-later-legalized wiretapping, Bluecoat, Amesys, etc...) and the only cure seems to use open source everywhere a backdoor could exist. And that means, mostly, everywhere.

Anyway, I like how you present it : "I'm not an open source zealot, I'm merely an opponent to secret backdoors"

Re:... well that's one reason open source is super (3, Insightful)

Kikuchi (1709032) | more than 2 years ago | (#38628482)

If I buy a bit of software from apple or microsoft, it has to be understood that I control the security. I bought the OS. I bought the machine. I own that license.

HaHaHaHaHa, HoHoHoHoHo, HaHa, Hoooo....

Eh, turn your keyboard around, gullible is written under it.

Re:... well that's one reason open source is super (0)

Anonymous Coward | more than 2 years ago | (#38628488)

I get your point, but if you think that "open source" is any kind of guarantee of security, you are sadly mistaken. Do you trust that the binaries supplied are not tampered with? Have you, or someone you trust, personally audited the code?

And how about the toolchain? If you haven't read it yet, I highly recommend Reflections on Trusting Trust [bell-labs.com] by Ken Thompson. Prepare to lie awake at night...

Re:... well that's one reason open source is super (2)

amiga3D (567632) | more than 2 years ago | (#38628708)

IF I was involved in anything where security was paramount. I mean here life or death basically. I'd certainly need to be sure of all my code and that would mean analyzing and compiling code. As for my own, individual security I feel more comfortable with a linux distro. It might be backdoored but I'm absolutely certain that Windows is compromised and I'm almost as sure about OS X.

Re:... well that's one reason open source is super (0)

Anonymous Coward | more than 2 years ago | (#38628580)

You are forgetting that these companies are making hardware, not just software.

This is quite serious since if this trend continues, liberating projects such as Tor may become ineffective against repressive regimes.

Re:... well that's one reason open source is super (0)

Anonymous Coward | more than 2 years ago | (#38628586)

When someone with OSX goes to prison because of info passed along to US government, it's a very small comfort that they can get their OSX licence money back because a breach of contract.

Re:... well that's one reason open source is super (4, Informative)

rawler (1005089) | more than 2 years ago | (#38628616)

I bought the OS. I bought the machine.

Technically, while you bought the hardware, you did not buy the OS.

With the machine, you've got the right to do whatever you please with. (Modify, lease ...) Not so with the OS you believe you purchased.

Typically with proprietary software, you only buy a license to use it as-is, and you are not even entitled to study how it works, or even look for backdoors.

IMHO, this is the major problem with proprietary software, and an outrage that such agreements have any legal stance in a free-market society.

Re:... well that's one reason open source is super (0)

Anonymous Coward | more than 2 years ago | (#38628766)

If I buy a bit of software from apple or microsoft, it has to be understood that I control the security. I bought the OS. I bought the machine. I own that license.

You ssem to be laboring under a misconception. You do not OWN the software and there are conditions on the LICENSE TO USE THE SOFTWARE. You may own the machine, but you do not own the OS and you do not own the software. You have a license to use both and you have agreed to conditions of use spelled out in that license which include, in almost every case, the fact that the agreement can be changed by the licensor at any time for any reason and may include agreement by you to allow this kind of access.

You really should learn about how the software licensing and business works.

Re:... well that's one reason open source is super (3, Informative)

Bert64 (520050) | more than 2 years ago | (#38628826)

Nothing has to be understood, you didn't buy the software you are renting it and the license agreement says so... It also says that you have no comeback against the company providing it. If you didn't like those terms, then you shouldn't have accepted them.

Companies exist to make profit, its only logical that they would sell you (a small fry) out to a large government willing to pay a lot more money and open up a potentially huge market to them. This is what companies do, welcome to capitalism.

Probably not just Apple (5, Insightful)

Tangential (266113) | more than 2 years ago | (#38628424)

Is there any reason to believe that governments wouldn't put pressure on all OS vendors, telecom providers, etc that wanted to sell into their countries to do something like that? I'd be very surprised if very many cellphones so in the USA don't have a way in for the Feds.

At the same time, if you are concerned about the possibility of backdoors, it's awfully easy to bury one in deep in some standard hardware component that user space processes and most of the OS don't normally interract with. Since most of our cellphones and PCs (and GPSs and media boxes and cameras and ...) originate in China, what are the odds that they are not all compromised?

Re:Probably not just Apple (1)

bejiitas_wrath (825021) | more than 2 years ago | (#38628440)

It would be very hard indeed to check the code that has been burned into a chip and is running some spy software, unless you could pull apart an Iphone 4s and analyse the whole circuitry and firmware for the backdoors code. I am not sure how difficult that would be, surely more than just a logic probe and some spare time.

Re:Probably not just Apple (4, Insightful)

geoskd (321194) | more than 2 years ago | (#38628540)

It would be very hard indeed to check the code that has been burned into a chip and is running some spy software, unless you could pull apart an Iphone 4s and analyze the whole circuitry and firmware for the back-doors code. I am not sure how difficult that would be, surely more than just a logic probe and some spare time.

Putting in a "hardware" backdoor of that nature would be exceptionally difficult. You would have to know all kinds of things about the whole system, not just the chip your company is responsible for. That was why Stuxnet was such a big deal. Putting a backdoor into a piece of equipment is easy. Putting it to use in anything more complex than a toaster oven will be very difficult and require massive knowledge of the total system. Hell, even for all its sophistication, Stuxnet still failed to go unnoticed. There are just too many ways that it fails, and causes someone to go see why their system is behaving odd. All it takes is one person at the device manufacturer to start digging into a consistent equipment failure, and soon the light is revealed. You basically need a bunch of spies on the ground at the device designer to tell you what chip sets they're using, what interconnects, what OS, what extra software... It would be far easier to just put a sleeper on the ground to put your backdoor in the software.

-=Geoskd

Re:Probably not just Apple (1)

burne (686114) | more than 2 years ago | (#38628648)

OT: You assume it was the intent of the people who wrote Stuxnet to ransack a nuclear facility without anybody noticing?

Bias... (1)

Anonymous Coward | more than 2 years ago | (#38628466)

Why do you think China is the only one compromising our chips?

Re:Probably not just Apple (5, Insightful)

SuricouRaven (1897204) | more than 2 years ago | (#38628500)

I doubt many cellphones in the USA have backdoors for the government. Why would they need to, when the FBI, CIA and NSA all have access to direct fiber taps into the network backbone and presumably have been given the keys to go along with it? Backdoors in phones might be detected, but just getting the carriers to cooperate in permitting decryption and monitoring of network traffic is much safer - plus it lets them intercept the traffic of travelers who bring a phone purchased outside the US too.

Re:Probably not just Apple (3, Insightful)

garaged (579941) | more than 2 years ago | (#38628820)

It is a convenience for when carrier wont give real time access or cant do it, also not everythin passes thru carrier, and people can be tracked better when offline but phone still powered up

Re:Probably not just Apple (1)

ciantic (626550) | more than 2 years ago | (#38628518)

I'd be very surprised if very many cellphones so in the USA don't have a way in for the Feds.

I'd wager that they don't have to, instead they might have a access to cellular networks. Amount of phones out there, the chances are the backdoor will be found is immense, why would they risk it that way? Direct access as middle man in cellular networks is next to impossible to proof by hobbyists and alike.

Re:Probably not just Apple (0)

Anonymous Coward | more than 2 years ago | (#38628528)

Are you just as drunk as the writer of TFS?

Since when is "mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA")" NOT "probably not just Apple"??

I hate Apple as much as the next guy, but I have no idea why Apple is picked out specifically, and why you apparently didn't even read TFS or why the writer of TFHeadline didn't read it either...
(Yeah, I must be new here, I know. :P)

Re:Probably not just Apple (1)

hoboroadie (1726896) | more than 2 years ago | (#38628652)

I have always assumed that any chip available to the tax-payers would have remote command-and-control built into it, (for public safety). The price of Freedom is Eternal Vigilance.-The NSA never sleeps.

Re:Probably not just Apple (2)

Sponge Bath (413667) | more than 2 years ago | (#38628764)

The NSA never sleeps.

They know who's naughty and nice. I leave them cookies and milk so I don't get coal in my stocking.

Just stop trusting closed source software (0, Insightful)

Anonymous Coward | more than 2 years ago | (#38628428)

Just stop trusting closed source software and companies already!

Re:Just stop trusting closed source software (1)

Anonymous Coward | more than 2 years ago | (#38628452)

what about hardware?

Awesome headline. (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38628438)

How RIM, Nokia and Apple becomes just Apple is beyond me. Magic?

Re:Awesome headline. (4, Informative)

deniable (76198) | more than 2 years ago | (#38628462)

Nobody cares about RIM and Americans don't care about Nokia.

Re:Awesome headline. (1)

Anonymous Coward | more than 2 years ago | (#38628492)

I'd say using Apple in the headline makes for more clicks, but that's just me...

Re:Awesome headline. (1)

fred911 (83970) | more than 2 years ago | (#38628494)

After the death of Ericson and my old tdma Startac, I haven't owned anything but Nokia. I'm American.

Re:Awesome headline. (0)

Anonymous Coward | more than 2 years ago | (#38628542)

After the death of Ericson and my old tdma Startac, I haven't owned anything but Nokia. I'm American.

My condolences.

Re:Awesome headline. (3, Insightful)

paimin (656338) | more than 2 years ago | (#38628490)

Not only that, it's "mobile device makers, including RIM, Nokia, and Apple". Who else? I smell Android fanboy.

Re:Awesome headline. (0)

Anonymous Coward | more than 2 years ago | (#38628646)

> Who else?

Ask the author of the original document [imgur.com], he's the "Android fanboy" you're looking for.

... allowing the stay of mobile device manufacturers: RIM, NOKIA, APPLE etc., (RINOA) ...

Well, I assumed it anyway. (0)

Anonymous Coward | more than 2 years ago | (#38628444)

As if it was any different anywhere else...

That's what you get for using closed crap, biatches!
Natural selection is at it again!

Only open source can be secure (3, Insightful)

Jazari (2006634) | more than 2 years ago | (#38628456)

The only way to be reasonably sure of security is by using open source encryption (TrueCrypt, PGP). If you're only using a "black box" system to protect your information, you should expect that governments (and crime syndicates who can bribe individual government employees) will have access to your information.

What's surprising is that anyone with secrets worth protecting doesn't already know this, or hasn't already hired someone competent enough to tell them this.

Re:Only open source can be secure (5, Insightful)

OneMadMuppet (1329291) | more than 2 years ago | (#38628818)

No. As soon as you decrypt anything to use/view it on a compromised system then that data is compromised, as is any other data using the same key. Anyone with secrets worth protecting shouldn't be storing them on a phone or accessing them from an insecure device.

News from a twit. (5, Insightful)

slasho81 (455509) | more than 2 years ago | (#38628458)

This smells of bullshit. Now a tweet and a few images are considered legit news? Couldn't just one journalist or blogger pick up the phone and get the "RINOA" comment on the matter? Or is it just easier to post conspiracy-laden speculation ending with a giant question mark?

And where else? (1)

Anonymous Coward | more than 2 years ago | (#38628558)

Wouldn't the governments and companies involved just deny all accusations?

However, a true proof would be finding and preferably exploiting that backdoor.

Re:And where else? (1)

garaged (579941) | more than 2 years ago | (#38628836)

Have you seen any version of iOS/macosx/windows not being actively exploited with some trivial tool? You need to get out more if you have

Re:News from a twit. (4, Funny)

Dunbal (464142) | more than 2 years ago | (#38628696)

Now a tweet and a few images are considered legit news?

You're right. We're completely missing the celebrity angle here. What does Lady Gaga think about all this? /sarcasm

Re:News from a twit. (0)

Anonymous Coward | more than 2 years ago | (#38628738)

By 'twit', do you mean the tweet, or Timothy?

Rest of the world. (0)

Anonymous Coward | more than 2 years ago | (#38628474)

How long you think this will take to be implemented in USA and the rest of the world? Honestly I doubt there isn't a backdoor in android, windows, etc, it is just a target too good for someone as the government of almost any country. When it becomes viable I don't see why they wouldn’t do it at hardware level on PCs (UEFI seems a good target to me) and so on.
I would say that FOSS software would solve it but it would just move the problem to somewhere else, the problem is not the software being non-free, it is that there are people willing to do that kind of surveillance, and if they couldn’t do it via software they would find another way.

THIS is VERY SERIOUS allegation! (0)

Anonymous Coward | more than 2 years ago | (#38628486)

THIS is VERY SERIOUS allegation!!! If it gets found out that OS X has a government backdoor, I'm immediately selling my Mac Book Pro & iPhone a go bare bones, off the grid, just like John Connor...

Why the RIM logo? (1)

killfixx (148785) | more than 2 years ago | (#38628496)

I understand that RIM is mentioned in he article, but this is an Apple focused story.

Re:Why the RIM logo? (0)

Anonymous Coward | more than 2 years ago | (#38628614)

Not its not an Apple focused story (but since this is slashdot we have made it one). And it probably should be a Blackberry focused one since the Indian government (and several others) threatend to ban Blackberry because of their encrypted mail/messaging system see http://www.bbc.co.uk/news/technology-10951607

Open source is no protection (0)

Anonymous Coward | more than 2 years ago | (#38628504)

Open source is not much protection against spyware. Any device that has automatic upgrades of any description - open source or otherwise - are open to simple spyware installs with a subsequent upgrade to cover the tracks.

What about Israel? (-1)

Anonymous Coward | more than 2 years ago | (#38628506)

Israel said it will treat credit card theft as equivalent to terrorism, only yesterday and announced it would stop at nothing to response.

Did Symantec give Israel source code to its anti-virus software? Did Apple give is OS code? or Microsoft give is access to Windows OS source?

I doubt Israel would limit hacking computers and other espionage at mere credit card theft, what is they use it against critics the same way India did? What if they see holes in Windows from the source, then use it against America, or US politicians?

Re:What about Israel? (-1)

Anonymous Coward | more than 2 years ago | (#38628536)

Are you stupid?

Seriously, guys (4, Insightful)

muecksteiner (102093) | more than 2 years ago | (#38628520)

How can anyone be so naive to assume that any system that is commercially produced in large numbers these days does *not* have in-built backdoors for the alphabet soup agencies? Living under a rock much, are we?

Same goes for Google, Facebook and all the rest. If you, even for one second, assume that the three letter agencies do not have permanent liaison staff at the HQs of these companies, and are not free to browse the data accumulated by these companies at will (including specially built data mining apps that cater for their needs, and their needs alone), you are seriously deluded.

Sorry to put it this bluntly, but reality can be a bit harsh at times.

The only real question is what to do about this status quo, and whether it is both possible, or realistic, to ever change it. All things considering, our society is arguably (still) the most free society on the planet. "They" are listening to everything, which is most definitely not the way it should be. But then, "they" have also not been hugely disruptive of discourse within society so far - mainly, I would wager, because "they" are mostly fairly normal citizens who work for the *** agencies. In particular, "they" are not a pampered, segregated elite of any sort, e.g. like the IT minions of the investment banking crooks^H^H^H^H^H^Hcrowd, or the secret service bastards of the former communist countries (who enjoyed considerable privileges beyond what normal citizens ever got). Rather, due to the never-too-stellar payment schemes of government services, the people in charge of all this are, by and large, fairly normal people. Most of them, at least. To quite some degree, I would wager that we can fairly safely count on that sort of people not being all too willing to cooperate in the creation of an actively evil 1984-ish state (as opposed to the passively listening one we have at the moment).

This is not to say that these developments are in any way positive. Nor is it to say that we should just roll over, and stop fighting developments like that. No way. We need to sharpen our instincts for (as it were) "digital freedom" much, much more. But as a part of this, we also need to be realistic about the status quo. Which is currently... odd: theoretically fairly evil, but in practice, apparently still fairly manageable.

Just my 0.2$

A.

Re:Seriously, guys (1)

kthreadd (1558445) | more than 2 years ago | (#38628570)

How can anyone be so naive to assume that any system that is commercially produced in large numbers these days does *not* have in-built backdoors for the alphabet soup agencies? Living under a rock much, are we?

Because of the huge lawsuit that will follow once it backfires.

Re:Seriously, guys (2)

muecksteiner (102093) | more than 2 years ago | (#38628670)

How can anyone be so naive to assume that any system that is commercially produced in large numbers these days does *not* have in-built backdoors for the alphabet soup agencies? Living under a rock much, are we?

Because of the huge lawsuit that will follow once it backfires.

Which of course is only a valid objection if said backdoors are reliably traceable to the perpetrators. But if one of the *** agencies orders a company X to place such a backdoor in a product, you can bet that every last bit of discussion about this activity is an official secret, removed from public scrutiny for at least several decades. Good luck with "proving" anything in this regard, even in court.

And without any proof, good luck with having this publicly backfire on the *** agencies in any measurable way. It's not like these chaps are so stupid to put encryption keys that actually start with "NSA_" in shipping OS releases anymore.

Re:Seriously, guys (1)

AHuxley (892839) | more than 2 years ago | (#38628700)

My guess is that some people believe that because they have been invited to enough code conferences and seen how good the presented math is that ships in sub systems on their toy devices -
1) Nobody could keep backdoors secret from all the smart hackers in any shipping closed code...
2) Nobody could keep backdoors secret from all the smart developers in open source code...
2.5) Nobody could ship a software layer between the keypad and https...
3) They view leaking encryption sold to Iran, the NSA deal with IBM, the wide use of spyware deep in some EU telco systems ect. as very historical or exposed and fixed.
4) Company X is my friend as they fully support open source code, are not MS/Apple, changed they way "I" use a computer thats now cheap, useful, safe and open...
5) They trust the dual use idea, its not sending data back, its just for network quality, you can turn it off, not shipping it anymore, they destroyed all the collected data, it was a beta test, it was a third party, a mistake ... ect. Add in the life changing joy that the Cyber Security Industrial Complex might have guided them for a PhD, got them a 'free' math/code study trip to another part of the world, got them a very good job, got them a security clearance, then on to very compartmentalised consulting work - just like their parents.

More details on the back-door (0)

Anonymous Coward | more than 2 years ago | (#38628526)

This back-door is available for Secret Service, among others. It can access your phone remotely and delete things without you knowing it even took place. Don't ask me how I got this info. If you are in doubt, verify it with other sources. The NSA-key incident shows Windows has something similar. Apple, Windows or the cloud(doh!) can't be trusted with secure information for any government except maybe USA. But, who's to say that China hasn't got copies of the source-code for Windows or Apple products? How many Chinese computer-experts does it take to reverse engineer these products? How cheap is it to hire these people in China? The people who made these back-doors depended on security by obscurity. Stupid people often make the false assumption that they are smart. It's not the last time you see something like this. Some might say that the solution is not to connect it to the Internet. The problem is that at CD or Thumb-drive with some new hacking software can compromise those systems with ease. You see, an unconnected system is not up to date security-wise.

I could have made a good career protecting secrets. But, I saw ahead. I chose a different path. Although trying to protect secrets might seem like easy and good money, it's the opposite. Transparency and accountability is the key. Say what you're doing, and don't do stuff that will enrage the public. I hope the world gives this a try some day. Although, I hardly expect it. Smart-phones are today the equivalent of a cavity-search of your privacy. People get that, and loathe their governments in return. Then we get protests in the streets. Not about this particular issue, but a general sentiment that everything is wrong with the government.

Treason or not? (3, Interesting)

Saphati (698453) | more than 2 years ago | (#38628532)

If a person were to help another government gain access to confidential data, it would be called treason. If APPLE or Nokia does it, it is OK? Can someone please explain that?

Re:Treason or not? (1)

GameboyRMH (1153867) | more than 2 years ago | (#38628786)

I suppose Apple could be charged with treason since they're a US-based company, the others, not so much...

Who'd have thought? (4, Interesting)

Arancaytar (966377) | more than 2 years ago | (#38628554)

The shiny backdoors the US government was so keen on to spy on its own citizens are also used by foreign governments to spy on the US government. Maybe security and privacy is worth something after all.

Not a surprise, but the issue is more complicated (5, Insightful)

gweihir (88907) | more than 2 years ago | (#38628582)

And face it, the worst is not the possible surveillance by the ones that originally placed this. These people did invest significantly to place and hide the backdoor. They will use information gained from it only sparingly, to protect the source. After all, if they are caught possessing information that they can only have gotten this way, the backdoor becomes worthless.

IMO the real problem is if the backdoor can be used by others that do not have to protect their investment or respect laws (however flimsy). For an example of surveillance software made by people without much of a clue about security, look to the German "Bundestrojaner", recently analyzed by the CCC. Severe flaws include no authentication or encryption on data transfer, a hard-coded AES key that seems to be the same in all instances used for command transfer (still no authentication), and data-transfer via a foreign server (which is likely illegal). In addition, these cretins are of course not liable if somebody uses their backdoor and likely will not even notice.

Same old story: For a few temporary small benefits, people are willing to accept enormous potential damage. That is my personal definition of evil.

On the protection side: Use reputed open-source. There is at least some chance that somebody will notice a backdoor and that the person will not be easy to silence. And once somebody has found such a problem, anybody can verify it. Not so with closed-source. There it would be a lot more difficult to find anything, and then to get taken seriously as others cannot easily verify a finding. Some postings here already demonstrate that problem. In addition, use restrictive firewall settings and encryption. Difficult to do in a mobile setting, I know, so as a last measure, do not trust any device not under your own system-administration. In particular, do not trust any mobile phone or similar system. You may also want to add markers to any document you do put on potentially backdoored devices, so you can identify the source. This last step also helps against insiders leaking data.

Of course, if your secrets are transient and not worth risking the backdoor for (even fore a 3rd party user of said backdoor), then you are probably reasonably secure. This should apply to most people for private use.

It's all just "Lawful Interception" . . . (4, Informative)

PolygamousRanchKid (1290638) | more than 2 years ago | (#38628594)

Nothing new here: http://en.wikipedia.org/wiki/Lawful_interception [wikipedia.org]

You may not like that, but that's the way it is. Communications providers can be forced to provide back doors for "legal spying" by governments. All governments know this, and use other methods to protect "sensitive" communications. Any other stuff is, well, who cares?

Incoming... (-1, Troll)

Anonymous Coward | more than 2 years ago | (#38628624)

...fanbois to defend Apple....

Steve Jobs and Apple are far worse than MS ever was...too many are blind to it tho!

How long until US condemns (1)

gorbachev (512743) | more than 2 years ago | (#38628640)

I'm just waiting for my ironymeter to jump to 11 when the US Government condemns the spying.

Re:How long until US condemns (0)

Anonymous Coward | more than 2 years ago | (#38628798)

Please explain in detail why it would be ironic. Ensure you include a definition of irony and point out exactly where the irony occurs.

"Liberated"? (3, Insightful)

cbraescu1 (180267) | more than 2 years ago | (#38628644)

an internal memo of India's Military Intelligence that has been liberated by hackers

Let's set the record straight: that memo was stolen.

Hardware backdoors always been in Apple products (1, Interesting)

Anonymous Coward | more than 2 years ago | (#38628810)

"If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?"

Yes and no. It's called 1394 (Firewire), and it has DMA access to read/write anything it wants, which includes retrieving encryption keys from ram of a running system, or tweaking a few bits here and there to kill a locked screensaver, for example.

When you read papers on high security environments that disable hardware ports by filling them with epoxy etc., this is what they are trying to stop (aside from obvious uses like copying files to something like a thumbdrive).

Enjoy! :)

Did they give Israel special access? (0)

Anonymous Coward | more than 2 years ago | (#38628834)

If they gave India special access, then presumably they gave Israel special access!

So does Israel have the same ability to intercept comms that India apparently has? What about source code? Did Microsoft let Israel see Windows source code thus exposing Windows users to Israeli cyber-attack? Or OSX for that matter?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...