Quantcast
Connect with us

Was Apple security ‘flaw’ actually a NSA backdoor?

Published

on

Among the first documents leaked by onetime government contractor Edward Snowden was a slide listing companies the National Security Agency tapped into to help them conduct their secret PRISM spying program. Not surprisingly, the list is rich with giant tech firms: Microsoft, Yahoo, Google, Facebook — and Apple. According to the slide, the NSA broke into Apple’s data in October 2012.

ADVERTISEMENT

A month ago, Snowden revealed new documents showing the NSA had conducted espionage on iPhones with a program dubbed DROPOUT JEEP, which allowed the agency access to text messages, voicemails and other personal data. (Video regarding that program appears below.)

Here’s where it gets interesting.

Last week, Apple announced that it had discovered a majority security flaw in its OS operating system. The flaw, called “Gotofail,” allowed hackers or other actors — including spies — to access to theoretically secure data transmitted through wireless connections or along a shared network. Such data included that sent through SSL, a method  employed by websites to protect credit card numbers and other personal information when establishing a connection between a customer and a merchant’s point of sale.

The flaw was a simple one, a mistake in a line of code. Just an “if” clause, nested deep within lines of code.

Over the weekend, coding experts examined the timeline of the NSA’s penetration of Apple’s data and the date the flaw first emerged. They made a curious discovery: that the flaw appeared in Apple’s code just a month before the NSA internally reported success in hacking Apple. Fortune’s Phillip Elmer-DeWitt reports:

ADVERTISEMENT

* Sept. 24, 2012: iOS 6.0 is released
* Oct. 2012: Apple is added to the NSA’s list of penetrated servers
* Dec. 1, 2012 to May 31, 2013: Apple receives 4,000 to 5,000 requests about 9,000 to
10,000 accounts and devices. (Per “Apple’s Commitment to Customer Privacy“.)

One coder, Dancing Fireball‘s John Gruber, got down to the nitty gritty. Taking great pains to note the evidence was circumstantial, he nevertheless drew attention to the following facts. 1) The flaw first emerged in iOS 6.0, 2) iOS 6.0 was released publicly on Sept. 24, 2012, and 3)  Snowden’s NSA slide has the agency tapping into Apple’s customers a month later.



ADVERTISEMENT

“These three facts prove nothing; it’s purely circumstantial,” Gruber wrote. “But the shoe fits.”

“Sure would be interesting to know who added that spurious line of code to the file,” he continued. “Conspiratorially, one could suppose the NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer. It looks like the sort of bug that could result from a merge gone bad, duplicating the goto fail; line.

ADVERTISEMENT

But “once the bug was in place, the NSA wouldn’t even have needed to find the bug by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets “added” to PRISM. ([It] wasn’t even necessarily a fast turnaround — the NSA could have discovered the vulnerability over the summer, while iOS 6 was in developer program beta testing.)”

Highlighting Gruber’s post, another Apple-focused blogger said the timeline for the emergence of the security flaw was puzzling.

“Again, all of this is circumstantial and speculative, and Apple has come out numerous times vehemently denying its involvement in any NSA program,” iDownloadblog’s Cody Lee wrote earlier today. “But the timing is rather odd, and it makes you wonder how such a serious bug went undiscovered for over a year.”

ADVERTISEMENT

As Lee noted, Apple has repeatedly denied cooperating with the NSA in any fashion.

“Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone,” Apple said in a January statement. “Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.”

Apple released a patch Friday to fix the security bug for iPhones, iPads and iPod touches. It remains open on OS X for the Mac.

More information on the NSA’s DROPOUT JEEP program appears below.

ADVERTISEMENT

 

 


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

Jeanine Pirro pushes conspiracy theory 2016 election interference ‘apparently’ started in Ukraine

Published

on

The United States intelligence community is united in the conclusion that it was Russia that interred in America's 2016 presidential election.

But Fox News personality Jeanine Pirro said that 2016 election interference "apparently" started in Ukraine.

The conspiracy theory underlying the false claim resulted in President Donald Trump seeking foreign election interference from Ukraine, the scandal at the heart of the impeachment inquiry.

Pirro also said Deputy Assistant Secretary of State Geoge Kent is a "bozo."

Video of Pirro's opening was posted on Twitter by President Donald Trump:

Continue Reading

2020 Election

WATCH: Pete Buttigieg surges to first place in ‘gold standard’ poll of Iowa caucuses

Published

on

South Bend Mayor Pete Buttigieg surged in a poll of Iowa released Saturday night.

The poll, by Des Moines Register, CNN and Mediacom, showed major movement in the race.

"Since September, Buttigieg has risen 16 percentage points among Iowa’s likely Democratic caucusgoers, with 25% now saying he is their first choice for president. For the first time in the Register’s Iowa Poll, he bests rivals Joe Biden, Bernie Sanders and Elizabeth Warren, who are now clustered in competition for second place and about 10 percentage points behind the South Bend, Indiana, mayor," the newspaper reported.

Continue Reading
 

Breaking Banner

Turkey launches ‘massive attacks’ on the Kurds — US military are ‘sickened’ by Trump’s betrayal: report

Published

on

Turkey launched a new offensive against the Kurds in Northern Syria, NBC chief foreign correspondent Richard Engel reported Saturday evening.

Engel hashtagged his update with #AmericanBetrayal.

"Massive attacks underway against the kurds in northern syria. No ceasefire. Total nonsenses there is," Engel reported.

President Donald Trump reportedly greenlighted the operation against the Kurds during a phone call with Turkish President Recep Tayyip Erdo?an.

"US military officials tell me they are ashamed, 'sickened.' It’s cold now outside. What about the families, and kids, out of their homes?" he wondered.

Continue Reading
 
 
Help Raw Story Uncover Injustice. Join Raw Story Investigates for $1 and go ad-free.
close-image