Reading the report in detail is always interesting. Once you look beyond the usual Apple-is-so-kewl yada yada there’s a lot of interesting insight offered by the various pundits.
But one thing that truly shocked me and I not at all was expecting, is this nugget hand grenade thrown in there by Leo Laporte about what appears to be a backdoor Apple could have been forced to have installed into iOS that could have been used to exploit iOS devices for many years (five Ax chip generations in fact). I had never heard about this before. And unless it’s complete sensationalism garbage (which considering the author and Steve Gibson who he’s interviewing I kind of doubt), I have to wonder if pretty much the entire iOS/iPhone pundit world is asleep at the wheel.
And it seems pretty clear to me that Apple backdoored its own devices for someone, probably the NSA. Did they have a choice? Probably not, but it undermines the security and privacy story they want to tell.”
The most troubling implication, according to Laporte, is that Apple could easily reintroduce similar hidden access mechanisms into future iPhones without users being any the wiser. Only the barest sliver of the security community would even understand the technical details involved in such covert systems.
This part is pure speculation. There was an older story last year in June (perhaps this was the same incident?) where the FSB speculated that Apple created a backdoor to iOS at the direction of the NSA and Apple said that they never would.
Seeing as most of those targeted were staff at embassies of NATO countries, Israel, and China in Russia, it would indeed be quite odd for the NSA to be behind it all. But these days in that world, who knows what makes any sense anymore.
I don’t put a whole lot of faith into anything Apple declares about this. Apple would be required by law to deny if indeed they had been forced to implement backdoors by the US Government. Recall the reason certain organizations have started using canary-in-the-coal-mine statements is that they’re aware they can be compelled to not disclose. So in anticipation of such an event, they disclose each year there were no special requests. Then, one year when they don’t post the usual statement, the canary watchers know that organization has been compromised without them ever having to disclose anything.
Surprised that TidBITS never covered the security problem, considering how long it’s been known, how many different iPhone models were affected, and the seriousness of the hack.
And even though it does no longer work with the same procedures on updated systems, not knowing how it was created and by whom, it still leaves open that the hack is still there, but perhaps with a different trigger and changed translation method hidden elsewhere.
It appears that the hack was not “discovered” in the traditional way in the code, but rather the means to access it were revealed and reverse engineered. Highly difficult to know if it still exists elsewhere, unless another user comes forward.
I saw the news when it came out, but it was a lot of very technical detail coupled with conspiracy-theory speculation, so I couldn’t see any utility in covering it.
Systems have become so complex that I am sure there are backdoors enforced by law that are so obscure that it takes years to discover them. I’m inclined to take Apple at their word that they resist the majority of these requests but I also think one should be attentive when “backdoors” become so big that more than a hundred people or more have been compromised.
As far as conspiracies go (and there are too many of them, now) I hold the effort to conjure up a conspiracy ignores the usual, simple and successful explanation of serial stupidity.