Quantcast
Connect with us

Was Apple security ‘flaw’ actually a NSA backdoor?

Published

on

Among the first documents leaked by onetime government contractor Edward Snowden was a slide listing companies the National Security Agency tapped into to help them conduct their secret PRISM spying program. Not surprisingly, the list is rich with giant tech firms: Microsoft, Yahoo, Google, Facebook — and Apple. According to the slide, the NSA broke into Apple’s data in October 2012.

ADVERTISEMENT

A month ago, Snowden revealed new documents showing the NSA had conducted espionage on iPhones with a program dubbed DROPOUT JEEP, which allowed the agency access to text messages, voicemails and other personal data. (Video regarding that program appears below.)

Here’s where it gets interesting.

Last week, Apple announced that it had discovered a majority security flaw in its OS operating system. The flaw, called “Gotofail,” allowed hackers or other actors — including spies — to access to theoretically secure data transmitted through wireless connections or along a shared network. Such data included that sent through SSL, a method  employed by websites to protect credit card numbers and other personal information when establishing a connection between a customer and a merchant’s point of sale.

The flaw was a simple one, a mistake in a line of code. Just an “if” clause, nested deep within lines of code.

ADVERTISEMENT

Over the weekend, coding experts examined the timeline of the NSA’s penetration of Apple’s data and the date the flaw first emerged. They made a curious discovery: that the flaw appeared in Apple’s code just a month before the NSA internally reported success in hacking Apple. Fortune’s Phillip Elmer-DeWitt reports:

* Sept. 24, 2012: iOS 6.0 is released
* Oct. 2012: Apple is added to the NSA’s list of penetrated servers
* Dec. 1, 2012 to May 31, 2013: Apple receives 4,000 to 5,000 requests about 9,000 to
10,000 accounts and devices. (Per “Apple’s Commitment to Customer Privacy“.)

One coder, Dancing Fireball‘s John Gruber, got down to the nitty gritty. Taking great pains to note the evidence was circumstantial, he nevertheless drew attention to the following facts. 1) The flaw first emerged in iOS 6.0, 2) iOS 6.0 was released publicly on Sept. 24, 2012, and 3)  Snowden’s NSA slide has the agency tapping into Apple’s customers a month later.

ADVERTISEMENT



“These three facts prove nothing; it’s purely circumstantial,” Gruber wrote. “But the shoe fits.”

“Sure would be interesting to know who added that spurious line of code to the file,” he continued. “Conspiratorially, one could suppose the NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer. It looks like the sort of bug that could result from a merge gone bad, duplicating the goto fail; line.

ADVERTISEMENT

But “once the bug was in place, the NSA wouldn’t even have needed to find the bug by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets “added” to PRISM. ([It] wasn’t even necessarily a fast turnaround — the NSA could have discovered the vulnerability over the summer, while iOS 6 was in developer program beta testing.)”

Highlighting Gruber’s post, another Apple-focused blogger said the timeline for the emergence of the security flaw was puzzling.

“Again, all of this is circumstantial and speculative, and Apple has come out numerous times vehemently denying its involvement in any NSA program,” iDownloadblog’s Cody Lee wrote earlier today. “But the timing is rather odd, and it makes you wonder how such a serious bug went undiscovered for over a year.”

ADVERTISEMENT

As Lee noted, Apple has repeatedly denied cooperating with the NSA in any fashion.

“Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone,” Apple said in a January statement. “Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.”

Apple released a patch Friday to fix the security bug for iPhones, iPads and iPod touches. It remains open on OS X for the Mac.

More information on the NSA’s DROPOUT JEEP program appears below.

ADVERTISEMENT

 

 


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

Here are 3 moves a desperate Trump will likely attempt in order to cling to power

Published

on

In a column for the Daily Beast, political observer Micheal Tomasky speculated -- and not without good reason -- that a frantic Donald Trump will do anything to remain in office and thereby avoid being slammed with criminal indictments once he departs the Oval Office for good..

As the columnist explained, impeachment seems inevitable and the president will likely take desperate measures and that he has already given hints about three paths he may take -- if not all of them.

Tomasky wrote, "It’s foolish to say that Trump thinks ahead about anything. The late journalist Wayne Barrett said many true things about Trump, but the truest ever was when he observed that Trump says whatever will get him through the next 10 minutes," before adding, "People around him of course are more strategic and are thinking ahead. And they’re all saying and doing and writing things right now that will, if the opportunity presents itself, pave the way for Trump to burn the Constitution."

Continue Reading

Breaking Banner

Pentagon says up to 1,000 US troops to withdraw from northern Syria

Published

on

The Pentagon said Sunday President Donald Trump had ordered the withdrawal of up to 1,000 troops from northern Syria -- almost the entire ground force in war-torn country -- amid an intensifying Turkish assault on Kurdish forces.

Defense Secretary Mark Esper said the move came after the US learned that Turkey was pressing further into Syria than had been expected.

And the Kurdish-led Syrian Democratic Forces (SDF) are seeking a deal with the Syrian regime and Russia to counter-attack against the Turks in the north, Esper added.

"We find ourselves as we have American forces likely caught between two opposing advancing armies and it's a very untenable situation," Esper told CBS's Face the Nation.

Continue Reading
 

Breaking Banner

Both these things can be true: Donald Trump is a criminal — and impeachment is a murky, amoral struggle

Published

on

Nancy Pelosi and Donald Trump

Nothing is clear in this moment of grave peril for America, democracy and the world, not even the things that appear obvious. We stumble around in darkness, our vision obscured, awaiting a more perfect understanding, as in the famously evocative phrase of 1 Corinthians 13:12: “For now we see through a glass, darkly; but then face to face: now I know in part; but then shall I know even as also I am known.”

This article first appeared in Salon.

Continue Reading
 
 
Help Raw Story Uncover Injustice. Join Raw Story Investigates for $1 and go ad-free.
close-image